Connect with us

Expert Speak

The Convergence of the Threat Landscape is Here

Published

on

As organizations continue to embrace digital transformation, the phenomenon of convergence is taking place in several different ways. For example, more and more use cases are being developed where previously distinct and separate technologies—such as IT and OT—are being integrated.

This presents a double-edged sword for organizations everywhere. Businesses are undoubtedly reaping the benefits of digital transformation—finding business efficiencies, saving costs, and successfully enabling their employees to Work From Anywhere (WFA). But these rapid changes are opening the floodgates for cybercriminals who now have more attack surfaces than ever at their disposal for carrying out malicious activities.

It’s not surprising that bad actors are catching on and upping the ante accordingly. We’re increasingly seeing cybercriminals targeting the expanding digital attack surface by executing more complex and destructive attacks, resulting in more widespread impact.

Meanwhile, the threat landscape is also converging. Recent attack trends are showing the evolution of cybercriminals’ “borrowing” and converging models traditionally seen only among Advanced Persistent Threat (APT) groups. Here’s a closer look at what our FortiGuard Labs team is observing, along with what it means when it comes to managing your organization’s ever-changing risk.

The Convergence of Advanced Persistent Threats and Cybercrime
While a traditional attacker might use straightforward methods of infiltrating a network, such as deploying a Trojan or relatively simple malware, APT attackers use more advanced techniques. For example, an APT attacker might use elaborate espionage tactics over a longer period and involve multiple actors at an organization to meet a specific goal, such as getting behind that company’s firewalls.

The reality is that a business of any size can be a target, but high-profile APT attacks have historically targeted prominent businesses, public figures, or governments. Yet APT-style attacks—meaning more converged attack types—are on the rise, and what’s concerning is that traditional cybercrime groups are now carrying them out.

Wiper malware is a prime example of the convergence between APT-style activity and general cybercrime. Wipers are a tactic we typically observe being used by nation-state actors, while non-APT cybercrime groups usually distribute malware such as ransomware.

Wiper malware isn’t new—the first instance surfaced in 2012—yet we’re seeing a growing trend of cybercriminals using these more destructive and sophisticated attack techniques and doing so in OT environments. In the first six months of 2022, we observed at least eight significant new wiper variants—WhisperGate, HermeticWiper, AcidRain, IsaacWiper, DesertBlade, CaddyWiper, DoubleZero, and Industroyer.V2—used by attackers in various targeted campaigns against government, military, and private organizations. This number is important because it’s nearly as many total wiper variants as having been publicly detected in the past 10 years. While we saw a substantial increase in the use of this attack vector in conjunction with the war in Ukraine, the use of disk-wiping malware was also detected in 24 additional countries.

Emerging Trends: Targeted Playbooks, More Destruction, Stealthier Tactics
In addition to the convergence of the types of threats attackers rely on to achieve their new, more destructive goals, we’re also seeing general cybercrime attack playbooks become more targeted. This is a shift among general cybercrime, as targeted playbooks are typically a hallmark of APT groups.

This trend is especially evident when we look at ransomware activity. In fact, according to a recent survey, 85% of organizations are more worried about a ransomware attack than any other cyber threat.

And attackers are becoming stealthier as they seek to fly under an organization’s radar. In the past six months, we’ve observed defense evasion as the top tactic employed by malware developers. Hiding malicious intentions is one of the essential skills for malware developers to master, so it makes sense that they’d try to achieve this by hiding commands to evade a business’s defenses.

What This Means for Security Professionals
As advanced persistent threats begin to converge with general cybercrime, cybercriminals are increasingly focused on trying to evade security, detection, intelligence, and controls. They’re spending more time on reconnaissance and are finding ways to weaponize new technologies.

Like all security challenges, there’s no single solution or a quick fix to protecting your organization against this type of activity. Yet one of the best protective measures you can take is proactively creating behavioral-based detections based on updated, real-time threat intelligence. Organizations will be better positioned to secure against the broad toolkits of adversaries armed with this actionable intelligence. Integrated, AI and ML-driven cybersecurity platforms with advanced detection and response capabilities powered by actionable threat intelligence are important to protect across all edges of hybrid networks.

To protect against more destructive ransomware, organizations, regardless of industry or size, need a proactive approach that can evolve as ransomware evolves. Real-time visibility, protection, and remediation coupled with advanced endpoint detection and response (EDR) are critical. An inline sandbox on a firewall can hold suspicious files for malware analysis until it is safe to be let onto the network.

In addition, services such as a digital risk protection service (DRPS) can be used to do external threat surface assessments, find and remediate security issues, and help gain contextual insights on current and imminent threats. Regardless of “in-the-office” or “work-from-anywhere” zero-trust network access (ZTNA) is critical for securing access to applications regardless of where work or learning is taking place.

Managing a constantly evolving array of threats, tactics, and techniques, often feels like treading water in the open ocean. You can’t touch the bottom, and you’re not sure when the next boat will pass by. But the more we become aware of our surroundings and take steps to protect our organization from them, the better prepared we’ll be when the next storm inevitably starts to brew.

Cyber Security

Skills Gap Exposes Organisations to Risks

Published

on

Written by Rob Rashotte, Vice President, Global Training & Technical Field Enablement at Fortinet (more…)

Continue Reading

Expert Speak

Telegram’s Privacy Paradox: The Challenges of Balancing Security and Responsibility

Published

on

Written by Ram Narayanan, Country Manager at Check Point Software Technologies, Middle East

In the complex and ever-evolving world of digital communication, Telegram has emerged as a platform that uniquely exemplifies the tension between privacy, security, and the responsibilities of tech companies in the 21st century. From its inception, Telegram has distinguished itself from other social networks and messaging apps by offering features designed to enhance user privacy and facilitate large-scale communication. These include end-to-end encryption (in secret chats), anonymous accounts, and the ability to create groups with up to 200,000 members, making it a popular choice for users worldwide. However, this popularity brings significant challenges, particularly in the realm of cyber security.

One of Telegram’s most distinctive aspects is its strong emphasis on privacy. Unlike many other platforms, Telegram allows users to join groups and communicate without revealing their phone numbers, offering a level of anonymity highly valued in an age where digital footprints are increasingly scrutinized. This focus on privacy extends to its encryption practices, with end-to-end encryption available in secret chats, ensuring that messages are accessible only to intended recipients. Additionally, Telegram’s use of its MTProto protocol for standard chats balances speed and security, making it a preferred choice for users prioritizing both performance and privacy.

However, the same features that make Telegram attractive to privacy-conscious users also create vulnerabilities that can be exploited by malicious actors. The platform’s capacity for anonymous communication and its less aggressive approach to content moderation have made it a haven for those engaging in illegal activities. From the sale of illegal goods to the coordination of cyberattacks, Telegram’s infrastructure has, at times, facilitated activities outside the bounds of the law. This has led to growing concerns among governments and cybersecurity experts about the potential for misuse.

The recent arrest of Telegram’s CEO under allegations related to the platform’s use by illegal groups has brought these issues to the forefront. This event highlights the ongoing struggle to balance the protection of user privacy with the need to prevent and mitigate illegal activities online. It also raises important questions about the responsibilities of platform providers in policing content and communications on their networks. In a world where digital privacy is increasingly valued, how can platforms like Telegram ensure they are not inadvertently enabling criminal behaviour? What role should governments and cyber security firms play in monitoring and regulating these platforms?

From a cyber security perspective, Telegram’s challenges are significant. The platform’s distributed infrastructure, spread across multiple jurisdictions, makes it difficult to block or take down, even in countries where it is officially banned. This resilience against censorship is one of Telegram’s key strengths, allowing it to remain operational in regions with restrictive governments. However, it also means that law enforcement agencies face significant hurdles in monitoring and shutting down illegal activities on the platform. The built-in proxy support that allows users to bypass government restrictions further complicates efforts to control the flow of information and activity on Telegram.

Another key issue is the scale at which Telegram operates. With the ability to create groups of up to 200,000 members, Telegram facilitates the rapid dissemination of information, which can be both a blessing and a curse. While this capability allows for the formation of large, engaged communities, it also makes it easier for bad actors to spread harmful content or coordinate large-scale illegal activities. The sheer size of these groups makes moderation a daunting task, and Telegram’s relatively lenient approach to content takedowns has been a point of contention for critics who argue that the platform does not do enough to curb illegal behaviour.

Despite these challenges, Telegram’s rise to popularity is understandable. The platform offers a level of privacy and functionality that is unmatched by many of its competitors. For users who value their anonymity and want to engage in large-scale communication without the fear of being tracked or monitored, Telegram is an ideal choice. The platform’s features are particularly appealing in regions where government surveillance is prevalent, providing users with a means of communication that is resistant to censorship and government interference.

However, as the arrest of Telegram’s CEO demonstrates, the platform’s success comes with significant risks. The fine line between protecting user privacy and enabling illegal activities is one that Telegram, like many other tech companies, must navigate carefully. The challenge lies in finding a way to uphold the principles of privacy and freedom of speech while also taking proactive measures to prevent the platform from being used for nefarious purposes.

For cyber security firms, the situation with Telegram underscores the importance of developing advanced solutions that can address these complex issues. As the digital landscape continues to evolve, tech companies, governments, and cyber security experts need to work together to create an environment where users can communicate freely without fear of their privacy being compromised, while also ensuring that these platforms are not used to facilitate illegal activities. The arrest of Telegram’s CEO is a reminder of the ongoing challenges in this space and the need for continued innovation and collaboration to protect both individual freedoms and global security.

In conclusion, while Telegram offers unique advantages in terms of privacy and scalability, these same features also pose significant challenges from a cybersecurity standpoint. The platform’s resilience, anonymity, and large group capabilities make it both a powerful tool for legitimate communication and a potential hotspot for illegal activities. As we move forward, it will be crucial to find a balance that allows for the protection of user privacy while also addressing the security concerns that come with such a powerful platform.

Cyber security Tips for Telegram Users:

  1. Enable Two-Factor Authentication (2FA): Adding an extra layer of security to your Telegram account helps protect against unauthorized access.
  2. Be Cautious with Public Groups and Channels: Always verify the authenticity and purpose of public groups or channels before engaging to avoid potential scams or malicious content.
  3. Regularly Update Your Telegram App: Ensure you have the latest security patches and features by keeping your Telegram app updated.
  4. Use Secret Chats for Sensitive Conversations: Secret Chats offer end-to-end encryption, providing an additional layer of privacy for sensitive communications.
  5. Monitor App Permissions: Regularly check and manage the permissions Telegram has on your device to prevent unnecessary access to your data.
Continue Reading

Cyber Security

Is Artificial Intelligence a Boon or Bane for Cybersecurity?

Published

on

Written by Sergey Belov, Head of Internal Security at Acronis (more…)

Continue Reading
Advertisement

Follow Us

Trending

Copyright © 2021 Security Review Magazine. Rysha Media LLC. All Rights Reserved.