10 Cybersecurity Threats That Should Be Top Of Mind For All Companies
From hybrid attacks to fake LinkedIn phishing emails, experts outline what they consider some of the major and emerging cybersecurity threats.
They seemingly come in all shapes and sizes, 24/7, preying on both big and small victims, all across the world.
We’re talking, of course, about various forms of cyberthreats around the globe. Some threats are old, some are new, and some are new mutations of the old.
Cyberthreats are constantly evolving, with cyberintruders often reacting to the digital defenses thrown up by cybersecurity companies and coming up with new tactics and vectors to get around them.
In other words, cybercriminals learn and adapt and are constantly looking for system vulnerabilities.
As part of CRN’s Cybersecurity Week 2022, CRN recently talked to threat experts at two cybersecurity companies—John Fokker, head of threat intelligence at Trellix and a member of the new Trellix Advanced Research Center, and Martin Zugec, technical solutions director at Bitdefender—about some of cyberthreats they’re seeing out there.
The two companies also submitted written descriptions of threats as they see them. In addition, CRN relied on examples of other threats from cybersecurity vendors Nexusguard and Check Point Software Technologies.
Following are the 10 threats as cited by the four companies.
‘Ransomware is king’
From Trellix Advanced Research Center: “The ransomware landscape is changing since the arrests of REvil members earlier this year, and subsequent leak of Conti’s chats (research on REvil and Conti). Through the study of these actors, we’ve seen significant growth in cybercrime operations—with these groups functioning as full-blown enterprises with HR, call centers, and more. Since earlier this year, we’ve seen ransomware payments decrease, which is a positive. With new groups leading activity, the threat of ransomware is changing, but it will not go away. We expect to see continued and increased hits on smaller organizations and sectors like education.”
In an interview with CRN, Trellix’s Fokker said ransomeware is merely a form of “digital extortion.” And he added: “I think that it is here to stay,” though ransomware tactics and targets might change over time.
‘Blurring of cybercriminals and nation-state actors’
From Trellix Advanced Research Center: “In the wake of the Conti leaks, we saw that cybercriminal groups have publicly pledged their allegiance to governments and are suspected to even be acting on behalf of governments with some of their activity. The blurring of activity between cybercriminals and nation-state actors makes planning for cyberthreats even more important to organizations, as the information a common ransomware actor is often after is different than that of a nation-state or APT group (research on Russia and China).”
Trellix’s Fokker said another blurring of the lines has occurred via threat actors acting like contractors bidding out their services to nation states. “It is not necessarily mercenaries, but there are organizations that offer certain types of services or exploits to other countries,” he said.
‘Cyber as statecraft’
From Trellix Advanced Research Center: “ Nearly half (46 percent) of advanced persistent threat (APT) activity monitored appears to originate from Russian- and Chinese-backed groups. So, we’re also seeing more and greater efforts among nation states in the areas of espionage, warfare and disinformation to achieve their geopolitical objectives (research in Organizations and Nation-State Cyber Threats report).”
Other nation states engaged in cyber attack include North Korea and Iran, according to numerous published reports.
But Fokker said he’s always hesitant to name other nation-state players until his own Trellix researchers can confirm claims of suspicious cyberactivity by other nations. “When either the DOJ and or the UK or Western party attribute a certain attack to a (nation-state) threat actor and we have the same data that that concludes the same thing, then we’ll be more confident and saying OK,” he said.
‘Vulnerabilities in frameworks and software supply chain threats’
From Trellix Advanced Research Center: “We’ve had two great wake-up calls (Solar Winds and Microsoft Hafnium) which triggered business and government organizations to rethink software, supply chains, and security overall. The 2021 Log4J security flaw and follow-on exploits reminded us there will always be bad actors working tirelessly to identify and take advantage of software vulnerabilities. Our team recently found vulnerabilities in Python in the Windows implementation of eBPF which demonstrate the importance of identifying and correcting vulnerabilities in frameworks to protect the software supply chain, especially important since nation-state actors like China and Russia will launch dangerous and potentially catastrophic software supply chain attacks on both government and corporate networks.”
‘Increase in threats targeting agriculture, food supply, utilities and other critical infrastructure’
From Trellix Advanced Research Center: “Threats to critical infrastructure aren’t new, but they continue to be a problem for organizations to defend against. The overlap of operational technology (OT) with IT, and the often outdated nature of systems like Industrial Control Systems and Building Access Control Systems makes them easy targets (link to our research into ACS). We’re seeing more public reporting on threats to farming, agriculture and our food supply.”
A number of other cybersecurity experts have expressed concern about the security vulnerabilities surround key industries or emerging industries, such as autonomous-driving cars and private and public space flights. Trellix’s Fokker added his concerns about AI and facial-recognition technologies.
‘Threats to MSPs/MSSPs’
From Trellix Advanced Research Center: “The attack on Kaseya was in many ways a wake-up call for law enforcement to arrest members of REvil. We expect MSPs and other business services to see increased threats to their business (research into threats to business services).”
Trellix’s Fokker told CRN that more and more companies are turning over their security operations to outside companies such as MSPs and MSSPs and so those channel players make a tempting target for cybercriminals. “It’s a lucrative target,” Fokker said, noting threat actors can theoretically get at more customers if they attack through MSPs and MSSPs. “It’s like a force multiplier for attackers.”
‘Vulnerability exploits’
From Bitdefender: “Threat actors are using automated scanners to locate vulnerable services exposed to the internet. Unfortunately, this is still an effective method, and threat actors have a wide range of available vulnerabilities (and targets that are slow with patching). Log4j is a widely popular open-source library that contained a remote code execution vulnerability. This vulnerability was immediately exploited by cybercriminals – in many cases, they only planted a backdoor and fixed the vulnerability to prevent other threat actors from compromising the same network. Another popular target is Microsoft Exchange – with a range of vulnerabilities known as ProxyShell, ProxyLogon, and recently discovered ProxyNotShell. In the last year, the number of security breaches caused by these vulnerabilities has doubled (source: Data Breach Investigations Report).”
In an interview with CRN, Martin Zugec, technical solutions director at Bitdefender, said he’s seen these types of attacks doubling over the past year.
Hybrid attacks
From Bitdefender: “Hybrid attacks are a type of opportunistic attack where automated scanners look to find vulnerable systems, identify the vulnerability remotely, and then, if successful, switch to hands-on hacking rather than deploying malware. The initial compromise does not always mean that a hack will take place; the vulnerabilities are triaged by a human operator to determine if it‘s worth upscaling the attack. You can read more in the intro to Bitdefender’s Deep Dive into a Corporate Espionage Operation.”
In an interview with CRN, Bitdefender’s Zugec said cyberattackers are literally building automated scanners. “They just release it on the internet, identify vulnerable systems and after they get inside, that‘s pretty much it,” he said.
DDoS attacks on the rise
Nexusguard, a cloud-based DDoS solution provider, reports distributed denial-of-service (DDoS) attacks increased in the first half of the year by 76 percent, compared to the same time period in 2021. However, in a press release, the company did note that the average (0.59 Gbps) and maximum (232.0 Gbps) attack sizes each decreased by 56 percent and 66.8 percent, respectively, during the same time period.
Others are confirming that DDoS attacks are on the rise in general. Btw: the most recent notable DDoS attack occurred early this month during the launch of Overwatch 2, one of the biggest games of the year, as TechCrunch reports.
LinkedIn-themed phishing emails
Those with a LinkedIn account, beware. In the second quarter of 2022, LinkedIn remained the top brand used by cyberhackers in phishing attempts, according to cybersecurity vendor Check Point. It’s the second quarter in a row that LinkedIn has had the dubious honor of being the brand of choice for hackers.
But LinkedIn is far from the only brand hackers like to use to lure people into a false sense of security. There’s been a noticeable increase in the fake use of Microsoft and DHL brands in phishing attacks, according to Check Point. Others brands that hackers are using in phishing attacks include those of Adidas, Adobe and HSBC, according to Check Point.