Top 3 Cyber Attack Vectors During the Pandemic
Published on August 6, 2020 by Michelle Pruitt
Cyber-attacks have increased in quantity and sophistication in 2020, but we may not have heard about them in the news. Covid-19 updates have dominated headlines, and our physical health and safety has taken the spotlight over our technology’s health and safety. While news of vaccines and outbreak hotspots will continue to be the most important “news of the day” – it is important to be aware of security breaches that threaten the safety of our data and privacy.
In a recent article, “When It Comes to Data Breaches, Hindsight is 2020” published by Gabriel Torok in Forbes, PreEmptive’s CEO writes, “Companies finding their cybersecurity feet were suddenly forced to shift entire workforces and deploy entirely new network structures based on real-time, cloud-based collaboration as Covid-19 concerns escalated. As a result, hackers have changed tactics, leveraging a mix of old techniques and new approaches to compromise critical infrastructure.”
Gabriel highlights the Top 3 Attack Vectors:
• Phishing Concerns:As noted by Security Magazine, spear phishing attacks have increased 667% since the end of February, as hackers leverage familiarity of phishing to circumvent corporate defenses — a technique that’s especially effective as stressed staff and IT teams attempt to navigate the “new normal.”
• VPN Crashes:With companies implementing virtual private networks (VPNs) to help manage security at scale, attackers are now using DDoS attacks to crash these systems and breach network defenses. As noted by Security Boulevard, the “fill the gap” nature of most VPN deployments leaves them vulnerable to even small DDoS attacks.
• Cloud Compromises:Cloud-based collaboration tools such as Webex, Zoom and Slack have seen substantial uptake over the past few months as businesses look to provide better work-from-home connectivity and improve overall productivity. Attackers recognize an opportunity when they see one: According to CSO Online, some industries have seen cloud-related attacks increase by 1,350%.
How can organizations protect themselves against future security breaches?
It is important for organizations to address security threats consistently regardless of current conditions.
Applications are a critical area of vulnerability in many organizations. Companies implement cloud-based software for use with in-house or mobile solutions. These applications are designed to deliver critical functionality, but often must operate in untrusted environments. Apps form the front-line of any risk reduction effort.
If companies can find — and frustrate — potential attackers with tools such as runtime application self-protection (RASP), code obfuscation and application shielding, it is possible to better prepare for the next wave of security threats.
What is Runtime Application Self-Protection (RASP) – Runtime application self-protection (RASP) is a security technology that uses runtime instrumentation to detect and block computer attacks by taking advantage of information from inside the running software. Read more on RASP here.
What is Code Obfuscation – Code obfuscation is the process of modifying an executable so that it is no longer useful to a hacker but remains fully functional. While the process may modify an application’s instructions or metadata, it does not alter its behavior. See examples of code obfuscation.
What is Application Shielding – Application shielding refers to a set of technologies that modify an application’s source, byte or binary code, to make the application more resistant to intrusion, tampering and reverse engineering. Find reviews of top application shielding companies.
PreEmptive has been providing application protection solutions for over 20 years. RASP, obfuscation, and shielding are all techniques PreEmptive has mastered and built into ready-to-use solutions. Over 5000 organization in 100+ countries have relied on PreEmptive Protection products to provide a layer of protection for their applications.
For more information on how your organization can add value to its security strategy, get in touch with an expert today.