NEWS: Logpoint Acquires Muninn
You don’t need to be able to foresee the future to know that 2023 will be full of changes and new milestones within the cyberlandscape. The last couple of years haven’t been easy for cybersecurity teams. But really, when was the last time it was easy for them? The rapid pace of small and bigger scale cyberattacks has been increasing constantly and we are not expecting that cybercriminials will slow down. On the contrary with recent developments in technology, we are to see an exhilaration and current enterprise defenses might be overwhelmed more quickly than ever. But security teams should not give up easily as more and more efforts are made to counteract and to protect networks, systems and data. However, cyberthreats aren't the only security challenge to continue in 2023. New large language models such as ChatGPT and artificial intelligence add to the complexity but also possibilities in cybersecurity.
We are having a look at the top five trends and challenges security teams and organizations need to be aware of this year.
Doomsday is upon it seems when you believe some of the headlines in the media. Like any powerful technology, however, there are potential dangers associated with the improper use of AI.
Large language modules (LLM) and in particular one of them, ChatGPT, are a hot topic these days. These language models provide a lower barrier to entry for malicious actors, but the code ChatGPT produces is far from perfect and would still need some human intelligence to bring it to the finish line. Taking this into consideration, it is perhaps not as big of a threat as some of the click bait headlines claim. However, AI-enabled attacks, such as deepfakes, are becoming increasingly realistic for use in social engineering attacks and LLM’s are the perfect tool for any cybercriminal to write a waste amount of very believable phishing emails in just a few minutes, making hacking a very efficient business.
In a survey of 1,500 IT decision makers across North America, UK, and Australia done by BlackBerry 53% voiced their concern about ChatGPT’s ability to help hackers craft more believable and legitimate sounding phishing emails and 49% believe that it is enabling less experienced hackers to improve their technical knowledge and develop more specialized skills.
But the huge potential of AI does not go unnoticed and respondents in all countries see ChatGPT as generally being used for ‘good’ purposes. According to the survey the majority (82%) of IT decision-makers plan to invest in AI-driven cybersecurity in the next two years and almost half (48%) plan to invest before the end of 2023. Forbes reports, that a significant 76% of businesses have placed AI and machine learning as top priorities in their IT budgets. This shift is primarily influenced by the growing abundance of data that requires thorough analysis to detect and address cybersecurity risks, among other factors. Notably, the surge in connected devices is anticipated to produce a staggering 79 zettabytes of data by 2025, a scale that surpasses the human capacity for manual analysis.
Learn more about how AI democratises coding in our Cyber Trends 2023:
Download your issue of the Muninn Cyber Trend here
Cybersecurity and IT job positions are growing in demand faster than companies are able to hire. With cybersecurity being an essential part of any enterprise that carries valuable, private data and information, finding and retaining this kind of specialty talent is critical. For years, report after report has concluded more security employees are needed than there are applicants for security jobs.
The most recent "(ISC)2 Cybersecurity Workforce Study" found that, although the cybersecurity workforce is the largest the nonprofit has ever recorded, a worldwide security gap still increased year over year. An estimated 4.7 million people currently make up the cybersecurity workforce -- an increase of 11.1% over 2021 -- but an additional 3.4 million are needed to properly protect and defend today's organizations. Yet, hiring employees with the necessary skills - and retaining those employees - continues to be a challenge.
To make matters worse, budget cuts and layoffs can equate to fewer staff members on a team that has to get the same amount of work completed, no matter what.
Recognizing the severity of the situation, the Biden-Harris administration in the United States has announced the allocation of funds for a groundbreaking state and local cybersecurity grant program. The aim of this initiative is to equip state and local agencies with the necessary tools to safeguard against the threats faced by their respective communities. Furthermore, the administration is ensuring that private sectors and entities also enhance their defenses against cyberattacks. Various entities, including hospitals, the Transportation Security Administration (TSA), the Department of Health and Human Services (DHHS), and others, have already received or will receive updated regulations and system upgrades to strengthen their cybersecurity systems and processes.
Learn more about cybersecurity staffing issues in our Cyber Trends 2023:
Download your issue of the Muninn Cyber Trend here
Ransomware attacks have been on the rise, targeting businesses of all sizes, and their impact can be devastating. These attacks can result in significant data loss, operational disruptions, and substantial financial losses. Cybercriminals are constantly evolving their tactics, emphasizing the need for organizations to adopt proactive defense strategies. To mitigate the risk of ransomware attacks, it is crucial to implement regular data backups, utilize behavior-based detection systems, and provide comprehensive training for employees. These measures are essential to stay one step ahead of cybercriminals and protect valuable assets.
The year 2020 earned itself the title "year of ransomware" as attacks surged by 148% during the COVID-19 pandemic. This trend continued into 2021, marking ransomware attacks as the most prominent type of cyberattack for the second consecutive year. According to the IBM Security X-Force Threat Intelligence Index, ransomware attacks accounted for 23% of all attacks in 2020 and 21% in 2021. Although the number of attacks decreased in 2022, the threat remained significant.
Ransomware will continue to pose a substantial challenge, especially with the rise of double extortion attacks and the emergence of ransomware-as-a-service models. Organizations need to be better equipped and adapt holistic defense strategies. To mitigate the risk of ransomware attacks, it is crucial to implement regular data backups, utilize behavior-based detection systems such as NDR’s, and provide comprehensive cybersecurity training for employees. These measures are essential to stay one step ahead of cybercriminals and protect your organization’s network.
Phishing poses an ongoing and relentless challenge for organizations of all sizes and types. No company or employee is exempt from the risk of attack. As stated in the "2021 Verizon Data Breach Investigations Report" approximately 25% of all breaches involve some form of phishing or social engineering. These attacks involve deceptive tactics employed by malicious individuals to manipulate employees into divulging sensitive information such as passwords, credit card numbers, and other confidential data. Phishing can take various forms, including email phishing, spear phishing, business email compromise, whaling, vishing, and image-based phishing.
Some noteworthy examples of phishing attacks that have happened in the past:
In May 2021, a ransomware attack on fuel supplier Colonial Pipeline showcased the devastating impact of cyberattacks on millions of Americans.
As a result of the attack, Colonial Pipeline had to cease operations due to the compromise of its business network and billing system. The attackers were able to deploy the ransomware by gaining access to an employee's password, through a phishing email. The DarkSide gang, responsible for the attack, was known to employ such tactics, as noted by the US government. Determining the exact cost of the breach is challenging. Colonial Pipeline paid $4.4 million (approximately €3.75 million) to obtain the decryption key from the attackers, but this was just the beginning.
The shutdown of the organization, which supplies nearly half of the oil to the US East Coast, lasted for a week, resulting in the non-delivery of roughly 20 billion gallons of oil, valued at approximately €3.4 billion at the time. Predictably, gasoline prices skyrocketed, burdening the public with some of the costs. Even a week after Colonial Pipeline's systems returned to normal, over 10,000 gas stations remained without oil. In an interview with The Wall Street Journal, CEO Joseph Blount acknowledged the impact on the broader US economy while explaining his decision to pay the ransom. "I know that's a highly controversial decision," he stated. "I didn't make it lightly. I will admit that I wasn't comfortable seeing money go out the door to people like this. But it was the right thing to do for the country."
Considering the combined damage to Colonial Pipeline and the US economy, this phishing attack stands as the most expensive one ever witnessed.
In November 2014, a criminal hacking group known as the "Guardians of Peace" released approximately 100 terabytes of data from Sony Pictures, a film studio.
According to Stuart McClure, the CEO of computer security firm Cylance, who analyzed the leaked data, the attackers had set their trap months in advance. McClure discovered that several high-ranking Sony executives, including CEO Michael Lynton, received phishing emails disguised as Apple messages. These emails requested ID verification and redirected recipients to a fraudulent website designed to steal their login credentials. With this stolen information, the attackers gained access to a wealth of data, including personal details of Sony Pictures employees and their families, private communications, and information about unreleased films. To exacerbate the damage, the attackers utilized a variant of the Shamoon wiper malware to erase Sony's computer infrastructure.
However, these actions seemed to be just the initial stage leading up to the true motive of the fraudsters. Subsequently, the attackers, later linked to a state-sponsored North Korean group, demanded that Sony withdraw its film "The Interview," a comedy centered around a plot to assassinate North Korean leader Kim Jong-un. Additionally, they issued threats of terrorist attacks against cinemas planning to screen the film, leading many theater chains to choose not to show it.
Due to the extraordinary nature of the incident, it is difficult to determine the precise extent of the damage. Nonetheless, Jim Lewis, a senior fellow at the Center for Strategic and International Studies, estimated that Sony Pictures incurred a cost of over $100 million (approximately €80 million at the time).
These two examples highlight the great consequences that organizations can face due to phishing attacks, emphasizing the importance of vigilance and security as your employees are the last line of defense in these situations.
Data has become an incredibly valuable asset for businesses, which explains the increasing occurrence of data breaches across various industries. In response to this, regulations like GDPR and US-based laws have been implemented to ensure that companies collect and handle personal data in a way that prioritizes user and consumer safety, protecting against breaches, theft, and misuse. While these regulations focus on safeguarding individuals, they also have a significant side effect. They compel companies to reevaluate their approach to data security and privacy, forcing them to consider how they have treated such matters in the past. Some companies have established data privacy policies and employ teams of lawyers and tech experts to avoid fines, penalties, and unwanted attention. However, compliance involves more than just meeting the minimum requirements to avoid legal consequences and adhering to current regulations.
A comprehensive approach to data security and compliance lays the foundation for a secure work environment, improved business workflow, and overall cost-efficiency in your business strategy. While it is crucial to allocate significant portions of the security budget to legal teams and advanced firewall technologies, recent data breaches have demonstrated the need for additional measures. Data security requires a multifaceted approach that goes beyond simplistic and one-sided measures. Regardless of the amount of money invested, all efforts can be in vain if there are gaps in your organization's security. The first step is to educate your staff about the importance of data security and compliance. Every employee must understand that a single compliance failure can have devastating consequences for the entire company. Without effective training and the adoption of a security and compliance-focused mindset across all teams and departments, previous investments and efforts may prove ineffective.
Implementing next-generation firewalls, reliable email solutions, and strong password policies serves as a foundation. However, in the event that an attacker bypasses these defense mechanisms, network detection and response (NDR) becomes crucial. NDR detects unusual network behavior and disrupts the attack at its early stages. To ensure full compliance, incidents must be reported within specific time frames and with the necessary information, which an NDR solution can support your business in accomplishing.
As the threat landscape continues to evolve, enterprises face numerous challenges in ensuring robust cybersecurity. By understanding and addressing these challenges head-on, organizations can build resilient defenses to protect their sensitive data and systems. It is crucial for businesses to prioritize cybersecurity, invest in training and education for their workforce, and allocate sufficient resources to tackle these challenges effectively. With a proactive and adaptive approach, enterprises can navigate the complex cybersecurity landscape and safeguard their operations in 2023 and beyond.
You may also be interested in reading our top 5 use cases for NDR.
