The cyber threat landscape is very fluid, with cybercriminals constantly adjusting tactics to stay ahead of organizations. Commoditisation is also making cybercrime easier through the use of toolkits. Here, Dave Prezzano highlights four attack trends to be aware of...
Cybercrime has never been more accessible for opportunistic criminals. The proliferation of cybercrime marketplaces has seen collaboration increase, but also means hacking tools are more available than ever. In fact, 76 percent of malware kits are on sale for less than £10. These marketplaces have also given malicious actors a place to easily buy and sell access to corporate networks, malware, and attack techniques. As a result, more users – as well as their PCs and printers – will end up being targeted by cybercriminals in the year ahead.
Despite these changes in the threat landscape, organizations are facing tightened purse strings that will prompt some hard decisions. As organizations prepare to take on this balancing act, here are some cyber attack trends that must be considered when examining security strategies:
The increased cost of living could create more ‘cyber hustlers’ aiming to make money fast, putting users at risk
The cybercrime gig economy has made cybercrime easier, cheaper, and more scalable. Cybercrime tools and mentoring services are affordable and plentiful, enticing cyber hustlers – opportunists with low levels of technical skill – to access what they need to turn a profit. As we face another global downturn, easy access to cybercrime tools and know-how could increase the number of scam SMS messages and emails we see in our inboxes.
As an industry, we know that email is the most common attack vector, particularly for opportunists looking to make money fast like cyber hustlers, who use simpler techniques like scams and phishing. The interconnectedness of the cybercrime ecosystem means threat actors can easily monetise these types of attacks. And if they strike gold and compromise a corporate device, they can sell that access to bigger players, like ransomware gangs. This all feeds into the cybercrime engine, giving organized groups even more influence.
As attacks against users increase, having security built into devices from the hardware up will be essential to prevent, detect and recover from attacks. Fostering a healthy security culture is vital for building resilience - but only when combined with technology that reduces an organization’s attack surface. By isolating risky activities like malicious emails, entire classes of threats can be eliminated without relying on detection. Threat containment technologies ensure that if a user opens a malicious link or attachment, the malware can’t infect anything. This way organizations can reduce their attack surface and protect employees without hindering their workflows.
Device firmware and the hardware itself will be at risk of cyber attack
In 2023, organizations should take control of firmware security. Once, firmware attacks were only used by highly advanced threat groups and nation states but over the last year, we’ve seen early signs of increased interest and development of attacks below the operating system in the cybercrime underground – from tools to hack BIOS passwords, to rootkits and trojans targeting a device’s firmware. We now see firmware rootkits advertised on cybercrime marketplaces for a few thousand dollars.
Advanced threat actors are always aiming to keep their attack capabilities ahead of the curve. Unfortunately, organizations often overlook firmware security, creating a large attack surface for adversaries to exploit. Access to the firmware level enables attackers to gain persistent control and hide below the operating system, making them very hard to detect – let alone remove and remediate.
Organizations should follow best practices and standards to secure device hardware and firmware. They should also understand and evaluate state-of-the-art technologies that protect, detect, and recover from firmware attacks.
Remote session hijacking could put critical systems in the crosshairs
I expect that session hijacking – where an attacker commandeers a remote access session to access sensitive data and systems – will grow in popularity in 2023. By targeting users with privileged access to data and systems – such as domain, IT, cloud and system administrators – these attacks are higher impact, challenging to detect, and more difficult to remediate.
In an attack scenario, the targeted user will typically be unaware that a compromise has occurred. It takes milliseconds for an attacker to inject key sequences that could create a backdoor within a privileged environment. These attacks are all the more dangerous because they can bypass privileged access management (PAM) systems that employ multi-factor authentication, such as smart cards.
Suppose such an attack involves an industrial control system operating within a factory or industrial plant. The intrusion could impact availability and, potentially, physical safety. Carefully segregating access to systems is the only way to counter these attacks. Traditionally, organizations would achieve this through physically separate systems, like privileged access workstations, but now hypervisor-based approaches use virtualisation to enforce strong virtual separation too.
Print security can’t be an afterthought in 2023
2023 will demand more actionable intelligence to spot threats, proactively protect assets and support decision-makers. As cyber security budgets are under scrutiny, print security is at risk of continuing to be an overlooked piece of the overall cyber security posture. And with workers connecting corporate devices to printers beyond the control of IT teams due to hybrid working, those risks are increasing. Organizations will need to develop security policies and processes for monitoring and defending print devices from attack, both in the office and at home. One challenge is that the volume of security telemetry coming from endpoints, including printers, is increasing daily. That's why security teams need contextual insights to identify the highest-level risks, the steps to mitigate them and support boardroom decision-making in allocating budget. As a result, we'll see organizations focus investments on solutions and services that deliver actionable intelligence rather than simply providing more and more security data.
Fighting against the tide
While cybercriminals ramp up activity, organizations must make effective decisions when it comes to security. The majority of breaches start at the endpoint, so enterprises can reduce the burden on security teams by layering protection from the hardware up.
Regardless of the threats facing organizations in 2023, the way we protect devices and data needs to evolve. Boardrooms will need to be smart about how they allocate their resources. Meanwhile, security teams will need excellent visibility of which areas of the organization are most at risk and the impact of a breach. A layered and integrated approach to security, starting at the hardware level, will be crucial. This will reduce the attack surface against known and emerging threats, build resilience, and help organizations gain actionable security insights into their environment, so that important data is kept safe.
Dave Prezzano is Managing Director, UK & Ireland, HP Inc.