News & AnalysisNewsletter

What Businesses Should Know About Targeted Attacks

Log4j

A number of recent incidents related to cybersecurity that occurred in less than a fortnight has shaken the global economy. Notable among them were the attack on foreign currency retailer Travelex, which was held to ransom by hackers on the New Years Eve, affecting not only Travelex’ reputation and market shares, but also encroached on partners including high profile banks such as HSBC, RBS and Barclays.

The other incident was the U.S’ killing of Qasem Soleimani, Iran’s Major General in the Islamic Revolutionary Guard Corps, on January 3, by a U.S airstrike ordered by President Trump. The more pressing concern for many has been that Iran might retaliate with cyberattacks in the US – causing serious consequences to the country’s information networks and cyberspace.

These and more incidents forewarn that 2020 will continue to see many more targeted attacks by organized cybercriminal groups or nation-state sponsored threat actors. In this context, a recent report by cyber security and threat intelligence firm CyberInt forecasts an increasing prevalence of targeted attacks in the financial services as well as government sectors throughout 2020, adding that cyber espionage and geopolitics remain relevant with nation-state sponsored groups conducting data gathering operations and financially motivated attacks worldwide. Here are some of the key takeaways of the report:

Rise of the TTPs

Unlike many other areas of technology, cyber security and the threats posed by attackers are somewhat cumulative, and threat actors continue to use age-old tactics, techniques and procedures (TTPs) simply because they continue to work.

The study shows, while new threats continue to pose a problem to defenders and researchers alike, threat actors often reuse TTPs in their campaigns. As such, the use of emails with malicious attachments or links continue to be the most common initial infection vector, and hence, age old threats are being deployed in new attacks, orchestrated by both high and low sophistication threat actors.

Given the continued efforts by threat actors to keep things simple and reuse rather than reinvent, organizations should counter TTPs by fixing the well-known holes and addressing the basics, suggest researchers. As Daniela Perlmutter, VP of Marketing for CyberInt says, “In-depth understanding of the threat landscape and how threat actors conduct operations are key factors in helping our customers protect their businesses.”

She believes by continuously monitoring threats in real time as well as investigating and tracking their TTPs and infrastructure delivers an in-depth perspective of the behaviors and motivations that is critical for threat detection and mitigation.

Cyber Risk and Investors

This year cyber-attacks are going to play a larger role in financial investments than ever before, believe experts. Equifax was the first company that received a credit downgrade because of a data breach, and it made investors hesitate to invest in companies without understanding their cyber risk. A new research by Bitsight shows a majority of Fortune 1000 companies have at least one remote administration service running on an open port. With current security like this, breaches are inevitable.

Savvy investors are holding off on investing in companies without good security. They’re beginning to uncover a link between companies with strong cybersecurity posture and strong stock performance, the study says, recommending that for the security professional, this is an opportunity to showcase your worth to the C-suite. Having strong security will no longer be just about protecting against breaches, it also means a better draw for investors, whether they’re looking to purchase stocks or invest in your business.

Attacking As-a-Service Models

While highly sophisticated organized cybercriminal groups and nation-state sponsored threat actors pose ongoing threats, less sophisticated attacks using the “as a service” platforms available in the underground economy are increasing in prevalence, becoming serious threats for enterprises.

These models are readily available for purchase by unsophisticated threat actors and facilitate attacks with minimal investment, as the study shows, bot networks of compromised hosts can be rented for as little as $60 for 1,000 victims, allowing DDoS and Spam campaigns to be launched from unsuspecting machines for as low as $28 per day.

“The volume of attacks is increasing due to the sale of “As a Service” platforms allowing less sophisticated attackers access to more complex tools for as low as several US dollars a month,” says Adi Peretz, Head of Research at CyberInt.

The study further shows 2020 will continue to see targeted ransomware attacks against local governments and specific industries, potentially driven by alternate motivations and orchestrated by organized cybercriminal gang or event nation-state sponsored threat actors.

The Weakest Link

The reason that most campaigns commence with an email lure is that humans, as generally trusting and curious beings, continue to be lured into opening attachments or click on seemingly innocent links. While many have become accustomed and dismissive of poorly written phishing emails, more – sophisticated threat actors are reusing legitimate business communications to appear convincing, the study says. This, when combined with the propensity to respond to emails quickly when in the workplace, especially when confronted with language conveying a sense of urgency, allows threat actors to deliver a variety of threats that vary in sophistication and capability to bypass or evade other security controls.

While the security industry often talks of defense-indepth and layers, it is important to remember that the human element needs to be addressed and, as such, organizations in 2020s should take it upon themselves to ensure that their employees and customers are aware of these common threats and how they can take steps to protect themselves, the report says.

Nation-State Actors

Previously it was easy to understand the motivations of many mainstream threat actor groups, for example, nation-state threat actors conduct cyber warfare and espionage campaigns while organized cybercriminal gangs conduct high-value financially motivated attacks.

With advancements in the capabilities of both nation-states and cybercriminals, the lines between the two have blurred, the study shows. Some nation-state threat actors have become increasingly financially motivated while organized cybercriminal gangs seemingly appear to be getting involved in cyber espionage campaigns. Furthermore, the study notes that TTPs previously reserved for nation-state threat actors are being widely used by organized cybercriminals, perhaps suggesting that the same individuals have a foot in both camps.

Hello, Cyber Insurance

The costs of responding to cyberattacks are relentlessly increasing, and 2020 will be the tipping point for cyber insurance. Many companies, especially smaller ones, are learning the hard way they don’t have the resources to mitigate cyberattacks alone.

The study shows as more companies adopt cyber insurance policies, the insurance industry will educate themselves on the nuances in cyber attacks and begin offering additional cyber coverage plans, including ones that cover consequences and losses outside of the cyber realm.

Planning Ahead

The coming months will bring a range of challenges for cyber professionals, but organizations need to have some level of understanding as to how threat incidents are occurring to effectively shift their cybersecurity posture, say researchers

The overall takeaway for CIO/CISOs is that organizations should be monitoring with well-defined use-cases driven by priority-based threat intelligence, and knowledge of the underground economy or malicious cyber groups.

Continuous monitoring can allow them to better detect and prevent malicious activity within the enterprise environment.

The study especially notes that monitoring and tuning security controls based on TTPs that’s derived from threat intelligence can have a direct impact on hackers by forcing them to reinvent their operations from scratch.

This, according to the report will take significant amounts of time, effort and money; and ultimately challenge the adversary’s cost-benefit scenario.

Leave a Response

Sohini Bagchi
Sohini Bagchi is Editor at CXOToday, a published author and a storyteller. She can be reached at [email protected]