B.S. Nagarajan is the Senior Director & Chief Technologist for VMware India. He covers the entire VMware portfolio, with a focus on evangelizing and developing the market for VMware Cloud on AWS, NFV and emerging growth areas such as IoT and developer-focused solutions. As the CTO for VMware India, BSN is responsible for providing leadership to the technical community and building a strong connection with the engineering teams.
The ongoing global pandemic offered an opportunity to challenge the status quo across the globe as it transformed the traditional ways to work and live. The year of profound changes suggested adaptation in nearly every aspect of our lives. Many are now accessing applications from the network edge in remote work sites, home offices, and dining room tables. Hacktivists promptly took advantage of the situation, using pandemic anxiety as a trigger for social engineering attacks. These attacks increasingly focused on the delivery of ransomware, especially targeting high-profile victims. In addition, there has been a resurgence of dated exploits, likely targeting poorly maintained computers. Data is now more prone to be easily replicated to external CSP over a VPN connection, creating a multi-cloud storage cluster.
Vendor lock-in and cloud outages are two important challenges that made IT managers reluctant in widely adopting the cloud within the enterprise. Cloud outages can happen to any provider, the events recorded last year largely highlighted that they have a critical impact on the actual reliability of cloud applications.
As enterprises have started to invest in hybrid environments, they are also concerned about the top detected threats that not just affect the individual workloads, but also the entire application portfolios or even the complete DC. To ensure minimal disruption and get a better sense of these threats evading perimeter defenses, CISOs and security professionals can consider VMware’s recent threat landscape report. The report compiled by the VMware Threat Analysis Unit is a summary of key data and findings observing millions of networks/network segments from July 2020 to December 2020. It highlights threats that evaded perimeter defenses and identified by VMware sensors placed inside the perimeter.
Let’s dive into the findings to analyze IT security vulnerabilities.
The Threat from Email is Alive and Well: Without a doubt, email continues to be used as the most common attack vector to gain initial access. Analysis shows more than 4 percent of all business emails analyzed contained a malicious component. Malicious email authors are clever and relentless, and they are constantly developing new, or at least different, ways to deceive and attack. Although the malicious payloads found in email-based attacks frequently change, the vast majority of cybercriminals were observed using three basic strategies: Malicious attachments, links to malicious web pages, and enticements to perform transactions. Perimeter security solutions such as anti-virus, anti-malware, and anti-phishing tools are ineffective against advanced email-based threats, and we predict malicious actors will continue to use email as an attack vector.
Attackers Prioritize Evasion Above All: We observed that defense evasion is the most encountered MITRE ATT&CK ® tactic used by malware, followed by execution and discovery. Threat actors’ first order of business is to evade detection. Malicious actors are getting better at evasion and are increasingly turning to rare or esoteric file types to increase the likelihood of evading unsophisticated security technologies. Once achieved, it’s essential they become persistent within your environment by executing malicious artifacts enabling them to commence discovery of system processes and network assets.
Pervasive Use of Remote Desktop Protocol for Lateral Movement: More than 75 percent of lateral spread events observed were conducted using Remote Desktop Protocol—often using stolen credentials to log in to other hosts on the network. While there are several different ways to laterally propagate, logging into hosts via RDP using either exposed clear-text passwords via the network’s valid accounts or brute-forced credentials is still the most common technique.
By providing visibility and authoritative context, this report should encourage enterprise security teams to think more comprehensively about how they secure users, applications, and data in today’s hybrid cloud environment. There are just too many surfaces to defend, too many silos, and too little context. Security professionals can no longer reinforce network defenses and hope the perimeter holds. The reality is once malicious actors are able to penetrate the perimeter, they have free reign to spread laterally and infect more devices, more applications, and more business systems.
Worldwide end-user spending on public cloud services is forecasted to grow 18.4% in 2021 to total $304.9 billion, up from $257.5 billion in 2020, according to Gartner, Inc.[1] Most Enterprises are already using more than one cloud to run applications in a best-fit environment. The growing trend of hybrid workstyles demands a robust security architecture that can secure the broader IT surface areas without compromising on employee experience and productivity. Hence, CISOs and Security Practitioners need to rethink security as a built-in and distributed part of the modern enterprise— continuously incorporating all aspects of your technology environment to deliver more effective security through a Zero Trust approach.
This is an area where security vendors can help enterprises transform into a Resilient Anywhere Organization by modernizing security infrastructure and practices using Zero-Trust frameworks. Enterprises can achieve Zero Trust Security architecture with fewer tools and silos, better context, and a distributed security model built-in and distributed within control points of users, devices, workloads, networks, and clouds. Further, Enterprises can also implement built-in SSO & Password-less experience for users to NGAV, Endpoint Detection, Response and Management for devices to EDR/NDR/XDR and container image scanning for workloads to Micro-segmentation, IDS/IPS, and SASE for networks to become a truly secure and resilient Anywhere Organization.