Observed Changes to the Threat Landscape in 2020

During 2020, Akamai enterprise traffic saw more than 100% increase in year-over-year phishing attacks that targeted mostly gaming, technology, and e-commerce verticals, as shown in Figures 1, 2, and 3.

Emotet is one of the largest malware campaign infrastructures. It started by initially targeting finance but soon after transformed to malware as a service for cybercriminals, opening a path for other attacks from TrickBot to Ryuk ransomware.

Figure 4 shows that the Emotet campaign threat activity increased by more than 5 times in 2020.

Specifically, we can still see Emotet activity during the time frame from July 2020 to even after the FBI took down the infrastructure. Only time will tell if the takedown worked completely or if Emotet will rise again.

In addition to Emotet, the somewhat related TrickBot banking Trojan started to gain momentum. In Figure 5, we can see the almost negligible attack count observed in 2019 and the massive growth in attacks over the last months of 2020, along with recently published updates that would "help" TrickBot to better evade endpoint technologies.

In early 2021, we started hearing about and seeing massive supply chain attacks that began during 2020, providing us with indicators over what to look for:

• Sunburst

• Researcher impacting 35 well known corporates

• HelloKitty Ransomware hitting (CD PROJEKT capital group)

Supply chain attacks are highly dangerous because they hit us in our soft belly and impact the services we trust and use on a daily basis. However, there are important actions all of us can take to reduce, and sometimes even eliminate, the attack surface:

• Make sure to apply security patches on time

• Update, and make sure you always use the latest code

• Do not turn off endpoint security; this is often overlooked 

• Employ Zero Trust; make sure identity and access solutions track and monitor all activity

• Enforce change password policy when possible

• Use multi-factor authentication wherever possible

Overall, 2020 was a busy year and signs indicate that it will be even busier in 2021. As the Akamai Security Technology Group expands more deeply into the security landscape, it plans to extend its solutions for tracking, monitoring, and responding to threats on all levels -- and will look forward to devising groundbreaking smart solutions that provide additional security layers of detection and protection.

How Akamai solutions interact with cybersecurity framework

Corporate security operations often can be overwhelmed with tasks / alerts / vulnerabilities / incidents; to assure security posture, organizations need to work based on well defined flows and procedures. 

The solution would often be to rely on cybersecurity frameworks. Such as one most common Cybersecurity NIST Framework 1.1

• Identify -- Develop organization-wide understanding of the assets and inventory from all types

• Protect -- Develop and implement organizational controls and safeguards to protect the assets

• Detect -- Develop and implement organizational identification and monitoring

• Respond -- Develop and implement organizational procedures to take action on incidents

• Recover -- Develop and implement organizational procedures for recovering from cybersecurity incidents

Akamai products and solutions are available to provide organizations with tools to assist in all aspects of the framework.  

Access layer: 

Enterprise Application Access provides the Zero Trust model to provide the tool to list and identify organizational assets to protect your inside work environment from insider threats as well as detecting potential anomalies.

Network to application layer:
Enterprise Threat Protector (ETP) provides detection via real-time and historical monitoring and provides a protection layer to the external activity both on customer premises and off network using tools and policies to custom fit the corporate risk appetite.

Leveraging tools such as:

• ETP Client installed over desktop and mobile OS for allowing onsite and off-network protection and identification

• DNS Forwarder to provide in network any node activity detection and identify the offender host 

• Employing Akamai sophisticated edge proxy technology to assure data leak detection and threat protection 

• APIs to be integrated with third-party solutions for incident response and recovery

Authentication layer: 

Multi-actor authentication (MFA) offers you an additional layer of protection on top of your username and password, which gives you more control over the identity and access management challenges.

Summary

Overall, 2020 was a year in which we saw a massive increase in cybercriminal activity, mostly targeting weaknesses that arose from the changes enforced on most corporations. Social engineering attacks are not going to go away, they will adapt according to market trends. Looking forward, cybercriminals will become more and more sophisticated by updating old threats with new techniques, hitting the supply chain, and adapting their attacks in pursuit of higher monetary gains. 

Akamai, as the largest edge cloud platform in the world, processing huge data sets of DNS and web traffic on a daily basis facilitating highly sophisticated home breed machine learning-based algorithm for attacks and anomaly detections like: 

• DNS exfiltration anomaly and signature-based identification 

• domain generation algorithm threat detection

• zero day phishing, allowing phishing campaigns detection in real time

• user behavior analytics algorithms

Providing tools for customers to get more context such as MISP for enriching corporate own threat information, apply APIs for monitoring and controlling corporate policy from SIEM according to desired security posture, all based on flexible and dynamic policy rules for active detection and protection from attacks both inside and outside the corporate perimeter.

Learn more about Akamai's technologies:

• Secure Internet Access Enterprise
• Enterprise Application Access
• Multi-factor Authentication