The biggest challenge for 2020 for the UK, as a country and for the wider European community, is going to be security around the supply chain, writes Matt Lorentzen, Principle Security Consultant at the cyber-security monitoring company Trustwave.
If you think about it, the perfect moment for an attacker is when an organisation is going through some form of change. With the current climate of uncertainty around Brexit, enterprises will find themselves going through a number of significant changes. At a government level, as we move towards Brexit and other political changes, there is going to be a significant amount of procedural, technical and auditory requirements that are going to be imposed on everybody, regardless of the outcome. This is going to result in a huge attack surface, which will allow attackers to sit in the middle of these processes and piggyback off the fact that everyone is expecting change, everyone is expecting that everything is going to be new. From that perspective, enterprises won’t really have the hindsight to believe that communications are incorrect, because everything is fresh.
As soon as bad actors understand how the various processes within a new supply chain are going to function, it’s going to be easy for them to carry out successful social engineering or phishing attacks; for example, sending an urgent email about a change in legislation that requires specific business information to be handed over. This type of activity will catch the larger businesses out just as much as the small ones, as everyone will be in the same position; and this change of approach won’t apply to one specific type of company, or one specific industry. Because the changes are at a governmental and national level, the attack surface is going to bubble out in all sorts of directions.
I’m certain the flood gates are going to open, and we’ll see a lot of companies being exploited off the back of these changes that are going to happen. For example, I would expect to see an increase in the number of directed attacks on enterprises where IP and data will be targeted.
In 2020 I expect we’ll see a lot of organisations being compromised through weak services. For example, earlier this year there was a very significant unauthenticated remote code execution vulnerability disclosed publicly that affected a few externally facing VPN portals – I even saw this myself on a job at the time and reported it to the client and they immediately patched that issue.
The NCSC (National Cyber Security Centre) has seen a considerable uptake in people heavily scanning the internet for these vulnerable devices because they know that those ingress points give them an immediate connection to the network. I think we’ll see more types of attacks where the disclosure of a critical vulnerability such as all the RDP and BlueKeep vulnerabilities we saw earlier this year. Based on what we’ve already seen, it’s likely the exploitation time of these vulnerabilities is truncated to just hours before an attack is launched.