Log4j and Five Other Cyberattack Vectors in the Hybrid Workplace

Illustration of Log4j


Cybercrime and Risk Continue Unabated

Cybercrime and its damages are steadily rising with no sign of stopping. It is estimated that cybercrime will have inflicted $6 trillion worth of damage in 2021.

Look no further than the recently discovered Log4j vulnerability, a flaw in a widely-used, open-source logging program that allows cybercriminals to take over the networks and servers of any websites running the program. Since Log4j is so commonplace (many governments, financial institutions, and large companies use it to help keep track of activities on their servers), the vulnerability has sent the Internet reeling. It’s such a big deal that The Cybersecurity and Infrastructure Security Agency (CISA) has released a tool for identifying vulnerable web services.

And while the Log4j vulnerability is not the first supply chain vulnerability we’ve faced this year—although it may be the most significant and most widespread—there are other attack vectors equally menacing that shouldn’t be overlooked. According to Perimeter 81’s State of Cybersecurity Report, 87% of companies will have hybrid workers in 2022. The larger attack surface potentially leaves many companies and their employees more susceptible to cybercriminals who will try to exploit the following attack vectors:

1. Credentials

It may feel like a nuisance, but your username and password, credentials, provide you direct access to sensitive information. Criminals also want access to that information. As our CEO Amit Bareket states, “No one should use plain passwords for the master password with password managers like LastPass. The importance of a secure master password cannot be understated. If a hacker gets it, they’ll have access to all of your passwords. It’s much better to use multifactor authentication (MFA, 2FA) or biometric authentication–which cannot be exposed from a phishing attack.  Biometric authentication is embedded today in almost every device and should be the option of choice.”

Unsafe practices make it easier for hackers to wreak havoc once they successfully hack a password. Dangerous behavior includes password sharing (i.e., giving your credentials to a coworker who gets hacked), using easily guessed passwords (discovered by viewing your social media), or using the same password for multiple applications (such as your personal email and work applications). 

There are several ways hackers gain access to confidential data, and one of the most common and effective methods is phishing. Phishing is used to mimic an authentic source, such as an email from a colleague or a web service, and tricks users into entering sensitive information, like credentials. After the data has been collected, the hackers use it to their advantage. 

Unfortunately, spammers are also persistent and patient. They will continue to bombard people until they are successful. Due to the shift to working from home, many hackers have switched to targeting remote employees. Eventually, one of these criminals will achieve their goal, and this is why it is imperative to set up a cyber insurance plan. Insurance acts as a safety net from the cost of a ransomware attack or a leak, or a breach of confidential data. You should carefully choose a comprehensive plan that will cover both the response and the legal costs.

2. Trust (and Zero Trust)

Businesses rely on employees, partners, and contractors with access to their internal networks to help protect their private data. Anyone with access to this information can be a threat to company security. IBM Security’s report, The Cost of Insider Threats 2020, lists the top causes of insider threats as negligence, credential theft, and criminal insiders. As previously stated, it is only a matter of time until a hacker is successful.

Remote access leaves networks exposed to more threats than found in a typical office – personal devices that could already be corrupted or misconfigured as well as unsecured internet from a public place. Hackers can easily eavesdrop on unencrypted data on these insecure networks, but VPNs can be used to encrypt and protect the information sent across the web. 

Unfortunately, hackers can sometimes break the encryption or take advantage of other VPN vulnerabilities (e.g., phishing for log-in credentials). This allows them to easily siphon information unbeknownst to the victim.

Once a breach has occurred within a trust network, criminals will exploit their entrance since re-verification is not needed. This is why many companies are switching to a Zero Trust Network Access (ZTNA) model in which users must be continually verified through two-factor authentication. Each company can define when verification needs to reoccur, and some choose to validate users when they switch tasks or when a user has been inactive for a set amount of time. 

The ZTNA model also has strategies to improve cyber security, like creating trust zones where operations with the same level of trust are zoned together. This limits the number of pathways to that area, making it easier to track and more challenging to get in. Moreover, this model provides a solution to limiting the range access of external users like partners and contractors. Even if one of these outside operators becomes corrupted, you will be able to revoke their clearance, determine what areas to investigate for stolen information and malicious content, and prevent further loss.

3. Outdated Software and Devices

There are now more devices and weak points for IT departments to manage, and thus more patches, updates, and devices to maintain. Additionally, the average developer has less than five years of cumulative working experience, so it is paramount to select someone who can manage a hybrid workplace. 

This has become increasingly important as cyberattacks increased in 2021. In particular, there was a series of attacks on Microsoft Exchange Servers n July. A set of vulnerabilities known as ProxyShell were used to target business email accounts, and criminals could commit more attacks from what would be considered a legitimate user. A patch was rolled out to correct these weak spots, but there are still thousands of unpatched servers.

Outlook, Office 365, and other cloud services did not experience this manipulation. Many companies are switching to cloud services since they offer more comprehensive security. Cloud services have begun to use AI to continually search and test for weaknesses in their systems and automatically roll out patches and updates. 

One study surveyed over 15,000 participants worldwide to learn more about their habits surrounding device updates. It was found that 40% of participants felt that it was the employers responsibility to update devices, and 50% of participants clicked the remind me later button when prompted to update their personal devices. This further emphasizes the need for automatic updates and patches to prevent exploits from outdated software and devices.

4. Missing or Poor Encryption

Encryption adds an extra layer of security to your sensitive data. Missing encryption leaves a straightforward path for hackers to get at your data, and poor encryption can be quickly broken. 

Some encryption comes built into systems like email encryption or HTTPS, and there has been a rise in virtual private networks (Cloud VPN), which encrypt your online activity. These features are nice and helpful; however, they should still be reviewed to know they are doing what they’re supposed to – protecting your confidential data. Become aware of vulnerabilities and mitigate their risk. There are also several preventative strategies you can use to reduce the chance your VPN will leak information.

5. The Internet Connection

In the New World of Work—which isn’t so new anymore— 87% of companies have hybrid workers. With so many workers accessing company data from different places, it is paramount to understand, educate, and implement strong Internet connection security habits. Employees should ensure that their routers have the software updates and use a strong, randomly generated password.

Employees work on many collaborative projects, and cloud computing makes all of the data easily accessible. While it may seem counterintuitive to host everything in the cloud, it has become the most reliable and secure way for businesses to store their data.

Summary

This is not a comprehensive list of the tactics used by cybercriminals, but it does highlight the common attack vectors found in WFH workplace. And everyone must be ready. Cybercrime doesn’t happen to other people or other companies. It can happen to all of us. 

According to our study, 66% of companies had a serious cybersecurity incident in 2020-21.  And while 25% did not have any costs or damages from the incident—presumably because they have mitigation techniques in place—the other 75% did. Damage to their reputation. The cost of a ransom. And the costs of downtime or not generating an income. And then there are the cleanup costs. While 18% reported that the costs of a cyber incident were less than $100,000, 47% reported that the costs were between $100,000 and $1 million, and 10% said costs were more than $1 million.

It’s no wonder that many companies are implementing ZTNA using Perimeter 81, a Forrester New Wave ZTNA leader.