A Perfect Storm For Cybercrime

Uploaded on 2023-07-13 in NEWS-Cybersecurity News, FREE TO VIEW

Calling the past few years uncertain is a slight understatement. From the COVID-19 pandemic, through to record inflation, the exhaustive energy crisis, and the devastating war in Ukraine - so many drastic events have had a significant impact on global behaviour and livelihood.

Every time the world stops to give people a moment to catch their breath, it seems another crisis comes along to disrupt things even further. This has led some global experts to even go as far to describe the world as in a state of “permacrisis”.

The effect these events have bleed through into all facets of life, but from a cybersecurity aspect, the fallout can be even more significant. The ambient uncertainty arising from the unknown plays a huge part in the funding and resourcing behind security operations (SecOps) teams – especially when board members don’t fully understand why having robust cybersecurity tools is so important to protecting business interests.

Furthermore, we’ve also seen threat actors play into the geopolitical instability, utilising sophisticated spear-phishing techniques to target individuals in critical sectors. In some cases, these have been backed by foreign governments in an effort to further destabilise regional economies – we’ve seen this recently with China’s activity in Taiwan. The question arises as to how businesses can better protect themselves from this malicious activity.

New Threats Rising To The Surface

As the tools supporting cybersecurity teams grow more sophisticated, so do the tools utilised by threat actors in their initiatives. Recent research from Trellix found that growing attack surfaces comprise 34% of the challenges faced by CISOs in protecting their organisations. But how does the threat landscape take shape – from ransomware to email, network, and endpoint vulnerabilities?

It’s difficult to pinpoint the exact vectors that threat actors utilise in compromising victim systems. Over the past year, we’ve seen a significant increase in the exploitation of Living off the Land Binaries (LotLBins), with threat actors gaining access to IT infrastructure through existing, benign system tools.

With this, we’ve also seen a proliferation in the use of first and third party bespoke and open-source tools such as Ghidra. Unpredictability on the part of malicious groups is an increasingly leaned on tactic, but it reinforces the importance of security being at the forefront of business decisions. 

According to CISOs across the globe, employee error, such as accidently downloading compromised files or clicking malicious URLs, directly led to 45% of breaches in 2022. Having a top-down, security minded culture is essential to ensuring all business units are informed about security procedure.

Since the start of the conflict between Ukraine and Russia, we’ve also seen increase in niche strategies employed by groups, such as hacktivism – the use of hacking skills to promote political or societal change. Whilst hacktivism isn’t a new trend, groups like Anonymous have existed for some time now, these world events have initiated a “call-to-action” so to speak, against perceived societal injustices.

Collaboration Is The Key Ingredient To Protection

The uncertain political and economic environment has triggered a paradigm shift in attitudes between nations and organisations. The state of permacrisis has been a catalyst for important partnerships between the public and private sectors. We’ve seen an increased coalition of data between large cybersecurity industry players like Microsoft, Cisco, Google and Trellix, leveraging intelligence with the Ukrainian government and NATO throughout 2022.

Increased activity between the Five Eyes alliance (Australia, Canada, New Zealand, the United Kingdom, and the United States), as well as the EU has helped in limiting the scale of state-backed cyberattacks.

The UK government has also recently announced it is strengthening its ties with Japan and Israel to enhance tech and security collaboration between the countries and reduce cyber risk. Whilst advanced persistent threat (APT) groups still remain active, partnerships like these have enabled companies and governments to be better prepared in the face of emerging threats.

Tracking major APT groups is an ongoing process. It requires the participation of government bodies and businesses to keep atop of the evolving threat landscape and minimise threats. Sharing intelligence with the NCSC and CISA, for instance, is an essential step in mitigating the impact of security breaches. To this end, the formation of groups like the NCSC’s Industry 100 scheme and the CISA’s Joint Cyber Defence Collaborative (JCDC) are facilitating a collaborative and fluid intelligence highway across public and private sectors.

Ever Looming State-backed Threats

In May, the APT Group known as Volt Typhoon mounted a massive cyberattack aimed at crippling US critical infrastructure. Whilst they deny involvement, evidence that China was involved in backing the group in their activities demonstrates the building tensions between the East and West. This coincides with our own findings within the recent Trellix CyberThreat Report, with China being the most prevalent threat actor country, contributing to 79% of state backed activity worldwide in Q1 2023.

The exploitation of LotLBins allowed Volt Typhoon to remain hidden amongst in-built systems on compromised computers. This enabled them to remain undetected whilst moving laterally through systems, expanding their threat surface. Often organisations will not even know there is a breach until it is far too late - investing in resources that enhance existing incident detection and response capabilities is crucial.

Cybersecurity is a shared problem. Robust, real-time sharing of threat data is key to protecting citizens and organisations from attack.

The mentality needs to be that “the enemy of my enemy is my friend” when it comes to true security collaboration to keep cybercriminals at bay.

Centralising Security Operations

There is pressure on SecOps in making do with the tools that are already in place. Much like spinning plates, too many siloed solutions can inadvertently take control away from security professionals and reduce overall security visibility.

Having a centralised system that covers email detections, endpoint, network protection and control over data migration offers greater protection.

This allows core vulnerabilities to be prioritised, whilst additional tools like AI and machine learning can be introduced for more automated detection and response. Agility and flexibility are key, as threat actors are always learning, adapting, and evolving their attack techniques. When faced with this challenge, agile cybersecurity defence based on frontline intelligence becomes crucial when defending against attacks across both public and private sectors.

Fabien Rech is Senior VP & GM EMEA of Trellix

You Might Also Read: 

Overcoming The Obstacles Caused By The Great Resignation:

___________________________________________________________________________________________

If you like this website and use the comprehensive 6,500-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

 

Cyber Security Intelligence: Captured Organised & Accessible

 

« A Million British Medical Patient Records Hacked
Sweden Issues An Order 'Stop Using Google Analytics' »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

Cyber Security Supplier Directory

Cyber Security Supplier Directory

Our Supplier Directory lists 6,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

Mielabelo

Mielabelo

Belgian consulting firm providing services in the security and compliance of information systems and IT service management.

Conscio Technologies

Conscio Technologies

Conscio Technologies is a specialist in IT security awareness. Our solutions allow you to easily manage innovative online IT awareness campaigns.

Wibu-Systems

Wibu-Systems

Wibu-Systems is a leading provider of solutions for the Digital Rights Management (DRM) and anti-piracy industry.

Canadian Security Intelligence Service (CSIS)

Canadian Security Intelligence Service (CSIS)

CSIS collects and analyzes threat-related information concerning the security of Canada in areas including terrorism, espionage, WMD, cybersecurity and critical infrastructure protection.

BankVault

BankVault

BankVault is a new type of cyber technology (called remote isolation) which sidesteps your local machine and any possible malware.

Modulo Security

Modulo Security

Modulo provides automated Governance, Risk, and Compliance (GRC) solutions.

XLAB

XLAB

XLAB is an R&D company with a strong research background in the fields of distributed systems, cloud computing, security and dependability of systems.

Mvine

Mvine

Mvine's primary business is authoring and selling Cyber-Secure Platforms for Collaboration Portals and for Identity Management as well as delivering cloud support services.

Redstor

Redstor

Redstor's complete data management helps you discover, manage and control your data from a single control centre, unifying backup and recovery, disaster recovery, archiving and search and insight.

Quantum Xchange

Quantum Xchange

As the provider of unbreakable quantum-safe encryption, Quantum Xchange gives commercial enterprises and government agencies the ultimate defense to keep high-value data safe.

Curtail

Curtail

Curtail keeps businesses running by using live traffic analysis to identify defects before software goes live, and detect and isolate security threats before they impact systems.

Pragma Strategy

Pragma Strategy

Pragma is a CREST approved global provider of cybersecurity solutions. We help organisations strengthen cyber resilience and safeguard valuable information assets with a pragmatic approach.

Traceable

Traceable

Traceable was founded to protect applications from next-generation attacks.

Fairdinkum Consulting

Fairdinkum Consulting

Fairdinkum is a leading full-service IT consulting firm with more than two decades of experience in the industry.

Cypfer

Cypfer

CYPFER is a global market leader in ransomware post-breach remediation and cyber-attack first response.

Simbian

Simbian

Simbian, with its hardened TrustedLLM system, is the first to accelerate security by empowering every member of a security team from the C-Suite to frontline practitioners.