2 Attack Vectors are Forcing Changes in how to Secure Software

by

Cyber criminals have upped their game in the past two years to take advantage of a world distracted in its battles with a global pandemic. Cybercrime is growing continually. The number of cybercrime incidents rose by more than 60% in 2020 with costs associated with those crimes in the billions of dollars. The two most prevalent categories of cybercrime are identity theft and ransomware. 

Identity Theft

Identity theft is causing personal nightmares, with a majority of identify fraud incidents in the United States reported by victims over 60 years old [IC3 Report]. These attacks involve false insurance claims, illegal Payment Protection Program claims taken on behalf of small businesses, stealing social security funds, and initiating bank account transfers, all using stolen identities. 

Ransomware

While Identity fraud impacts individuals, a more severe class of cybercrimes is ransomware against businesses. According to the 2020 FBI Internet Crime Report, there were 2474 ransomware incidents reported 2020, with adjusted losses of $29.1 million. This is grossly understated as most incidents and payments go unreported. Cybersecurity Ventures predicts it will be closer to $20B in losses in 2021. 

According to Sophos Research State of Ransomware Report 2021, respondents reported that "the average cost to rectify the impacts of the most recent ransomware attack (considering downtime, people time, device cost, network cost, lost opportunity, ransom paid etc.) was US$1.85 million, more than double the US$761,106 cost reported last year." These attacks involve attackers invading a system, encrypting data to make it unusable, and holding businesses data hostage until a ransom is paid. Businesses are put in the untenable position of making the choice of paying ransom in order to protect their business and customers, or losing their data.

How Adversaries and Attackers Work

Attackers are heavily invested in sophisticated research to help them understand known software vulnerabilities, allowing them to take advantage of those vulnerabilities to exploit victims in automated ways. What is common between identity theft and ransomware is they are mostly caused via email phishing schemes or the attachment of malicious files which unleash malware into the victim's environment.

The latest pervasive attacks on Microsoft's Cosmo DBs and Exchange servers during the past few weeks are examples that show the intensity of the situation.  The latest attack on Microsoft Cosmo DBB allowed hackers the ability to modify/delete customer data. Flaws seemed to be related to default settings enabled in a third-party visualization tool. The attackers acquire knowledge of these existing loopholes and wait for an opportunity to exploit them. Attacks on Exchange servers were a result of exploiting remote access loopholes to get a backdoor entry to all customer emails on the server. 

In order to combat these threats, education and the implementation of secure engineering techniques are a must. It is possible to transform DevOps to DevSecOps by continuously building security into software as an integrated part of the engineering process. This transformation will manifest itself in a more centralized and improved collaboration across businesses units.

Conclusion

We often hear "security needs to be built-in and not bolted-on". It is imperative to act on those words. Secure engineering techniques and standards must be adopted throughout the development and engineering lifecycle in order to build secure software. 

 

Hema Nair
Hema Nair

Hema Nair (Srikanth) has a Ph. D in Computer Science from North Carolina State University. Her interests are in all aspects of Software Engineering, with focus on secure engineering. Her core skills are in data analytics and data science and using data to deliver security and quality requirements. She has been a consultant for the last five years for security and technology companies helping them deliver secure systems. Prior to that she worked with IBM for over ten years as an engineering leader, and the latest role as a secure engineering leader for IBM's analytics division.

Keep Reading

Mitigate CVE Risks Faster with Asset Visibility | JupiterOne
May 16, 2024
Blog
Mitigate CVE Risks Faster with Asset Visibility

Discover how JupiterOne addresses critical vulnerabilities with asset inventory, relationship mapping, and actionable insights for enhanced security.

Introducing Continuous Threat Exposurement Management | JupiterOne
April 30, 2024
Blog
Introducing Continuous Threat Exposure Management with JupiterOne and watchTowr

Introducing Continuous Threat Exposure Management (CTEM) with JupiterOne and WatchTowr: A Proactive Approach to Cybersecurity

Why Your Business Needs Cloud Asset Management
April 10, 2024
Blog
Why Your Business Needs Cloud Asset Management

Organizations are transitioning to the cloud faster than ever to keep up with the changing consumer and business climate. According to Gartner, by 2023, 40% of all

15 Mar 2022
Blog
One line headline, one line headline

Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam, quis nostrud eiut.

15 Mar 2022
Blog
One line headline, one line headline

Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam, quis nostrud eiut.

15 Mar 2022
Blog
One line headline, one line headline

Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam, quis nostrud eiut.