Introduction and Chapter 1
Hornetsecurity recently published their Cyber Threat Report Edition 2021/22. This post will examine why cybersecurity, and the Cyber Threat Report, are relevant in today’s digital world.
Cybercrime ranks amongst the highest of threats worldwide. In the UK, we have experienced cyberattacks on public services such as healthcare and local authorities. Just looking up cyberattacks in the news confirms recent attacks on a wide range of industries, such as retail providers, snack companies, news corporations, research centres, political parties, and airlines.
The impact of these attacks is far and wide reaching. Individuals can be impacted by data breaches, fraud, and loss of products and services. On a national scale, society can be impacted by the loss of critical national infrastructure, underpinning things like financial services and emergency response services.
Chapter 1 of the Cyber Threat Report starts by examining the monetary cost of cybercrime on a global scale, which has increased by 345 billion US dollars in just 2 years. The author moves on to more thought provoking subjects: world affairs like a pandemic, global espionage, and even war, can all be accelerated by cyberattacks.
Public sector and private sector industries of all kinds have multiple attack vectors in common. The report makes the case that email is typically one such example. This can be as an ingress point for ransomware attacks, or as a means of hijacking business or official email addresses. The news search I mentioned earlier highlights the breach of an official email address within one of the world’s largest intelligence and security services. Clearly anything we use in day-to-day life with a digital footprint carries a risk of being compromised, and that’s why this report is so important.
The second chapter starts to lift the lid on the risk of email; starting out by stating that around 300 billion emails are sent every day. This number is expected to rise by a further 61.6 billion over the next 2 years, leading to an exponential rise in threats.
By analysing the email traffic of the first half of 2021, the Hornetsecurity Security Lab concluded that 40% of emails sent were classified as undesired emails. That’s potentially 120 billion unsolicited emails sent every day.
Most of these emails will already be blocked in advance, using known spam filters, known bad sender’s lists, and identifying common traits. It’s obvious that executables will be rejected, and individuals are now savvier to opening links or Excel files from unknown senders. However, as education and cybersecurity protection improves, attackers themselves are becoming more sophisticated.
Embedding web pages, downloads, and links in HTML files or PDFs is now a common attack format. The Cyber Threat Report goes into the detail behind the most-used file types in malicious emails, really showing the wide range of tools attackers have adopted.
This same trend is echoed when it comes to both the industries affected, and the type of attacks carried out by cybercriminals. Examples include phishing, spearphishing, malicious attachments, blackmail, ransom leaks, and brand impersonation.
The global covid-19 pandemic accelerated a shift towards online services, for public services like healthcare, as well as private services like shopping and banking. Although digital enablement is a good thing, it does have potential to increase the attack surface. Brand impersonation is a great example, and it’s good to see the report call out the impact of the pandemic on this type of attack vector. As expected, impersonation of brands like Amazon, DHL, and Fedex are commonly used with malicious URLs.
The final section of the second chapter talks to the rise of as-a-service offerings on the dark web, which is something I was hoping would be called out. There is a growing market for Ransomware-as-a-Service, as well as for attackers to penetrate networks or systems, and then sell that access to the highest bidder. There are several use cases for this type of transaction, it could be selling secrets to competitors, opposing governments or nation states, for criminal or monetary extortion, and so on.
The third chapter in the Cyber Threat Report breaks down Malware-as-a-Service (MaaS) further, with a compelling example. Emotet evolved from a banking trojan to a widely distributed MaaS operation, forming a network of cybercriminals. Before being disabled in early 2021, Emotet could infect a system and hijack email conversations, spreading amongst email contacts and mailbox recipients.
Emotet was eventually taken down by an international operation of law enforcement. In the aftermath, many other botnets have emerged, but none yet have the same scale. That said, the landscape is ever changing and as the report highlights, the existing customer base of Emotet’s MaaS operation still exists.
The final note for the ‘threat-highlights’ of 2021 is the Microsoft Exchange hack. Microsoft Exchange is perhaps one of the worlds widest used technologies, and an estimated 250,000 email servers were hit by attacks in March 2021.
The vulnerabilities were made up of 4 separate types, impacting multiple versions of Microsoft Exchange Server. Although an unscheduled security update was released, breaches were widespread before the patch could be fully rolled out.
It is believed the attack was carried out by a Chines state-sponsored hacker group, and in the clean-up that followed even the FBI were involved in removing traces from corporate networks to take out the risk of further attacks.
Chapter 4 and Summary
The report closes by highlighting the increase in digitalisation, as well as the number of devices and accounts, all providing opportunities for cybercrime to continue across borders and continents. As predicted, a huge increase in ransomware attacks is already starting to materialise. We’ve read throughout the report of the many and evolving attack options for cybercriminals, and the role in which email plays.
Microsoft 365 is an Office 365 suite with over 258 million active users, it provides Microsoft Exchange and other Microsoft products as Software-as-a-Service (SaaS). Whilst SaaS in general can help reduce the manual overhead of securing IT infrastructure, it doesn’t in any way rule out cyberattacks.
According to Hornetsecurity, every fourth business that uses Microsoft 365 has been affected by an email security vulnerability. Reading the Cyber Threat Report is really an eye opener for both individuals and business as to the risks we encounter, and often don’t even see, every time we carry out any form of digital interaction.
The Cyber Threat Report Edition 2021/22 from Hornetsecurity is available to download and read now.