Your company’s endpoints are open front doors for cybercriminals.
What’s an endpoint? An endpoint is your desktop, laptop, tablet, smartphone, workstation, server, Internet-of-things (IoT) devices, and anything else that connects remotely to – and communicates with – your network.
Endpoints are the entryway of choice for cyberattackers, who frequently exploit endpoint security gaps for the purpose of executing malicious code. As corporate workforces rely more heavily on remote employees, with staff connecting to corporate networks from remote endpoints across the country and around the world, endpoint attacks are becoming easier and more frequent, with the result being hackers holding a company’s data hostage for ransom, taking control of the device and use it in a botnet attack, or executing a DoS attack.
Recent Cyberattacks Against Corporate Endpoints
- CNA Financial: In March 2021, a sophisticated ransomware attack targeted CNA Financial, one of the largest cyberinsurance companies in the U.S. The attack caused CNA Financial to shut down its operations for three days, as it worked to contain the damage and prevent further spread of the attack. The company paid a $40 million ransom.
- Harris Federation: The Harris Federation in London, which manages 50 academic institutions, was also struck by a ransomware attack in March 2021. It had to temporarily disable all its email systems and devices, which meant that more than 37,000 students were unable to access their coursework or correspondence. When Harris Federation refused the pay the $8 million ransom demand, Harris’s stolen data was released on the Dark Web.
- Acer: A third ransomware attack in March 2021 targeted Acer, a global computer equipment company. Reportedly, the attackers were able to leverage a vulnerability in Acer’s Microsoft exchange server to compromise Acer’s security systems. The attackers requested a ransom of $50 million, but Acer said they were well-defended against ransomware and that they were able to contain the attack with limited damage.
- SolarWinds: SolarWinds, which offers technologies for managing and protecting computer networks, was victimized by attackers in April 2020, although the breach was not discovered until December – eight months later. The cybercriminals successfully hid a Trojan in an update of the company’s Orion software, which reached 18,000 customers. Nearly all Fortune 500 companies were affected, and more than 40 government agencies were compromised, including the National Nuclear Security Administration.
- Verifications.io: Verifications.io was a company that offered enterprise email verification services. A vulnerability was exposed in March 2019 when a database with more than 763 million records was left accessible to the public Internet. The exposed data included personal information such as home and email addresses, birth dates, and phone numbers. The company ceased operations shortly thereafter.
The Frequency of Endpoint Attacks
In 2019, 68% of respondents to a Ponemon Institute study said the frequency of attacks had increased over the previous 12 months. In addition, an average of 80% of successful breaches were new or unknown “zero-day attacks” involving malware variants that signature-based detection solutions did not recognize.
It gets worse. According to the Sophos State of Ransomware 2020 report, “51% of organizations were hit by ransomware in the last year. The criminals succeeded in encrypting the data in 73% of these attacks.”
According to two recent reports, the problem is only getting worse. A study by Check Point Research reported that the third quarter of 2020 witnesses “a 50% increase in the daily average of ransomware attacks, compared to the first half of the year.” What’s more, SonicWall reported a similar rise, reporting a 40% surge in global ransomware attacks in the first nine months of 2020 than in the same period in 2019.
Endpoint Attack Methods
The endpoint attack of choice is malware, which can be installed on the target’s device any number of ways, including via “juice jacking.” Public charging stations, such as those found in most airports, are especially prone to juice jacking and are a favorite target of cybercriminals.
How does juice jacking work? The cybercriminal breaches an unsecured charging kiosk using malware, then plants malware onto that kiosk that allows the hacker to steal information from connected devices. Your bank and credit card account credentials; wireless payment credentials, such as those associated with Apple Pay and Google Pay; phone contacts; account passwords; and much more can be stolen in a matter a seconds.
If your company has a large number of workers who regularly travel as part of their jobs, then juice jacking should be a concern, as IBM reports that 79% of people travelling for business have connected their devices to a public USB port or charging station – unknowingly opening the door to a potential attacker.
Who’s at Risk?
It’s not just business travelers who put your organization at risk. If you also have a large number of workers who bring their personal devices into the workplace, then your risk of experiencing an endpoint attack increases. In fact, according to a Webroot study, personal devices such as laptops, smartphones, external hard drives, and IoT devices (think smart watch) are twice as likely of becoming infected with malware than business devices – all the more reason to have string BYOD policies in place.
Absent policies that prevent employees from plugging personal devices into business workstations – even with such policies – it is still highly advisable to lock down computer and network ports. The old school way is to fill all ports with epoxy, which renders them useless. However, in today’s environment, that doesn’t make sense, which is why we recommend professional port lock devices, which are so inexpensive, you’ll wonder why you haven’t deployed them already. After all, a port lock that costs a few bucks per port is a much better alternative to the $50 million ransom that might be coming your way.