01/30/2023 | News release | Distributed by Public on 01/30/2023 20:41
We can only predict the threat landscape of tomorrow when we fully understand the threat landscape of today. By analyzing the latest trends, methods, and targets, we can predict the future of cyber threats and how threat actors may evolve and develop their attacks to increase their chances of success.
Threat actors have been targeting people for some time now. People are the key to access; threat actors know this and leverage them accordingly. Further, expert technical capabilities aren't a requirement when it comes to attacking people.
We're likely to see more threat actor groups emerge with a wide spectrum of skills, from super advanced to low tech. The common thread will be effective social engineering-meaning attacks against humans, instead of directly targeting data and machines.
Effective social engineering convinces users to engage with malicious content, facilitating entry into a target environment. This initial access method doesn't require additional knowledge or capabilities like exploiting external-facing vulnerabilities or services. It's also easier for threat actors to conduct broader targeting in higher volumes.
With the human aspect perfected, attackers will then add code, scripts, workflow tools, and more to operationalize threats, increasing both their efficiency and effectiveness. Protections and controls alone aren't enough to defend against these tactics, so security awareness must be prioritized.
The SolarWinds attack caught many organizations completely off guard and thrust the issue of trust into the spotlight like never before. Incidents like that-and the Kaseya ransomware attack-have increased awareness about threats to the software supply chain. Threat actors can weaponize trusted third-party services to gain access to an organization and steal information, degrade functionality, or disrupt services.
As outsourcing increases and tech stacks grow ever more complex, it's almost impossible for chief information security officers (CISOs) to guarantee that everyone in the software supply chain is as diligent about cybersecurity as they should be. They must trust that third parties are doing due diligence to protect against attacks.
This may drive a tension, with CISOs seeking to consolidate and simplify the supplier network just as the business decides to move from a "just in time" supplier model to a "just in case" one-increasing the supplier base and inviting in smaller partners. Security teams will certainly need to justify their position of partnering closely with a few vendors while CEOs and finance teams push for lower prices and spreading of risk.
Insider threats have increased by almost 50% in recent years with annual costs exceeding US$15 million. Despite this, it has been traditionally difficult to get buy-in for insider threat management solutions at the board level. Employers often feel that their vetting process, coupled with external protections, is enough to keep the problem under control.
But the rise of credential theft has reframed how we look at the issue of insiders. It is now irrelevant whether or not you trust Bob from accounts, because if Bob's credentials are stolen or exposed, you are no longer dealing with him. Once again, there is little technical skill required here, so we can expect a continued rise in this method of attack.
When it comes to defense, regular, targeted security awareness training programs and multifactor authentication are absolutely vital.
Ransomware, data loss, and intellectual property theft were once stand-alone attacks, with different methods ultimately achieving each aim. However, over time, these threats began to overlap. Now, it's commonplace for cyber criminals to deploy ransomware to encrypt data as well as extract files to further extort victims.
We're also starting to see another layer to this type of attack. Proofpoint threat researchers have observed threat actors attempting to recruit employees of target companies to facilitate insider threat-based attacks.
Further, a growing number of threat actors are configuring malware to alert them when it discovers information that may be of value, either for sale or exposure. Once alerted, threat actors will step in manually to assess the highlighted data before deciding on the most profitable next steps.
With a single errant click or reused password potentially opening organizations to a chain of attacks, the need for an ingrained security culture will only become more pressing.
Think of nation-state attacks, and four countries-China, Russia, North Korea, and Iran-may immediately come to mind. However, other countries are expanding their nation-sponsored cyber-espionage capabilities. And we will likely see India, Pakistan, and other countries, continuing to build and improve their programs as well.
Geopolitical tensions and events have also raised the visibility of players like Taiwan. The Middle East is another emerging hot spot as many of the big powers look to diversify economies and play a more significant role on the world stage.
While most organizations will never come into the crosshairs of a nation state, the more action there is on this battlefield, the greater the scope for collateral damage-whether that's system and network outages or vulnerabilities passed on from a third party. This puts even greater pressure on CISOs to have visibility into their organizations and work closely with their executive leaders to implement a solid security program.
Did you know that threat actors:
Want to read more articles like this one? Get the latest cybersecurity insights in New Perimeters, the exclusive magazine from Proofpoint. You can browse it online, download it to read later, or receive a copy in print, direct to your door.