Threat actors made “notable achievements” in 2019, according to a new report analyzing trends in cybercrime.
“Their focus on improving encryption routines and concealing malicious payloads through steganography [concealing malware within files or images] raised the bar for security researchers and threat detection solutions,” BlackBerry Cylance said in its 2020 Threat Report. (Registration required).
Hiding code within files isn’t new for attackers. However, the report notes that BlackBerry, in the second half of 2019, discovered attackers are now able to conceal payloads within WAV audio files.
In general, the use of steganography helps adversaries evade detection because the key malicious content is only present in memory, says the report. Detecting and blocking steganography attacks requires effective memory monitoring and threat defences.
Host-encrypted malware is increasing, the report adds, making analysis almost impossible in a lab and decreasing defenders’ understanding of the malicious code and the ability for security solutions to block it.
It also warns that state-sponsored advanced threat groups are exploiting mobile devices “with impunity” to surveil targeted individuals. Other predictions for 2020 include the rise of Crimeware-as-a-Service.
Arguably, the most important part of the report underscores what security experts have been saying for years: Misconfiguration and mistakes are to blame for large breaches of security controls.
“Unfortunately, the majority of notable data breaches in 2019 still resulted from unsecured databases, rather than from sophisticated and novel techniques deployed by modern attackers,” it says. “This was once again the worst year on record for data breaches, and there clearly remains much work to be done in education and firming up security for organizations in the modern era.”
Misconfigured cloud resources led to more than seven billion records being publicly exposed in 2019, says the report. Another way of looking at it is that, on average, there were at least three disclosures of exposures caused by unsecured databases and servers every month. The report predicts that this will only happen more as organizations increase their use of the cloud.
Organizations can better prepare themselves by embracing a multi-faceted approach to cloud security that includes automated configuration policies to drive continuous integration and reduce human errors, says the report. Adopting threat-intelligence-driven awareness training for developers and increasing visibility of the environment by leveraging network and user behavioural analytics that can spot anomalies in system configuration and user activity can also help.
Separately, a report issued today by security vendor DivvyCloud estimated hat nearly 33.4 billion records were exposed in breaches due to cloud misconfigurations in 2018 and 2019, amounting to nearly $5 trillion in costs to enterprises globally.
Looking at publicly-reported breaches, it found 81 of them could be blamed on cloud misconfiguration in 2018, and 115 in 2019. That’s a 42 per cent increase. Elasticsearch misconfigurations accounted for 20 per cent of all breaches, but these incidents accounted for 44 per cent of all records exposed.
MongoDB misconfigurations accounted for 12 per cent of all incidents, and the number of misconfigured MongoDB instances nearly doubled year over year. However, there were 45 per cent fewer misconfigured Amazon S3 servers in 2019 as compared to 2018.
Click here to get the full report. Registration required.
The BlackBerry report also warns that deep fake technology — the ability to create fake video and audio files — is becoming more widely accessible. This has led to deep fake personas appearing on social media sites and fake voice authorizations being used to commit fraud. It recommends organizations consider training employees on identifying and responding to the indicators of deep fake technology use.
It also cautions that vulnerabilities in the auto industry supply chain, design process, and updating procedures have made vehicles an easy target for attackers.
“Vehicle vulnerabilities may lead to disastrous outcomes if the industry and third-party vendors don’t take steps to improve automobile cybersecurity.”