The latest cybersecurity trends and how to guard against them [Q&A]
The cybersecurity landscape is a constantly changing one, with new threats emerging and old ones evolving. This makes it difficult for organizations to ensure their defenses are up to the task of properly protecting them.
We spoke to Balazs Greksza, threat response lead at Ontinue which recently published its first threat intelligence report, to find out about the latest threats and how organizations can address them.
BN: What were the major trends impacting the cybersecurity landscape in 2023?
BG: In 2023, several major trends significantly impacted the cybersecurity landscape, including:
- Proliferation of Connected Devices: The rapid expansion of IoT brought about a surge in connected devices, exponentially increasing the attack surface for cybercriminals. Each connected device represents a potential entry point for attackers to breach organizations' networks, necessitating robust security measures to safeguard against these threats.
- Cloud Security Concerns: With more organizations migrating their data and applications to the cloud, ensuring the security of cloud-based environments became a top priority. However, the prevalence of misconfigurations and inadequate security measures posed significant challenges, leaving sensitive data vulnerable to unauthorized access and data breaches.
- Regulatory Compliance: The ever-growing number of cybersecurity regulations and compliance requirements placed considerable pressure on organizations to adhere to stringent security standards. Non-compliance not only risked severe penalties but also threatened reputational damage, underscoring the importance of maintaining regulatory adherence in cybersecurity strategies.
- Lack of Security Awareness: Human error remained a leading cause of cybersecurity breaches, highlighting the critical need to enhance security awareness among employees.
- Supply Chain Vulnerabilities: The interconnected nature of modern supply chains exposed organizations to heightened risks of cyber attacks targeting third-party vendors and suppliers.
- Emerging Technologies: The adoption of cutting-edge technologies such as artificial intelligence, machine learning, and quantum computing introduced novel security challenges and risks.
BN: Which attacks would you classify as evasive, bypassing traditional security tooling? What makes them so good at evading traditional cyber defenses?
BG: Firstly, QR Phishing emerged as a notable threat, leveraging the simplicity of QR codes to circumvent common security controls. This method embeds malicious links within QR codes, which, when scanned by unsuspecting victims, lead them to imitation login screens. By masquerading as legitimate authentication messages, these QR codes effectively bypass security measures, such as email attachment scans, often leading users to unwittingly divulge their credentials.
Meanwhile, Adversary-in-the-Middle (AiTM) phishing attacks presented a sophisticated challenge to cybersecurity defenses. By intercepting real-time communications, cybercriminals exploit multifactor authentication (MFA), undermining its effectiveness in thwarting unauthorized access attempts. These attacks typically begin with phishing emails directing users to counterfeit login pages resembling familiar platforms. Through the use of proxies, attackers gain the ability to intercept and manipulate sensitive data, such as session cookies, facilitating unauthorized access to user accounts.
BN: Which industries were targeted most by cyber criminals in 2023? How were industries uniquely targeted last year and what vulnerabilities were most common?
BG: In 2023, cyber criminals targeted various industries using common threats such as Phishing, Social Engineering, and Vulnerability Exploitation. These threats were widespread across all sectors, with threat actors employing automated scripts to cast a wide net and identify vulnerable hosts or unsuspecting users. While industries may not be specifically targeted initially, once vulnerabilities are identified or users fall victim to social engineering tactics, threat groups can escalate attacks or compromise systems further.
However, when it comes to ransomware attacks, the information technology (IT) and construction sectors emerged as the most heavily impacted industries, constituting nearly 50 percent of all ransomware incidents throughout the year. These industries likely faced heightened targeting due to their large attack surfaces and the financially lucrative nature of their environments. The IT sector, with its wealth of valuable data and infrastructure, presented an attractive target for ransomware operators seeking substantial payouts. Similarly, the construction industry's reliance on digital systems and sensitive project data made it susceptible to ransomware attacks aimed at disrupting operations and extorting ransom payments.
Additionally, we say cybercriminals demonstrated a nuanced approach by exploiting software systems specific to industries to target organizations. This targeted tactic allowed threat actors to capitalize on industry-specific vulnerabilities, maximizing the impact of their attacks.
For instance, in the healthcare sector, where Electronic Health Records (EHR) and medical devices are prevalent, threat actors exploited vulnerabilities in outdated software systems and unsecured medical devices. By infiltrating these systems, attackers could access sensitive patient information or disrupt critical healthcare services, causing significant harm and financial losses.
In the energy and utilities sector, where Industrial Control Systems (ICS) and Supervisory Control and Data Acquisition (SCADA) systems are used to manage critical infrastructure, threat actors exploited weaknesses in these systems to launch disruptive attacks, such as ransomware or sabotage campaigns. By compromising energy grids or utility networks, attackers could disrupt essential services, causing widespread chaos and economic repercussions.
BN: How can organizations protect themselves from these tactics and vulnerabilities?
BG: Educating users continues to be the best defense against all forms of social engineering. Relying solely on automated defenses is not reliable. A few other cybersecurity best practices include:
- Regular Software Updates and Patch Management Keeping all software, including operating systems, applications, and security tools, up to date is crucial. Regularly install patches and updates released by vendors to address vulnerabilities and protect against known threats.
- Strong Access Controls and Authentication Implement robust access controls to ensure that only authorized users have access to sensitive data and systems. Enforce the principle of least privilege, where users are granted only the minimum level of access required to perform their duties. Utilize multifactor authentication (MFA) to add an extra layer of security beyond passwords.
- Employee Training and Awareness Invest in cybersecurity training and awareness programs to educate your employees regarding common threats such as phishing, social engineering, and malware. Encourage a culture of that embraces security consciousness and provide regular updates on emerging threats and best practices.
- Regular Data Backups and Disaster Recovery Planning Implement a comprehensive backup strategy to regularly back up critical data and systems. Ensure that backups are stored securely and can be easily restored in the event of data loss or a ransomware attack. Develop and regularly test a disaster recovery plan to minimize downtime and data loss in the event of a cyber incident.
- Network Segmentation and Monitoring Segment your network to isolate critical systems and sensitive data, limiting the potential impact of a security breach. Implement network monitoring tools to detect and respond to suspicious activity in real-time. Monitor network traffic, user behavior, and system logs for signs of unauthorized access or malicious activity.
BN: Looking ahead, what threats should IT and security teams prepare for in 2024? What trends are on the horizon?
BG: Several key areas warrant attention:
- AI Exploitation: The increasing integration of artificial intelligence (AI) into both beneficial and nefarious activities poses a significant challenge. Threat actors are expected to leverage AI for social engineering and sophisticated attack strategies, potentially circumventing traditional security measures. Additionally, the rising adoption of biometric security measures may prompt attackers to utilize AI to bypass these authentication methods.
- IoT Vulnerabilities: The proliferation of IoT devices, coupled with the widespread deployment of 5G networks, expands the potential attack surface for cybercriminals. Mobile devices are prime targets for access point exploitation and credential harvesting. The scenario resembles the risks observed during the webcam DDoS attacks in 2016, indicating a need for heightened vigilance and robust security measures to safeguard against IoT-related threats.
- Hacktivism and Hacks-for-Hire: Geopolitical conflicts and tensions, such as the war in Ukraine and regional disputes like the Israel-Hamas conflict, may fuel hacktivist activities aimed at disrupting opposing forces. Furthermore, the prevalence of hack-for-hire operations is on the rise, where mercenaries offer their services to any paying entity without allegiance. Organizations should be prepared for potential cyber disruptions orchestrated by hacktivist groups and take proactive measures to defend against such attacks.
- Evolving Ransomware Operations: Ransomware tactics continue to evolve, with threat actors constantly adapting their payloads and methods to maximize impact. Notably, extortion strategies have expanded beyond data encryption, as demonstrated by incidents like those attributed to fictitious groups such as 'Alphv/blackcat' in late 2023. Victims may face threats of data leaks and reports to law enforcement agencies, leading to potential fines and regulatory scrutiny. IT and security teams must enhance their ransomware defenses and incident response capabilities to mitigate the growing threat posed by these sophisticated attacks.
Image Credit: Alexandersikov/Dreamstime.com