2 Attack Vectors are Forcing Changes in how to Secure Software

by

Cyber criminals have upped their game in the past two years to take advantage of a world distracted in its battles with a global pandemic. Cybercrime is growing continually. The number of cybercrime incidents rose by more than 60% in 2020 with costs associated with those crimes in the billions of dollars. The two most prevalent categories of cybercrime are identity theft and ransomware. 

Identity Theft

Identity theft is causing personal nightmares, with a majority of identify fraud incidents in the United States reported by victims over 60 years old [IC3 Report]. These attacks involve false insurance claims, illegal Payment Protection Program claims taken on behalf of small businesses, stealing social security funds, and initiating bank account transfers, all using stolen identities. 

Ransomware

While Identity fraud impacts individuals, a more severe class of cybercrimes is ransomware against businesses. According to the 2020 FBI Internet Crime Report, there were 2474 ransomware incidents reported 2020, with adjusted losses of $29.1 million. This is grossly understated as most incidents and payments go unreported. Cybersecurity Ventures predicts it will be closer to $20B in losses in 2021. 

According to Sophos Research State of Ransomware Report 2021, respondents reported that "the average cost to rectify the impacts of the most recent ransomware attack (considering downtime, people time, device cost, network cost, lost opportunity, ransom paid etc.) was US$1.85 million, more than double the US$761,106 cost reported last year." These attacks involve attackers invading a system, encrypting data to make it unusable, and holding businesses data hostage until a ransom is paid. Businesses are put in the untenable position of making the choice of paying ransom in order to protect their business and customers, or losing their data.

How Adversaries and Attackers Work

Attackers are heavily invested in sophisticated research to help them understand known software vulnerabilities, allowing them to take advantage of those vulnerabilities to exploit victims in automated ways. What is common between identity theft and ransomware is they are mostly caused via email phishing schemes or the attachment of malicious files which unleash malware into the victim's environment.

The latest pervasive attacks on Microsoft's Cosmo DBs and Exchange servers during the past few weeks are examples that show the intensity of the situation.  The latest attack on Microsoft Cosmo DBB allowed hackers the ability to modify/delete customer data. Flaws seemed to be related to default settings enabled in a third-party visualization tool. The attackers acquire knowledge of these existing loopholes and wait for an opportunity to exploit them. Attacks on Exchange servers were a result of exploiting remote access loopholes to get a backdoor entry to all customer emails on the server. 

In order to combat these threats, education and the implementation of secure engineering techniques are a must. It is possible to transform DevOps to DevSecOps by continuously building security into software as an integrated part of the engineering process. This transformation will manifest itself in a more centralized and improved collaboration across businesses units.

Conclusion

We often hear "security needs to be built-in and not bolted-on". It is imperative to act on those words. Secure engineering techniques and standards must be adopted throughout the development and engineering lifecycle in order to build secure software. 

 

Hema Nair
Hema Nair

Hema Nair (Srikanth) has a Ph. D in Computer Science from North Carolina State University. Her interests are in all aspects of Software Engineering, with focus on secure engineering. Her core skills are in data analytics and data science and using data to deliver security and quality requirements. She has been a consultant for the last five years for security and technology companies helping them deliver secure systems. Prior to that she worked with IBM for over ten years as an engineering leader, and the latest role as a secure engineering leader for IBM's analytics division.

Keep Reading

Proactive IAM Security: Transforming Identity Security with Actionable Insights | Okta Integration with JupiterOne
December 19, 2024
Blog
Unlocking Proactive Security: How Okta and JupiterOne Elevate IAM Insights

Unlock proactive IAM security with Okta and JupiterOne, gaining real-time insights, enforcing least privilege, and reducing risks in dynamic cloud environments.

Transitioning from Vulnerability Management to Exposure Management | JupiterOne
December 13, 2024
Blog
Transitioning from Vulnerability Management to Exposure Management with JupiterOne

Explore Gartner's latest report on Exposure Management and learn how your organization can prioritize vulnerabilities and minimize exposures.

The Ultimate CAASM Guide for 2025 | JupiterOne
November 20, 2024
Blog
The Ultimate CAASM Guide for 2025

Discover how Cyber Asset Attack Surface Management (CAASM) is providing enhanced visibility of internal and external assets in 2025.

15 Mar 2022
Blog
One line headline, one line headline

Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam, quis nostrud eiut.

15 Mar 2022
Blog
One line headline, one line headline

Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam, quis nostrud eiut.

15 Mar 2022
Blog
One line headline, one line headline

Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam, quis nostrud eiut.