Infoblox is pleased to publish this Q4 2020 edition of our Cyberthreat Intelligence Report.
Please register to download a copy here:
We publish these reports during the first month of each calendar quarter. This Q4 2020 report includes our publicly released threat intelligence from October 1, 2020, through December 31, 2020.
This publication provides our original research and insight into threats we observed, detailed analysis of advanced malware campaigns and analysis of recent significant attacks. In some cases, we share and expand on original research published by other security firms, industry experts and university researchers. We feel that timely information on cyberthreats is vital to protect the user community at large.
Infoblox Cyberthreat Intelligence Reports generally include research on specific threats and related data, customer impacts, analysis of campaign execution and attack chains, as well as vulnerabilities and mitigation steps. We may also share background information on the attack groups likely responsible for the particular threats under review.
The trends we have observed impacting Q4 2020 continue to evolve. In the widespread transition to cloud computing, many organizations have transferred their legacy applications to Infrastructure-as-a-Service (IaaS) and Platform-as-a-Service (PaaS) platforms. They have also expanded their use of Software-as-a-Service (SaaS) to meet enterprise application requirements, resulting in a broad distribution of sensitive information across a variety of cloud platforms. Many organizations, however, still do not have a significant security footprint around their cloud deployments. The existing enterprise security stack, including security controls such as data loss protection, cannot scale to the cloud.
New controls to secure container-based workloads, lock down cloud configurations and encrypt data in the cloud are still being deployed. Email, social media and collaborative software have created more vectors than ever for threat actors to target organizations. Infection from malware can result in the loss of sensitive data and open channels for threat actors to target more victims.
A study by the University of Maryland Clark School’s Center for Risk and Reliability and Institute for Systems Research had quantified the average rate of cyberattacks on computers with internet access as occurring every 39 seconds. Every day, government institutions and private industries must manage cyberthreats from nation state-funded attackers or their proxies. Key enablers such as Bitcoin and other cyber currencies make it much more challenging for law enforcement to identify and track threat actors.
The high number of employees teleworking during the pandemic has exacerbated the problem. Working remotely presents vulnerabilities that are more easily exploited by threat actors. Teleworkers require access to enterprise resources from multiple endpoints, including both employer-provided and personal laptops, as well as a variety of mobile devices.
However, many cybersecurity procedures and security controls used within enterprise facilities cannot provide the same level of security for remote locations. The on-premise legacy enterprise security stack will not work for remote workers without significant redesign, planning, and a move to new security controls to support distributed infrastructure and cloud deployments. Domain name system (DNS) security can be configured to protect teleworkers, but many organizations don’t yet have the additional protections and visibility that DNS security deployment would provide. The same is true for expanded threat intelligence data: it can be tremendously useful, but only if you have it!
The situation is further complicated by teleworkers who must use personal “untrusted” devices to access critical corporate resources and information. This remote access must not only be granted to employees but also to business partners and contractors. They must access resources both on-premise, behind the legacy firewall and in a multitude of SaaS, IaaS and PaaS clouds.
As of the end of 2020, many organizations have still not implemented necessary cybersecurity to protect this far more distributed user base. Email, a vital and essential tool, remains the top threat vector used to attack both government and businesses of all sizes. Despite training and warnings, users continue to open suspicious emails, both in their business and personal accounts. They click on malicious email attachments and URLs; and view websites not generally associated with business use. Proprietary business information is at risk when workers utilize personal and business instances of applications such as Office365 on the same machines, collaborate within clouds and connect to an ever-increasing number of SaaS clouds that are not work-related and not sanctioned by their IT department.
For all of these reasons and more, the cyberthreats remain alive and well. Threat actors will both innovate, adjust and sustain proven methods in 2021. Rogue nation-states and organized crime will continue to build on their offensive capabilities. Accurate intelligence about timely, relevant threats enables an organization to make thoughtful, targeted improvements to its defenses and lower its risk.
We hope you find our Quarterly Cyberthreat Intelligence Report of benefit. Subscribers to our threat intelligence products and services will receive the full reports, which provide more comprehensive data, including an in-depth list of the indicators of compromise (IOCs) for the specific campaign, as well as other timely alerts and information.
Please follow this link to download the Q4 2020 Cyberthreat Intelligence Report
If there are questions please reach out to us at https://info.infoblox.com/contact-form.