06 Feb 2024
by Neil Robertson

Even the simplest, everyday technologies such as QR codes can lead to a significant breach, loss of revenue and reputational damage. In this ever-changing landscape, this is what your organisation should be looking out for and implementing protections for.

Ransomware and denial of service are increasingly popular methods of attack, accounting for almost half of cyber breaches in 2023.

These attacks continue to be professionalised by ransomware gangs, many of whom operate a software-as-a-service model of ransomware to other criminals (affiliates) less skilled than themselves. These sophisticated and talented gangs provide easy to use tools, training and support as part of their criminal service, enabling hassle-free scale-up.

Many ransomware attacks are leveraging ‘zero day’ attacks where hackers can exploit a flaw before developers are aware of the vulnerability. Attacks using publicised vulnerabilities are becoming more timely, exacerbating the need for companies to patch swiftly, especially for internet facing vulnerabilities.

Some cyber criminals focus on capturing valid credentials to easily facilitate the start of an attack and sell these credentials on a marketplace called an Initial Access Broker (IAB) market. The IAB market is booming with threat actors harvesting valid credentials of companies and organisations to sell onto others. Virtual Private Network (VPN) and Remote Desktop (RDP) credentials are particularly sought after as they provide direct access into a company network.

Phishing remains a hugely popular way of gaining initial access to an organisation’s system. With Microsoft disabling macros in documents by default in 2022, threat actor tactics have changed from relying on malicious macros alone, to using links in documents directing users to malicious content. Criminals are also using different delivery mechanisms, for example Teams instead of email, and directing users to scan QR codes to bypass services like safelinks.

Being aware of threat actor changes to their preferred attack mechanisms and adapting defences to take account of these is important: cyber crime doesn’t stand still. There are many ways an organisation can strengthen defences to combat cyber attacks.

Make the journey difficult

While threat actors are becoming increasingly sophisticated, they will always take the easiest route, like avoiding complex tools for example. Because of this, making the journey to infiltration difficult is paramount. This can be achieved through gaining accreditations such as the Cyber Essentials standard, a government scheme focused on getting the technical basics right, from patching and configuration to account management.

Back it up

Organisations are well-versed in the importance of backing up data and systems, but are they tamper-proof? As companies have adopted this control, it is forcing ransom gangs to move more towards data exfiltration rather than encryption as the latter can be restored with good backups.

Get a clear view

Having an independent view of your cyber security maturity benchmarked against your sector can establish whether you have proportionate controls (and spend) to mitigate the risk you carry.

Detect and respond

The attack and defence mechanisms of cyber security are constantly moving, which is why it’s vital for organisations to be able to adapt.

Monitoring threats and changes in tactics is key (for example the move away from macro-based phishing) to be able to adapt defences accordingly. But there is an inevitability that protection defences will be compromised at some point. For example, the Citrix Bleed vulnerability which allowed access into a company network, has been used in recent months on a large scale to facilitate ransomware attacks.

Cyber resilience is about accepting this inevitability and ensuring monitoring measures can spot security compromises, and your plans and technology can eradicate them swiftly (and hopefully without impact).

Security Operations Centres (SOCs) are implemented to perform this interception and eradication, but due to skill levels and the 24x7 coverage required, can be expensive to run internally. In response there has been an explosion of Managed Service Security Providers (MSSPs). These are organisations that offer outsourced monitoring and management of security devices and systems. They offer SOC services, commoditising the offering, significantly driving down cost and increasing protection.

A successful cyber attack can significantly impact an organisation’s profitability and reputation and could disrupt delivery of strategic plans and objectives, as well as services. Fully understanding the risk and implementing proportionate controls is key to addressing this risk.

Discovering the gaps and most effective remediations however is not easy. It requires a high-level of current expertise, meaning many organisations and companies now turn to Virtual Chief Information Security Officers (vCISOs) to help identify the current state, target state and to build a roadmap.

For more information about the ever-evolving cyber threat landscape, or how a virtual chief information security officer could support your business, get in touch at [email protected].

Related topics