As the globe switched to a remote work style in response to the COVID-19 pandemic, a rush of new threats, technologies, and business models developed in the cybersecurity field. Due to the lack of a network border in this new environment, SASE (secure access service edge), zero trust, and XDR (extended detection and response) were quickly adopted to safeguard remote users and their data.
Adversaries have taken advantage of the added complexity brought on by increasingly remote workforces to mimic genuine users through credential theft, and they’ve upped the ante by targeting consumers in the victim’s supply chain. In addition, ransomware attacks have become increasingly profitable due to the capacity to monetize them by threatening to release victim data publicly. At the same time, employers continue to fight insiders with a hidden motive.
For the first time in 2021, the Special Purpose Acquisition Corp (SPAC) craze has found its way into cybersecurity, with three suppliers planning to merge or be bought by SPACs, while a well-known security venture fund established its own SPAC. As a result, in the first four months of 2021, more cybersecurity companies achieved unicorn values of at least US$1 billion than in the entire years of 2019 and 2020 combined.
Abuse of authentication
During the SolarWinds campaign, Russian foreign intelligence service (SVR) hackers used architectural flaws in Microsoft’s authentication process to go from customer on-premise installations to the cloud and cloud services, according to CrowdStrike CEO George Kurtz. The exact attack vector used by the SolarWinds hackers, according to Kurtz, was first identified in 2017.
Microsoft President Brad Smith retaliated during a Senate hearing, claiming that fake identities were barely significant in 15% of the SolarWinds attack scenarios. According to Smith, the Golden SAML vulnerability was only utilized to add access capabilities after the SVR entered the network and gained access with higher privileges.
Insurance against cybercrime
Written premiums for standalone cyber coverage surged by 29% in 2020, as businesses of all sizes demand coverage in the wake of a significant spike in network breaches, data theft, and ransomware events during the previous two years. Additionally, companies were more vulnerable due to the widespread transition to a remote workforce at the start of COVID-19 and increasing incursions via phishing emails.
According to Fitch Ratings, cyber events have become more common worldwide, with Canadian insurers reporting a cyber net claims ratio of 105% in 2020, up from 39% a year earlier. These losses pushed cyber insurance prices substantially up in the fourth quarter of 2020, with premiums jumping by 11% year over year.
According to AdvisorSmith, the most common cyber insurance claims include hacking, ransomware, phishing, and employee carelessness. In addition, according to AdvisorSmith, accountants, medical offices, and apartment complexes with client social security numbers, dates of birth (DOB), and other financial or personal information pay the highest prices for cyber insurance.
Extended Detection And Response (XDR)
By integrating security information and event management (SIEM), security orchestration, automation, and response (SOAR), network traffic analysis (NTA) and endpoint detection and response (EDR), extended detection and response (XDR) centralize security data (EDR). As a result, we increase detection and response by gaining visibility across networks, clouds, and endpoints and correlating threat data across security solutions.
According to Gartner, an XDR system must have a centralized incident response capability that may modify the state of specific security products as part of the repair process.. The primary aim of an XDR platform is to improve security operations efficiency and productivity by correlating threat data and signals across various protection solutions.
The XDR options will appeal to pragmatic midsize business customers who lack the resources and ability to combine a best-of-breed security product portfolio. To get near to the business value of the event, advanced XDR providers are concentrating up the stack by integrating with identity, data protection, cloud access security brokers, as well as the secure access service edge.
Paige Thompson, a former Amazon Web Services employee, accessed the personal information of Capital One credit card applicants and users, as well as data from more than 30 other organizations, in the summer of 2019. Thompson reportedly gained access to folders or buckets of data in Capital One’s AWS storage space due to a firewall misconfiguration.
Thompson obtained personal information from 106 million credit card applications and customers in the United States and Canada, Capital One said in July 2019. 1 million Canadian Social Insurance Numbers, 140,000 US Social Security numbers, and 80,000 associated bank account numbers of Capital One consumers were hacked, according to the McLean, Va.-based financial services behemoth.
Prosecutors claim Thompson took several gigabytes of data from several corporations, educational institutions, and other entities in addition to Capital One.
Attacks via Ransomware
Since 2020, the ransomware victim’s profile has shifted upward. The victims are no longer the tiny MSPs that handle IT for local doctors and law offices but rather the well-heeled technology businesses that manage the data and web traffic for the Fortune 500’s top executives. Despite having the financial means to recruit top IT talent and implement cutting-edge protection, these channel behemoths have been hit by ransomware.
Since 2020, five of the world’s 50 largest solution providers have been hampered by ransomware infections: Cognizant, CompuCom, Conduent, DXC Technology, and Tyler Technologies. Since 2020, the five-channel behemoths that have fallen victim to ransomware have combined revenue of US$42.78 billion and a market valuation of US$54.36 billion.
Since 2020, the rise of publicity-hungry, extortion-seeking ransomware operators like the gang behind Maze has unleashed an entirely new beast in the IT services sector. Ransomware organizations have adopted a new strategy that places the threat of public publication of private corporate data at the heart of all they do, rather than just encrypting stolen information.
Secure Access Service Edge (SASE)
Since Gartner coined the term in an August 2019 study, the Secure Access Service Edge, or SASE, has taken the industry by storm, with cybersecurity companies creating new leadership roles and making significant acquisitions to enhance their position around these emerging technologies.
To meet organizations’ dynamic, secure access demands, SASE integrates wide-area networking (WAN) with network security services such as secure web gateway (SWG), cloud access security broker (CASB), firewall as a service (FWaaS), and zero-trust network access (ZTNA). SASE solutions may detect sensitive data or malware, decrypt material at line speed, and continually monitor sessions for risk and trust levels.
The SASE market brings together previously unrelated technologies and requires suppliers to supply these capabilities as-a-Service via the cloud. It’s designed to meet future security and networking requirements as people, devices, applications, services, and data move outside the enterprise data center.
Special Purpose Acquisition Companies (SPACs)
For the first time, some cybersecurity businesses seeking access to the public markets are preceding an IPO in favor of merging with or being bought by a publicly traded shell company. Applegate, a secure access vendor, began things off in February when it announced a US$1 billion merger with Newtown Lane Marketing, only a year after splitting from data center vendor Cyxtera.
QOMPLX, a risk analytics platform, bought two firms the next month and agreed to combine with Tailwind Acquisition Corp, a special purpose acquisition company (SPAC), for a US$1.4 billion value. In March, network detection and response vendor, IronNet Cybersecurity, agreed to combine with LGL Systems Acquisition Corp, valuing US$1.2 billion.
On the seller side, NightDragon created a SPAC that focused on cybersecurity, safety, security, and privacy and raised more than US$300 million in an IPO in early March. Dave DeWalt, the founder and managing director of cybersecurity-focused venture capital company NightDragon and former CEO of FireEye and McAfee, is leading the SPAC.
Attacks on the Supply Chain
The manual supply chain attack on SolarWinds’ Orion network monitoring software has shocked the globe, with Russian foreign intelligence service (SVR) hackers compromising 9 elite US government organizations and about 100 significant private sector firms via a malicious Orion upgrade.
In October 2019, the SVR demonstrated its ability to inject code into SolarWinds Orion, and then poisoned code was downloaded in Orion upgrades between March and June 2020. According to SolarWinds, a trojanized version of Orion was installed on over 18,000 SolarWinds customers; however, consumers could only be targeted for further assault if Orion was installed on a server with an internet connection.
SolarWinds is unsure when or how the hackers initially got access to its environment, limiting it to the three most plausible entry points. A zero-day vulnerability in a third-party program or device; a brute-force assault, such as a password spray attack or social engineering, such as a targeted phishing attack, were most likely used to get access.
This year, the fundraising environment for cybersecurity companies has exploded, with 14 firms achieving values of more than US$1 billion in only the first four months of 2021. According to PitchBook, this is far more than the five cybersecurity businesses that reached unicorn status in 2020 and the eight that achieved unicorn status in 2019.
Lacework, a cloud security provider, closed a US$525 million round and OwnBackup, a US$167.5 million round in January, while Coalition, a cyber insurance vendor, closed a US$175 million round and Plume, a US$270 million round in February. Then, in April, Sysdig, a container security company, raised US$188 million, and Vectra, a threat detection and response company, raised US$130 million.
In March, eight cybersecurity startups became unicorns:
- Application security firm Snyk raised US$300 million.
- Cloud security firm Orca Security raised US$210 million.
- Feedzai raised US$200 million.
- Aqua Security raised US$135 million.
- Cloud security firm Wiz raised US$130 million.
- Axonius raised US$100 million.
- ID.me raised US$100 million.
- Socure raised US$100 million.
According to Forrester, the COVID-19 pandemic has accelerated the journey to zero-trust platforms because nearly the entire world’s workforce was pushed outside a defined network perimeter, forcing organizations to secure end users working remotely and fix anomalies configuration issues revealed by the new approach.
A zero-trust approach to security is based on four principles: no user should be trusted by default because they can be hacked; VPNs and firewalls can’t protect the network by themselves because they only protect the perimeter; identity and device authentication should take place throughout the network rather than just on the perimeter, and micro-segmentation helps minimize damage from hackers by creating interior sandboxes.
According to Forrester, sound zero-trust systems incorporate security features into almost undetectable tools, forcing users to work more securely. In addition, clients don’t have to delete or replace their existing security investments since the most effective zero-trust suppliers can stack new functionalities over existing security infrastructure components.