2021 marked year two of our pandemic-driven, decentralized reality. While digital transformation initiatives moved full-steam ahead and employees continued to work from anywhere on devices of every kind using cloud-based services to stay connected and productive, identity has proven to be the ultimate attack vector.
Over the past 12 months, we’ve explored identity’s central role in everything from major breaches and emerging attack techniques to public policy discussions and new C-level job titles. As we close out 2021, here’s a look back on some of our most popular Identity Security blog posts.
Cyber Attacks Get Highly Targeted
Instead of casting a wide net, many attackers targeted very specific organizations for very specific reasons this year. Illustrating this trend, Lavi Lazarovitz, head of CyberArk Labs, deconstructed the anatomy of the targeted SolarWinds attack that leveraged a digital supply chain vector to infect thousands of organizations around the world.
While it’s important to understand the differences between opportunistic and targeted attacks, the initial attack vector remains the same, no matter the adversary’s strategy. By compromising an identity at the endpoint — whether it’s a desktop, laptop or server — attackers can gain entry to an organization and potentially open a privileged pathway that leads to its most valuable assets.
The Supply Chain Attack Saga Continues
SolarWinds was far from the first supply chain attack, but it served as a wake-up call for many organizations. On the flipside, attackers saw opportunity and homed in on upstream providers to extrapolate weaknesses and expand their reach.
In one post, CyberArk principal security researcher Nimrod Stoler dug into the Codecov breach — a highly evasive supply chain infiltration in which malicious actors targeted a popular software platform, infected the CI/CD pipeline, added a credentials harvester and then used it steal thousands of MSP customers’ credentials. In another piece, Lavi Lazarovitz explored the massive Kaseya ransomware supply chain attack, which exploited trusted software (and the access and permissions it granted) to infect the IT management software provider’s global customer base and their downstream customers. And as CyberArk Global Sales Engineer Len Noe showed us, industry tools like the MITRE ATT&CK framework can help organizations better understand supply chain attacks and defend against future attempts that utilize similar tactics and techniques.
Attackers Live off the Land and Hide in Plain Sight
Adversaries looked for ways to use victim organizations’ own technology resources against them to “live off the land” (LotL) and remain hidden for long periods of time. Bryan Murphy, leader of our remediation services team, shared some patterns and red flags to watch out for. He also explained how a multi-layered endpoint security approach combining least privilege defense, strong authentication for identities, credential theft protection, application control and ransomware blocking can make it significantly harder for attackers to gain entry in the first place. But if they succeed (and you must assume they will), having layered controls in place will make it difficult for attackers to remain hidden for long.
Interest in Passwordless Authentication Grows
Nearly all the major breaches witnessed this year — as in years past — shared something in common: the compromise of identities and abuse of privileged credentials played a critical role. These attacks often began with credential theft via phishing and other common methods. This is one of several reasons why many enterprises are re-thinking passwords and traditional credentials altogether and exploring passwordless authentication to help protect identities linked to human users, secure critical corporate assets and even boost their bottom lines.
Cybersecurity Becomes “The” Board Room Topic
There isn’t an executive team on the planet that wasn’t talking about cybersecurity this year. It became a board-level issue (if it wasn’t one already), thanks to a seemingly endless string of high-profile attacks and skyrocketing cybersecurity insurance costs. It even drove the creation of new roles such as the Business Information Security Officer (BISO) who could bridge both sides of the business.
Security and IT teams were asked to defend and demonstrate their risk mitigation efforts under increased scrutiny. Yet articulating security priorities, such as moving toward a Zero Trust model, to non-technical audiences can be challenging. This post can help guide Board and C-level discussions on why Identity Security matters and how to get started — without getting lost in the weeds.
As we enter 2022, we can expect even more of the same along with continued attacker innovation. For instance, the recently disclosed Log4j vulnerability shows us how attackers may increasingly use popular open-source software to automate and magnify their supply chain attacks.
Though more cyber attacks are inevitable, loss is not. By placing identity at the heart of your security strategy, your organization can ring in the New Year with confidence, knowing your most critical assets are secure.