How Successful Were We In Cyber Security In 2022? Interesting Facts And Prospects For 2023
Last year’s most frequent incidents on the MasterDC network were DDoS flood attacks. So how does cyber security fare in today’s uncertain times? First, let us read about the most vulnerable elements of infrastructure and tips for stronger prevention.
As in previous years, sophisticated attacks were most common in cyberspace last year. However, most companies have adapted to this standard and started proactively preventing threats by implementing security elements into their infrastructure. In addition, systems based on machine learning, behavioural analysis, and similar methods, as we use at MasterDC, make it difficult for attackers to operate.
Therefore, attackers have had to adapt to another level of cyber protection by developing new, even more advanced, attacks. However, a cheaper and simpler alternative is to gain access through vulnerable points in the network, most often the employees’ devices connecting to company data remotely.
Secure Connections For Employees
Communicate with your colleagues and share data across branches and facilities safely using encrypted transmission, for example, via an IPsec protocol. In addition, we can provide the design and construction of a VPN for remote data access.
Ransomware and attacks on accessibility were still the most frequent in Europe and the Czech Republic in 2022. This is confirmed by an extensive report by The European Union Agency for Cybersecurity (ENISA), as well as regular reviews issued throughout the year by the National Cyber and Information Security Agency.
Cyber Security At MasterDC
Although several reports show a greater intensity of attacks compared to previous years, we did not notice any significant differences within the MasterDC network. “The intensity and frequency of attacks remain at the same level. We most often deal with a classic DDoS flood attack, then reflexive and multi-vector attacks. The strongest one reached 180 Gbps / 15 Mpps”, said MasterDC’s Technical Director Martin Žídek when summarising the network’s security situation.
Regarding customer technologies, last year, we observed the most ransomware, typically on Windows servers. In addition, vulnerabilities in Microsoft Exchange servers, which have long been included in botnets, were also widely sought. Finally, inadequately secured content management systems (CMS) and plugins also remain critical.
However, regular updates to the latest versions of systems can prevent similar situations by systematically setting backups and well-set access rules. Furthermore, we apply these procedures to customer solutions within our managed services. We also recommend filtering the operation through a firewall and using tools to mitigate DDoS attacks.
Current Trends In Cyber Security
The good news is that larger companies’ infrastructure is not as vulnerable as it used to be. In addition, the available data shows that companies are aware of the risks of cyber threats and invest more resources in security.
However, the rising cost of hardware is forcing, especially small and medium-sized organisations, to save money. This is particularly true for those whose primary business is unrelated to IT. In these cases, companies often decide not to invest in IT infrastructure protection. Another vulnerable part of corporate IT is the individual devices of employees. Attackers are also well aware of this problem; it is cheaper to focus on these devices than the development of so-called zero-day attacks.
Moreover, it is precisely zero-day attacks that have been used over the past year to achieve strategic goals motivated by monetisation, data gain, and geopolitical aspects. Furthermore, the growing popularity of software solutions, such as Microsoft Office 365 or tools from Adobe, represents an opportunity for zero-day attacks, and not only them.
The cloud and virtualisation are also expanding attack surfaces. This applies, for example, to the VMware ESXi virtualisation platform on Linux systems but also to poorly configured Docker containers or Kubernetes clusters. These platforms are effective from a long-term economic point of view and bring flexibility when expanding computing capacities, but without detailed knowledge of individual technologies, their functionality and data security are at risk.
Since 2021, the “as a service” business model has been gaining popularity in cybercrime, just as in other fields. The professionalised market offering “hacker as a service/hacker for hire” or “access as a service” has also been becoming one of the tools of governmental, competitive, and personal struggles. In addition, hackers provide their services to anyone with an internet connection and a credit card. However, in the case of “access as a service”, it offers access, for example, to the company network.
The Most Frequent Attacks In The Past Year
- Attacks on accessibility, especially robust and complex DDoS, the strength of which already exceeds 1 Tbps.
- Very sophisticated phishing methods.
- Ransomware remains at the forefront, as is the concept of ransomware as a service, which complicates the identification of the source of the attack. According to ENISA, more than 10 TB of data per month has been stolen using ransomware in recent months, with 58.2% containing employee personal data.
- The number of successful malware attempts, or social engineering, is also increasing. It recorded a slight decrease during the pandemic but is now returning to its original values.
How to prevent cyber threats
Prevention is specific to each attack, but there are generally applicable rules that will strengthen the overall security of an enterprise’s infrastructure. In addition, given the current trends, it is worth investing in employee training. Employees who are perfectly versed in the basics of cyber security can ultimately save the company’s data and reputation.
- Pay attention to regularly reminding yourself and your staff about the safe management and form of passwords, as well as how to recognise phishing and other attacks. Establishing clear procedures for recognising an attempted attack or data theft is also important.
- Carefully register all company devices employees use and ensure they are well-secured and regularly updated.
- Keep an overview of all technologies: network and other infrastructure elements, cloud instances, domains, etc…
- Limit the number of user accounts with administrative rights and wisely assign data management and access rights to other users. Unauthorised access by former employees to company systems is also a widespread problem – ensure to deactivate their user accounts immediately after the official termination of cooperation.
- Make sure employees know how to handle and share data securely.
- Regularly update operating systems and software to the latest versions. Optimally, automate this process or use managed services that include updates and security patches.
- Use security software, such as an anti-spam filter, to eliminate spam, malware, and other email threats.
- In addition to firewall and anti-DDoS protection for mitigation, use data encryption and communicate throughout the company via a virtual private network (VPN).
- Secure your DNS server.
- Back up strategically and systematically. Optimally use several backup methods – daily backups, for which cloud storage is suitable, weekly backups, and long-term backups and archiving. Test data recovery from a backup now and then.
Cyber Security In 2023: Will Anything Be Different?
You can also use the above tips for the coming year as well. However, targeting the most vulnerable points in the network will continue, as will the extensive development of zero-day attacks. In an interview with Kaspersky, security experts agree that the number of DDoS attacks will increase in the coming year, which will be directed primarily at smaller companies.
We are also preparing for an increase in DDoS attacks at MasterDC. “Next year, we plan to increase the network’s capacity again. In addition, we will also test a new distributed platform for mitigation”, CTO Martin Žídek reveals part of his team’s work.
Other predictions estimate more intense strategic ransomware and attacks on distribution channels. Therefore, it is worthwhile to test backup recovery and establish an infrastructure recovery plan in the case of robust solutions. Generally, the situation will be very similar to last year so that we can prepare well for it. You can start, for example, with a security audit of your operating system, which will reveal the most critical points.