11 Ways Cybersecurity Threats are Evolving
The cybersecurity threat landscape is getting bigger. InformationWeek takes a look at how security and threats are evolving.
![Digital Security and Threat of a System Digital Security and Threat of a System](https://eu-images.contentstack.com/v3/assets/blt69509c9116440be8/blt5ae78ebb274e008a/664e3f884f8be3861dace642/H63550.jpg?width=700&auto=webp&quality=80&disable=upscale)
sleepyfellow via Alamy Stock
Cybercriminals have been automating attacks for a long time, but now they’re using the power of AI-powered intelligent automation to accomplish faster at scale.
“In the past, if I wanted to find a bug in some software, I’d go through the code. Now, you’ve got intelligent automation behind that making it easier to find certain problems,” says independent security consultant Ralph Echemendia. “[Intelligent automation] is used for code analysis or response analysis for networking or communication between the apps, so really looking at the application stack and all the places in the application stack that could have a flaw.”
A “living off the land” attack utilizes capabilities and technologies built into an operating system.
“Sometimes those functions are either badly coded, don’t have good security parameters around [them], or they’re very rarely used so you would never think about watching them in those environments,” says Michael Freeman, head of threat intelligence at asset intelligence cybersecurity company
Armis. “A few years ago, threat actors used that to download malicious binaries whether it be ransomware or new capabilities to maintain access to the environment and pivot around your infrastructure. I’m seeing more advanced techniques where they may not be [using] a typical executable but they’re utilizing a deeper part of the Windows or Linux kernels to do that same approach, and it’s harder to detect.”
Over the past few years, ransomware groups have started shifting attacks in greater numbers to target Linux environments. Although it’s a much smaller computing market than Windows, many of the assets hosted in Linux are high-value targets, according to Jay Mar-Tang, field CISO at automated security validation company Pentera. (Linux powers 96.4% of the top million servers in the world.)
Meanwhile, organizations are increasingly storing more critical assets in the cloud, and hackers are following the trail. Cloud infrastructure and security is still somewhat specialized, so threat actors are picking up their attacks against cloud environments hoping to exploit victims who have relatively weak cybersecurity. Crowdstrike recently
reported a 75% increase in cloud intrusions year over year.
“Cyber attackers are increasingly focusing on identity-based attacks. This includes tactics like phishing, using stolen credentials from Initial Access Brokers, SIM swapping, and bypassing multi-factor authentication. These methods allow attackers to impersonate legitimate users, making it challenging to detect intrusions,” says Mar-Tang in an email interview. “The criminal marketplace that Initial Access Brokers are a part of decentralizes the ‘attacker lifecycle,’ and these access brokers focus on the initial intrusion to sell to other threat actors. Attackers can now purchase each of these aspects of the attack lifecycle, at a cost that is acceptable to the financial gain they will obtain. As an attacker, I can ‘source’ other parts of my attack from others and save time.”
Generative AI is a new tool threat actors use as often as everyone else, according to Jay Mar-Tang, field CISO at Pentera.
“Generative AI lowers the barrier to entry for many social engineering campaigns as it can be used by non-native speakers to draft emails that lack the noticeable mistakes that in the past have made phishing attacks a little easier to spot,” says Mar-Tang in an email interview. “Generative AI can also be used to speed up work. Imagine if I’m a hacker and I get ahold of a file with a large amount of data. I can upload that into my generative AI engine and ask it to look for email names and credentials. It will be able to do it far faster than I would manually, removing tedious legwork that traditionally slowed down, or even deterred threat actors.”
Organizations are increasingly under siege from attacks that target the software supply chain, according to Jon Medina, managing director, attack and penetration team at business consulting firm Proviti. Hackers infiltrate development pipelines or compromise third-party libraries to inject malicious code at scale. A recent example is the XZ utility being backdoored in Linux.
“[O]ld tried-and-true tactics are still working, so attackers don’t need to come up with brand new ways of attacking,” says Medina in an email interview. “While some of the nation-state and government sponsored attack groups have the capability to find and hoard vulnerabilities and perform high-complexity attacks, the average cybergang is doing the same thing they’ve been doing for years because it’s still working.”
Financial institutions are facing a surge in cyberattacks. These hybrid assaults involve gaining physical access to ATMs and then using malware to drain funds. Some ATMs can be opened with a butter knife, according to Paul Tucker, chief information security and privacy officer at US-based bank BOK Financial.
“Social engineering continues to be the primary tactic employed by most threat actors. The emergence of adversarial AI has significantly streamlined the process of deceiving customers, causing them to unwittingly reveal those crucial six-digit codes,” says Tucker in an email interview. “In the context of deploying ransomware within companies, threat actors have recently adopted a novel approach: they call contact centers to gather reconnaissance, enabling them to seamlessly switch their phone number with the victim’s. Once they gain access, they swiftly log into the company’s network and initiate the deployment of malware.”
Industrialized malware and ransomware are gaining a foothold in victim enterprises and government agencies. As cybercriminals find the right combination of social engineering and malware for maximum impact, they apply it in greater numbers, according to Bryan Sartin, VP, security and resiliency leader, advisory and implementation services at multinational information technology infrastructure services provider Kyndryl.
“It no longer takes weeks or months to stage a successful attack,” says Sartin. “Now, thousands of attacks can be launched simultaneously. And with greater velocity, criminals just sit back and wait for the next victim to surface. For these reasons, end-user training and awareness in combination with effective blocking and tackling of identified vulnerabilities and cyberattacks in motion is critical. Importantly, an enterprise’s end users must recognize they are the first line of defense against unauthorized access and intrusion.”
Despite the increasing number of cyberattacks, products are still hitting the market faster than they’re being secured, according to Mike Machado, CISO at intelligent identity and access security solution provider BeyondTrust.
“If history is any indication of the future, then we can expect the cycle of new tech emerging with minimal security, begetting new abuses of that technology, leading to a repeat of the learning curve we’ve had with regard to previous technologies,” says Machado in an email interview. “In terms of the threat landscape, it’s getting wider and deeper the more connected devices exist in the world, the more applications that go online, the more software and smart hardware ground we have to defend.”
Businesses of all sizes should be very concerned about email security, according to Lila Kee, GM for the Americas/chief product officer at certificate authority and a provider of internet identity and security products GMO GlobalSign.
“We know that the FBI considers this to be a $50 billion market, which is why it is critical for companies to be aware of how these attacks can occur,” says Kee in an email interview. “Financial services and real estate businesses are particularly vulnerable as hackers commonly target these industries, so companies should take steps such as creating a BEC policy, always be wary of changes in payment terms in a transaction and keep information private regarding executives and even their assistants. That kind of detail could be gold to a hacker so be sure to [keep] that information ‘close to the vest.”
She also says CISOs should continue or increase investment to ward off increasingly sophisticated and evolving phishing attacks that are often prerequisites to malware and ransom exfiltration.
As technology advances, so do the opportunities for exploitation. Etay Maor, senior director of security strategy at single-vendor SASE platform provider Cato Networks, says his organization is seeing a shift from widespread, opportunistic attacks to more tailored and strategic ones.
“The primary threat to organizations is not elaborate, sophisticated attacks, but the complexity within their own security infrastructure,” says Maor in an email interview. “Gaps between systems are easily exploitable, and it is no wonder threat actors are still using the same tools and tactics that worked 15 years ago. Cybercriminals are increasingly leveraging social engineering, ransomware, and advanced persistent threats (APTs), which allow attackers to exploit human behavior, go undetected for long periods of time, and bypass traditional security measures with ease.”
There has been a notable increase of ransomware attacks on critical infrastructure, particularly in the manufacturing sector, according to Jacob Marzloff, CEO of industrial cybersecurity company Armexa, in an email interview. Attackers are taking advantage of the softer security posture of operational technology (OT) and IoT systems and the high-value organizations place on these systems because they are responsible for safe, secure, reliable day-to-day operations and compromise of these cyber-physical systems can result in health, safety, and environmental impacts as well as significant financial consequences.
“The threat landscape in OT is growing at a fast pace when new technologies such as cloud-connected Industrial IoT sensors are deployed into a control system without the correct defense-in-depth strategy in place” says Marzloff in an email interview. “There's nothing inherently wrong with deploying new sensors or gathering data in the cloud; the issue comes up when cybersecurity is an afterthought in the typically rigorous engineering design of these systems. With the correct cybersecurity strategy in place, these threats can be minimized through layers of defense and companies can enact their data strategy while mitigating risks.”
The same ransomware that impacts IT environments resulting in business disruption can also impact OT system but resulting in very different consequences. For example, OT compromises can result in the shut-in of gas processing plants leading to increased emissions, bringing the production line of life-saving medicine to a halt until systems are operational again or even stopping the flow of clean water to residences. With the right security strategy and deployment, these threats can be effectively mitigated to acceptable levels, he says.
There has been a notable increase of ransomware attacks on critical infrastructure, particularly in the manufacturing sector, according to Jacob Marzloff, CEO of industrial cybersecurity company Armexa, in an email interview. Attackers are taking advantage of the softer security posture of operational technology (OT) and IoT systems and the high-value organizations place on these systems because they are responsible for safe, secure, reliable day-to-day operations and compromise of these cyber-physical systems can result in health, safety, and environmental impacts as well as significant financial consequences.
“The threat landscape in OT is growing at a fast pace when new technologies such as cloud-connected Industrial IoT sensors are deployed into a control system without the correct defense-in-depth strategy in place” says Marzloff in an email interview. “There's nothing inherently wrong with deploying new sensors or gathering data in the cloud; the issue comes up when cybersecurity is an afterthought in the typically rigorous engineering design of these systems. With the correct cybersecurity strategy in place, these threats can be minimized through layers of defense and companies can enact their data strategy while mitigating risks.”
The same ransomware that impacts IT environments resulting in business disruption can also impact OT system but resulting in very different consequences. For example, OT compromises can result in the shut-in of gas processing plants leading to increased emissions, bringing the production line of life-saving medicine to a halt until systems are operational again or even stopping the flow of clean water to residences. With the right security strategy and deployment, these threats can be effectively mitigated to acceptable levels, he says.
Cyberattacks continue to increase in number and frequency. While some organizations, particularly highly regulated companies, have achieved a high level of cybersecurity maturity, tactics continue to evolve as new technologies become available making it more difficult for smaller organizations to cover all the bases. Moreover, people tend to be the weakest link in the cybersecurity chain.
“[C]yber threats continue to evolve as technology advances. Motivations behind many of these attacks can vary from monetary gain to political activism, disrupting the global supply chain and critical infrastructure, to attempts to undermine the very bedrock of society -- and the current geopolitical landscape creates a rich set of opportunities for them to craft their plans. These all contribute to the evolution of cyber threats by influencing the motivations, capabilities, and targets of cyber actors operating in these regions,” says Cameron Over, partner and cybersecurity lead at business advisory firm CrossCountry Consulting in an email interview. “Also evolving, and certainly anticipated by threat cyber criminals, is the vast opportunity that artificial intelligence provides for AI-powered malware, deepfake, and synthetic media, and an even more sophisticated social engineering engine, powered by AI.”
Meanwhile, enterprise attack surfaces continue to expand with the explosion of device types, pushing out from the traditional network of computers to phones, IoT and IIoT devices. As the tech stack becomes more complex, the potential points of failure grow, and worse, some teams don’t have visibility into those security gaps.
“By the time you’re doing an annual audit, quarterly penetration tests or any number of things that are supposed to be proactive in corporate security, by the time you test again, even if it’s literally weeks -- which is what it takes to generate the report -- somebody’s been hired, somebody’s been fired. It’s as simple as that,” says Ralph Echemendia, an independent cybersecurity consultant, otherwise known as The Ethical Hacker. “It’s already changing the landscape because the threats aren’t purely technical.”
Following are more ways the threat landscape is evolving.
About the Author(s)
You May Also Like