With the number of COVID-19 cases increasing, another round of attacks is looming over schools and universities as they move into holiday break and prepare for the spring semester. According to a recent article the Wall Street Journal, there have been “nearly three dozen ransomware attacks against school districts since the pandemic began in March.” Of course, this isn’t the full picture, since, as the Journal indicates, some schools switch to “backup servers that [escape] attacks or quietly pay ransom without ever making it public.”
With security teams limited in resources, especially as state and public schools and universities are facing shortages caused by the coronavirus, educational institutions and others must find a way to increase their security posture to reduce threats like ransomware from taking hold. It’s bad enough to be up against a biological virus like COVID-19, but it’s even worse when computer and network viruses start to take hold as well.
Ever-Increasing Threat Surfaces
According to a recent report on trends in application security, 20 percent of software-development firms don’t test for software threats. This translates to a lot of software on the market with unknown vulnerabilities, which could create a back door into an organization’s network.
Furthermore, Palo Alto Networks data show that four out of five public exploits are published before the CVEs are published, which means that attackers can strike before official vulnerability reports or patches are released. On average, these exploits are published 23 days ahead of the CVE release. In other words, attackers have nearly a month to exploit a vulnerability before CVEs and updates are released to stop attacks. This doesn’t bode well for anyone trying to secure their networks, especially as the number of ransomware attacks has grown in the hackers’ attempts to make a profit.
Hackers released information on students near Las Vegas after officials didn’t pay the ransom, according to an article published this past September. What once was a simple choice — either pay the ransom or not — is no longer that simple because hackers are not only encrypting the data on the servers, but also stealing the data to publish later should a ransom not be paid.
These ever-increasing threats don’t seem to be slowing down, and organizations, schools and employees should be sure to safeguard themselves and reduce their attack surface.
How to Increase Security Posture
As malicious actors become more and more cunning, simple flow data is no longer enough to detect the ever-adjusting patterns of the malware they write. Machine learning is really the only way to detect some of the cleverest of malware.
In a recent report published this past summer, Gartner finds that “applying machine learning and other analytical techniques to network traffic is helping enterprises detect suspicious traffic that other security tools are missing.”
To ensure that the network is secured and to audit how malware is able to move through it, schools and businesses need to deploy network traffic analytics capable of using machine learning to quickly identify where there are security vulnerabilities and spot breaches. It’s no longer enough to just collect traffic metadata and hope that analysts can see anomalies.
Humans: Still a Big Problem
Network detection and response, network traffic analytics and similar platforms together with SIEM technologies help aid security and network teams in identifying when and where malware has entered the network. But individuals also must be educated on ways to help prevent these attacks from happening. Most employees, students and other users of corporate networks are not always educated on proper usage and can be a threat to the network themselves.
Organizations must provide their users some level of education regarding best practices to further reduce the threat surface. CIOReview, using data from F5’s Security Operations Center found that the number of phishing attacks increased 220 percent during the peak of COVID-19. According to the article, “[i]ndividuals and [organizations] also need to be continuously trained on the latest techniques used by fraudsters. Crucially, there needs to be a big emphasis on the way attackers are hijacking emerging trends such as COVID-19.”
By training the people that use the network to spot phishing and other malicious attempts, institutions can increase their security posture and the overall awareness of malicious threats.
By taking advantage of the machine learning capabilities in today’s myriad platforms, training employees, students and users on best practices to avoid phishing and other attacks, and by continuing to use a layered security approach, institutions that are struggling to stay open during this pandemic can efficiently build out their network security to provide a secure and reliable network that reduces the risk of exposure to outside hackers.
Justin Jett is the director of compliance and audit at Plixer.
Enjoy additional insights from Threatpost’s InfoSec Insider community by visiting past contributions.