Security breaches, hacks and ransomware are the top three concerns for IT professional, and 2021 showcased them all, research from JumpCloud shows.
Sometimes, one attack features all three.
With remote or hybrid work the norm, companies know they cannot rely on static controls to fend off threats. Zero days in particular are an especially easy point of access for different threat actors and tools for chain attacks.
Security teams are once again facing a problem they've always had: prioritization. Companies often remediate threats as the exploits are taking place, which is why zero days are increasing.
One of the most high-profile zero days of 2021 is PrintNightmare, a zero day impacting supported versions of Windows. PrintNightmare came to light in July, opening the door for malware or ransomware groups to use the vulnerability, and causing headaches for security teams.
"I think we now get anxiety whenever there's a ticket open with 'printer' in it," said Tom Lawrence, president of Lawrence Technology Services, during the "IT Horror Fest'' webcast hosted by NinjaOne Thursday.
"No one wants to deal with the vendor problem, but now we know that we may have been partially causing it by patching and updating," said Lawrence. "So now it's like, which prior problem is it: the one that the printer companies created with stupid drivers or is it the one Microsoft created?"
"Either way, it's my problem," Lawrence said.
IT headaches of 2021
Even with efficient security strategies, security teams still deal with the headache of mass attacks caused by zero days. Companies have options to defend themselves by turning off automatic updates or changing how they partnerships with managed service providers, but both are risky because trust still isn't automated.
Mandiant found the number of zero days — attacks exploited in the wild — in 2021 is already double the total amount from 2020. Cybercriminals are growing the zero-day market, even as companies mature their defenses.
"PrintNightmare is just like the flipping gift that keeps on giving," said Jason Slagle, VP of technology at CNWR IT Consultants, during the panel. "You can get popped by it, and then literally every week there's some sort of update."
"Probably 30% to 40% of our service desk time has been printer-related issues due to PrintNightmare. So it's been pretty terrible," Slagle said. When the vulnerability became public, the consulting firm thought a patch would be available by the end of the weekend, and chose to turn off printing functionality.
"Needless to say, they didn't have a patch Monday or the following Monday, or I think like several Mondays following that," he said.
For Kelvin Tegelaar, CTO of Lime Networks, PrintNightmare didn't cause too much chaos because a majority of his company's clients are cloud-based. However, patches still tend to break things, and the vulnerability was likely the top issue for security teams in terms of ticketing and interrupting workflow, he said during the panel.
Tegelaar's top IT issue so far this year was less preventable: The security concern came from the supply chain.
The Kaseya ransomware attack — once again caused by zero days in the company's on-premise VSA product — occurred at almost the same time as PrintNightmare. And this ransomware attack was the top threat for the security industry this year, according to Tegelaar.
"The largest ransomware attack in history was performed, thanks to MSPs or at least to MSP clients," he said. "It was of course a problem with Kaseya software, but generally speaking, MSP clients got hit. So I think that's the thing that had the biggest impact this year."
It was actually the Microsoft Exchange hack that raised awareness for what MSPs were in good and bad ways, according to Matthew Fox, creative director at Valiant Technology, during the panel. The Exchange vulnerability led to ransomware attacks, and it showcased how quickly criminals are using fixes in patches as a proof of concept exploit.
"2021 just beat people, you know, on multiple fronts," Fox said. He worked in various IT jobs before leaving "hands-on IT," and it's given him a different perspective on attacks.
"Everything that went on with Exchange in the past year has just given me flashbacks of when I did run IT departments. And it's nauseating, it's anxiety inducing," he said. "I have not had that sense of paranoia or anxiety since getting out of IT. I think that's natural for that role."