Spear-phishing is the fourth most popular attack vector for adversaries. And security professionals know they should be wary of lateral movement within their networks as attackers are now riding executive VPN portals past the perimeter. Yet, our current methods have been failing us as cyberattacks aren’t just multiplying – with VMware experiencing a 239% increase in attacks and the FBI experiencing a 400% increase – the malicious actors are also becoming more sophisticated.
Challenging Current Methods
There’s clearly a disconnect here. As security practitioners, we need to begin challenging our current methods. We have been far too loud about our incident response and far too quick to “turn on the lights” and alert our adversaries to the fact that we know they are inside our networks. Concurrently, we have been too focused on the misuse of PowerShell and on terminating command and control rather than on monitoring attacks.
We should be laying low, tracking, and monitoring attackers in an effort to better be able to identify “normal” vs. abnormal behavior. Instead, we’ve been bursting in on the attacker, losing that valuable information and providing more knowledge to the attackers of our indicators of compromise, only allowing them to be smarter, stealthier, and more successful next time.
A Shifting Playing Field
And in today’s environment, threats aren’t limited to network-based or one-time attacks. There will be a next time as the attackers are leveraging APIs against organizations to commandeer their digital transformation efforts.
In other words, your brand’s identity is at stake as mail servers are being taken over in order to change a company’s messaging. With the massive shift to work from home and cloud-based infrastructures, there have been increases in cloud jacking beyond the mere targeting of buckets. This all means that in terms of cloud security, it all comes down to visibility into the cloud when choosing between public, private, hybrid, and multi-cloud solutions.
The Economic Power of the Dark Web
In a matter of months, the dark web is slated to become the third-largest economy in the world. As such, we’re now dealing with major organized crime syndicates and cybercriminal communities that know the connections of the infrastructure: front running, digital insider trading, non-public market information, etc. And the criminals are no longer working alone. As they say, there is honor among thieves. As the dark web has grown and diversified, malicious actors have developed talent-sharing techniques and organized cybercrime rings.
This has allowed even neophytes to get in on the game with Ransomware as a Service option that can either be monetized or leveraged just for destructive and punitive purposes. With this increased collaboration and diversification of the market, it’s no wonder destructive attacks are up 102%.
The Impact on Elections
All this being said some of our adversaries are so at odds that collaboration seems almost impossible. And this may just be our saving grace come November.
As China’s number one debtor and number one consumer, it is not in their best interest to wage any destructive campaigns against the U.S. And as Russia and China’s interests “collide in cyberspace,” they may just cancel each other out of the equation.
But although there may not be any overt destruction campaigns, the disinformation and misinformation being propagated by our enemies is staggering and makes voter disenfranchisement and disillusionment the biggest concern in the lead-up to the elections.
Voters should be wary of anything they hear and read in the final days leading up to the election and make sure to double and triple-check their sources as our adversaries ramp up their disinformation campaigns in an effort to undermine democracy.
What Can Be Done?
In such a complicated threat landscape, it’s imperative that government leaders understand cyber and that there is a global task force dedicated to proactively securing the dark web.
As security professionals, we must make efforts to minimize the tension between IT and security practitioners. System administrators should be mobilized to recognize the importance of cybersecurity so that the development and security teams can work seamlessly together in a DevSecOps manner. Finally, in an environment where attacks are cyclical and not linear, we must anticipate the enemy’s tactics, techniques, and procedures (TTPs) or combinations of TTPs. In other words, the offense must inform defense, and security professionals must be running regular penetration tests from the inside out to identify risks.