2020 marked a milestone in cybersecurity, according to Brad Smith, president of Microsoft, and not in a positive way. The growing sophistication and determination of nation-state attacks, the rise in the number of attacks taking place by private companies, and assaults on companies related to Covid-19 - have made every company and individual vulnerable. Another interesting change Smith identifies in his blog is a growing number of attacks on third party suppliers, as a means of penetrating high-profile organizations.
But 2021 can be better. Modern security models like zero trust can help organizations protect themselves against data breaches and cyber attacks. Let’s take a look at some of the most prominent breaches of 2020 and see how zero trust could have helped increase security posture.
In early 2020, a state-backed hacker group inserted malware on the Solarwinds Orion platform. Orion is used by the US federal government and many Fortune 500 companies to manage and monitor their IT health. Through Orion, the group was able to infiltrate and access the networks of Orion users.
FireEye, a cybersecurity firm, was the first to announce a data breach due to the Orion vulnerability. FireEye’s announcement also revealed the existence of the attack. Additional victims include the US Departments of Defense, State, Treasury, Homeland Security and Commerce, security and technology firms, and NGOs.
The zero trust security model authenticates devices internally and externally any time and every time they access systems, apps, and assets. There is no trust tunnel between nodes in the network. Instead, there is constant verification of the identity. Therefore, albeit this attack might not have been preventable, zero trust would have hidden the network structure and assets from the attacker and blocked lateral movement, rendering the attackers unable to see and access Orion. This means the malware would have less impact on the systems.
For Orion’s customers, implementing zero trust could have prevented the infected Orion software from accessing their internal systems. Zero trust does not enable third party access to the crown jewels, protecting companies even when their suppliers are infected.
The Iranian hacking group Pay2Key hacked the servers of Portnox, an Israeli cyber security company. Pay2Key claimed to seize 1TB of data, belonging to major Israeli companies in the health, communication, aviation and security industries. This was not the first attack that Pay2Key targeted Israeli companies. A number of attacks on Israeli firms in the past months, including, according to Pay2Key, on the Aerospace Industries, preceded.
Zero trust access ensures that even if attackers are able to gain access to enter the system, they will not have visibility into it, as they are not an authenticated user/device. Thus, Pay2Key would not have been able to find and seize the data, as it would have been invisible to them.
Hackers gained access to more than 900 of Pulse Secure’s VPN servers and leaked their credentials, IP addresses, SSH keys, admin details, and more. The penetration was probably possible due to a vulnerability in the VPN’s firmware version: CVE-2019-11510. This vulnerability required security teams to patch it, to protect the network from an attack, which many did not do.
Pulse Secure VPNs are often used as access gateways. The attackers probably scanned the public network to identify vulnerable servers and gained network access through the exploit.
VPN security is based on the castle-and-moat approach, meaning that anyone who gains access into the network, is free to access all of its assets. Zero trust augments or replaces VPNs and is based on the identity authentication approach. By using zero trust, enterprises would not have been made vulnerable due to the VPN attacks.
But zero trust can also complement VPNs: Even with the vulnerable VPNs, zero trust could have blocked the bad actors from entering the network without authentication. And even if the perpetrators were able to enter the network, they would not have access to files, keys, libraries and assets.
In January, hackers were able to access Marriot customer’s PII (Personal Identifiable Information) by logging in with employees’ user credentials. 5.2 million customers had personal information stolen. This included contact details like names, addresses, email and phone numbers; personal details like gender, workplaces and DoBs, and personal accommodation preferences and affiliations. This was one of the biggest breaches in hotel industry history.
Cyolo’s zero trust access solution authenticates devices based on two step verification. First, the device presents a trusted certificate from the root CA. Then, the certificate is authenticated through a 3rd party inventory service like SCCM or BigFix. This way, Cyolo can ensure devices are encrypted and have an up-to-date anti-virus installed. This protection method ensures that even if user credentials had been stolen, would not have been enough for the perpetrators to access Marriot’s internal systems, according to their policies.
A former Cisco engineer accesses Cisco’s network, deleting 456 virtual machines and deactivating 16,000 Webex Teams accounts. The attack cost Cisco $2.4 million in refunds and rectifying efforts, not to mention the cost of customer churn over time. The engineer gained access through AWS after he left the company, by using his account that someone probably forgot to deactivate after he left. Then, he deployed the malicious code.
With Zero Trust, Cisco’s security or IT team could have updated this employee’s user permissions easily once he left or create an automation with the HR system. His access would have been automatically revoked from all systems, apps and everything else. Zero trust also enables continuous validation of user, recording and auditing abilities, and monitoring abilities. So, even if this employee’s credentials were not changed and he had access, the security team could see exactly what he was doing in real-time, or had done in AWS.
In June, a ransomware infection was identified on the UCSF School of Medicine's IT systems. According to ZDNet, “Administrators quickly attempted to isolate the infection and ringfence a number of systems that prevented the ransomware from traveling to the core UCSF network and causing further damage.” The ransomware cost the UCSF $1.14 million to recover files and research.
Typically, the ransome-ware injection vector requires unhindered network access. It usually involves a vulnerability that requires crafting bespoke packets. With zero trust, there is no access to the network. Instead, there is only access to applications. As a result, most malware injection vectors are rendered ineffective, as they are not authorized to craft packets.
In addition, with zero trust admins would not have to scramble and isolate the infection once malware was recognized. Zero trust would already prevent access to valuable, core systems. Ongoing device authentication at all times would not have given them access in any case.
An advanced cyberattack harmed the UN IMO’s (United Nations International Maritime Organization) website and web-based services. The nature of the attack is unclear, but one of the possible scenarios is a watering hole attack, in which malicious code is hosted on the website for users to download and infect themselves.
Zero trust continuously authenticates users from entering the network and accessing internal systems. In the case of a watering hole attack, infected devices would not have gained the attackers access, as the devices would have been identified as compromised and denied access.
Covid-19 has taken a toll on IT and security teams. The sudden demands to support a remote workforce, a growing number of sophisticated cyber attacks, financial cutbacks, and the personal stress that accompanied this year have made it a difficult one. Unfortunately, cyber attackers are taking advantage of this and using network and personal vulnerabilities to gain access. Zero trust is an easy to implement approach that can prevent these attacks and their grave financial, economic and social consequences.
Cyolo is the leading zero trust security provider for organizations that want to protect their intellectual property. By securely connecting all users from anywhere without requiring a VPN, and authenticating devices, Cyolo enables employees to focus on their work and your business to grow. Cyolo provides advanced user management features, real-time recording abilities and an easy to use UI. Cyolo can also integrate with your VPNs, if needed.
Cyolo takes minutes to implement and is compatible with any network topology and identity infrastructure. In addition, Cyolo does not have access to the organizational data. Not only does this ensure true privacy and security, it also improves performance as a better user experience. Request a demo to learn more.