The global threat landscape requires novel and new responses
From Russia to China to South Korea, the global threat landscape continues to mature and often disrupt the assumptions of those who have to defend against attacks. New technologies are the norm, such as criminals masquerading as job seekers to break into networks or attacking obscure networks.
The result is unpredictable attacks, hard-to-detect attackers, and hard-to-resolve breaches. More difficult, but not impossible. We certainly live in a more dangerous cyber age, but we are also at an inflection point. XDR is a significant step forward and we believe that Adversary Detection and Response (ADR) is not far behind, especially as collaboration between the public and private sectors increases.
Perhaps most importantly, we are getting closer and closer to realizing the full promise of big data in the context of cybersecurity. Anomali is putting a lot of energy into closing that gap. We believe this is the key to unlocking the adversary’s defenses as a truly viable and scalable approach to protecting businesses and people.
At the RSA Conference 2022, cyber threat experts gave attendees a virtual tour of the world. during panel presentation Investigate the activity of threat actors by countries and criminal groups. The panelists have revealed the latest global threat activity and best strategies to thwart increasingly sophisticated attacks.
They have detailed the adversarial behavior that concerns and should energize us, and we share it in the hopes of generating energy among our communities, partners, customers and anyone else who understands adversarial behavior as an important mission.
Attacks that go beyond traditional platforms
China may not be as flashy and flashy as Russia, but it is also reshaping its cyber threat landscape. Attacks are moving beyond traditional platforms like Microsoft and Linux malware to esoteric systems like Huawei routers and Solaris implants.
As the panelists noted, the attack surface is being moved, enlarged, and deformed in a variety of ways. For example, China has exploited vulnerabilities in software that tracks diseases in cattle, giving it a foothold in 18 US states and local governments using the software.
Often, threat actors can exploit vulnerabilities within hours. According to the panel, what does it mean? Defenders must accelerate the patching of critical systems beyond existing assets. It’s no longer just a matter of frequent matching. Instead, it’s important to have a close conversation with your business about downtime and schedule patches on a regular basis.
Ransomware as Harassment
Iran has become an innovator of government-backed ransomware. Iranian attackers are increasingly patient, sometimes interacting with victims 10 times before committing a malicious act. The panelists called them ‘big game’ and I couldn’t agree more. We are not talking about targeting to lock down one system within a network. This is a network-wide ransomware attempt to get as much ransom as possible. Add here the practice of exposing data to harass your organization.
Cybercriminals are masquerading as job seekers
After much of its cyber activity was halted during the pandemic, North Korea is returning in a revengeful and creative way. Latest Developments: Focus on cryptocurrency schemes. The panelists described an example of a stolen cryptocurrency wallet. If you don’t store your cryptocurrency offline, you are likely to lose all your funds.
In addition, North Korean attackers are using stolen credentials to impersonate themselves as US citizens and are employed by companies to infiltrate networks. Criminals often struggle to get through the interview process unnoticed, but these aggressive attempts demonstrate the need to bolster insider threat programs and educate recruiters and HR professionals on this tactic.
Hackers for hire are on the rise.
The panel also highlighted how hiring hackers are emerging around the world, from BellTroX in India to Darkmatter in the US, Darkmatter in the UK to Citron in Macedonia. Using contractors in the country aims to make it more difficult to divert attacks to a single entity.
Given that hackers often target smartphones, defenses include: Instead of giving out your phone number, use your Google Voice number. Reboot your phone often. And if you’re a high-value target, you can contact the Citizens’ Lab at the University of Toronto and perform forensic analysis to determine if you’ve been a victim in the past.
Press Releases Should Be Prepared Before the Attack
Ukrainians are incredibly resilient to cyberattacks. When electricity is lost in an airstrike, they will continue their efforts as soon as electricity is restored. If the Russians cut off the network, the Ukrainians will re-establish it in a matter of hours.
In contrast, it can take weeks to recover as Western organizations are not prepared with the same diligence as Ukraine. Organizations should have incident response (IR) and negotiation teams in place to prepare for attacks. Your IR plan should also include a detailed PR and communication strategy. Taking days to analyze what you’re going to say publicly can’t be a lot of time for most companies. Those who do well after the attack are transparent, open and communicative. This could include items such as press releases that have already been reviewed by lawyers that are ready to be issued in the event of an attack.
the mission before us
These are just some of the ways your enemies are increasing their stake in the battle for security. We were clear when we heard that our mission was more important than ever. At the same time, it was clear that the mission was not unique to us. Modern enemies are intelligent and resourceful in ways we never expected, and so should we. We need to work together, find ways to share information, and coordinate our responses in ways we don’t today. We must find new uses for the data we collect, new filters to see the world, and new commands to interpret our mission.
Cyber threats are as serious as imaginable, but we have more resources than we admit to ourselves. we can go there We will fight the enemy. If this panel has revealed something, it will reveal what the problem is. everything.