Cybersecurity threats are constantly evolving. In particular, five threats are expected to become more prevalent and severe in the near future:
- Social engineering
- Exposure of corporate infrastructure to public networks
- IoT attacks
- Attacks on mobile devices
In this article, I’ll explain why these threats are growing in importance, and introduce you to eXtended Detection and Response (XDR), a new category of security platforms which can address them better than ever before. XDR is the evolution of EDR, NDR, and other point solutions which were able to secure only one layer of the IT environment – XDR ties them together to provide holistic security across silos.
5 Rising Security Threats
Here are five threats that are getting the attention of security teams everywhere, and how they can affect your organization.
1. Social Engineering Attacks
Attackers have long used social engineering attacks such as phishing to trick victims into sending them sensitive information, such as login information and credit card information. While most organizations have improved email security to thwart phishing attacks, cybercriminals have designed sophisticated phishing toolkits to help tackle data breaches and financial fraud.
Phishing will continue to be a major cybersecurity threat in 2021 and beyond. It is an effective, inexpensive strategy that cybercriminals can easily gain access to. It is still the leading cause of global data breaches.
Smishing (SMS Phishing) is another social engineering attack that will stand out in the near future. With applications such as WhatsApp, Slack, Skype, WeChat, and Signal becoming more prevalent, attackers are using these messaging platforms to trick users into downloading malware to their phones.
Another rising threat vector is vishing (voice phishing), in which attackers contact victims by phone, often via automated systems, pretending to be a trusted party and tricking them into divulging information.
2. Exposure to Public Internet
Any system that is connected to the Internet is inherently vulnerable—this includes any device that has an IP address or hostname that is publicly resolved by DNS. With the huge rise in remote work, employees are using virtual private networks (VPN), Remote Desktop Protocol (RDP) or other remote access tools to access corporate systems. Both the remote access technologies, and even more so, the user endpoints, can be compromised by attackers.
In 2021, cybercriminals will use stolen credentials, endpoint weaknesses or server vulnerabilities to impersonate potential victims and gain access to corporate networks. Another growing threat vector is the disruption of Internet connections and remote networking, which can dramatically hurt productivity in the current economic landscape.
3. IoT Attacks
The Internet of Things (IoT) is gaining popularity, with the number of devices connected to the Internet of Things is expected to reach 75 billion by 2025. This includes routers, webcams, consumer electronics, smart watches, medical equipment, manufacturing equipment, automobiles, and even home security systems.
Connected devices are convenient for consumers, and are being used by companies to collect large amounts of data and simplify business processes. However, the more connected devices, the greater the risk of network intrusion and infection through vulnerable IoT networks.
IoT devices are typically not secured by design, and when controlled by hackers, can be used to sabotage organizational systems, overload networks, and lock down critical equipment for financial gain. IoT devices can also be enlisted into botnets and used for criminal activity, as evidenced by the Mirai botnet, which was made up of millions of compromised IoT devices.
4. Mobile Devices
COVID-19 encouraged businesses to allow employees to use personal equipment for work. The Bring Your Own Device (BYOD) concept is used in a majority of organizations, to reduce costs, improve productivity, and increase employee flexibility through remote work.
The number of mobile devices used by employees continues to grow, and the amount of sensitive business data stored on these devices is also increasing. Although the direct impact of mobile malware on business is small, data breaches related to the use and abuse of mobile devices are expected to increase. Each device used to access corporate systems is another easy point of entry for attackers.
The advent of cryptocurrency affects network security in several ways. Cryptojacking, for example, is a trend in which cybercriminals take over home computers, business workstations, or even servers operated by organizations, and use them to mine cryptocurrencies such as Bitcoin. This requires large processing power, creating a strong incentive for hackers to compromise computing systems, so they can generate a cryptocurrency income. For businesses, cryptojacking systems can cause serious performance issues, costly downtime, and legal exposure.
What is XDR?
Historically, endpoints have been the most vulnerable part of the IT environment, and the preferred entry point for attackers. As the number of attacks increased and so did attacker sophistication, organizations realized antivirus software was insufficient to protect endpoints.
The next step in the evolution of endpoint security was Endpoint Detection and Response (EDR). EDR presents a viable solution to endpoint security—it installs agents on endpoints to monitor and collect data, then send the data to the cloud for analysis. Analysts can centrally access security events from endpoints across the enterprise, use it to detect and investigate threats, and respond to them directly on endpoints.
EDR is widely adopted and effective, but it is also demanding for security teams. A large amount of data must be analyzed from thousands of endpoints to isolate malicious behavior. In addition, EDR focuses primarily on managed endpoints, and is unable to see or respond to attacks that occur in other parts of the environment, such as the network, cloud systems, or unmanaged personal endpoints.
The next generation of endpoint security is eXtended Detection and Response (XDR). XDR is a more comprehensive solution that extends the scope of EDR to all parts of the IT environment. It provides more context and data around security events, and uses artificial intelligence (AI) to combine data points into a meaningful attack story.
The X in XDR stands for multiple data sources, which enable better detection and response. XDR gives you a broader view of your network. The data it provides allows analysts to instantly visualize, triage, and respond to an attack, whether it originated from endpoints or any other part of the environment.
How Can XDR Help with Rising Security Threats?
As social engineering becomes more complex and manipulates human weaknesses, there is no way to completely prevent it. However, organizations can reduce the likelihood of a successful attack in several ways.
XDR can stop social engineering in several ways:
- It makes it easier to correlate data points from multiple sources, such as email systems, the network, and endpoints, to detect phishing attacks and other social engineering techniques.
- It enhances endpoint protection, ensuring that when a phishing attack is successful, the compromised endpoint is detected and rapidly isolated.
- If an attacker has already moved laterally through the network, XDR can help identify multiple footprints of the same attack campaign, identify it and stop the infection.
Vulnerability Management and Assessment
XDR can be used to identify and quantify security vulnerabilities in endpoints, assisting with vulnerability management. Information from XDR can easily mitigate and patch these vulnerabilities across all endpoints in your organization.
To fully understand the severity of a vulnerability, XDR retrieves up-to-date data for known vulnerabilities (CVEs) from vulnerability databases and other sources, including their severity score. It can help assess the scope and severity of each CVE in the network, provide visibility into the exposure risk of each endpoint, and assess the vulnerability status of applications on the network.
Gaining Visibility Over IoT
Because XDR is a general purpose tool that breaks the silo pattern of traditional security solutions, it can gather data about IoT attacks from several angles:
- Firewall logs and events related to IoT devices
- Traffic on IoT networks
- Traffic between IoT networks and cloud systems or the corporate network
- Traffic between IoT networks and the public Internet
- Logs from antivirus or other security systems deployed on IoT devices, if any
By combining these data points, XDR can help detect IoT attacks as they happen. This level of visibility is crucial because most IoT devices are unsecured.
According to Gartner’s Mobile Threat Protection (MTD) market guide, MTD is a growing category that can not only protect iOS and Android mobile devices, but also become a key component of a Zero Trust Network Access (ZTNA) architecture, and integrates with XDR.
According to Gartner, MTD will become a key component of XDR platforms, extending its capabilities from traditional endpoint security to mobile devices. This means XDR will gradually be able to monitor personal mobile devices, and combine security events occurring on these devices with data from the rest of the enterprise. This will help organizations tackle challenges such as BYOD and remote work.
To defend against cryptojacking, organizations need a high level of visibility. Suspicious activity must be detected as quickly as possible, to prevent long term damage and broad infection.
Network traffic monitoring is the first step to identify and stop cryptographic hijacking attacks. Monitoring tools and firewalls should include known mining sites and IP threat intelligence.
With XDR, organizations can combine traffic data with suspicious events on endpoints themselves. An unusual process running on an endpoint, combined with traffic from a known mining site, can immediately shed light on a cryptojacking operation. XDR can help organizations identify cryptojacking and other “low profile” threats early and eradicate them.
XDR is not the be-all and end-all of security, but it is a big step forward from previous solutions, which were not able to provide a coherent picture of attacks across silos. Modern attacks are evasive, sophisticated, and combine multiple threat vectors, exploiting weaknesses in a complex, distributed network environment. With XDR, you can gain more visibility over these attacks, perform rapid forensic investigation, and prepare automated and manual responses to mitigate these threats before they spread.