Expert Speak
Trellix 2024 Cybersecurity Predictions: Shifting Trends in Threat Actor Behaviour
Written by John Fokker, Ernesto Fernández Provecho & Bevan Read at the Trellix Advanced Research Center
The region’s CISOs may feel like they have little to celebrate this New Year’s Eve. A burgeoning threat landscape; fewer technological and human resources; sprawling, unknowable infrastructure; and more sophisticated threats. Let’s take a closer look at the last challenge on that list. Attackers are agile and flexible. They have to be. When one avenue of infiltration is closed off, they pivot to another. This is the same in the longer term. New methods have arisen, sometimes because of the advent of some new technology, and other times because threat actors have figured out how to leverage an existing vector differently.
It is hard to keep track. There are a lot of sources CISOs must consult to keep abreast of dangerous developments. So, as we roll from 2023 into 2024, consider the following our New Year’s gift to you. Our experts have gathered three major developments in attack behaviour into a single spot in the hope this gives you an edge in the battles ahead.
Supply Chain Attacks Against Managed File Transfers Solutions
Managed file transfer (MFT) solutions, designed to securely exchange sensitive data between entities, inherently hold a treasure trove of confidential information. This ranges from intellectual property, customer data, financial records, and much more. MFT solutions play a critical role in modern business operations, with organizations relying heavily on them to facilitate seamless data sharing both internally and externally. Any disruption or compromise of these systems can lead to significant operational downtime, tarnished reputations, and financial losses. This makes them highly attractive targets for ransomware actors who are aware of how the potential impact enhances the potency of their extortion demands.
Furthermore, the complexity of MFT systems and their integration into the internal business network often creates security weaknesses and vulnerabilities that can be exploited by cybercriminals. Just in the last month, we saw the Cl0P group exploiting the Go-anywhere MFT solution and the MOVEit breach, turning one successful exploit into a major global software supply chain breach. In the next year, we expect these types of attacks only to increase, with participation from numerous threat actors. Organizations are strongly advised to thoroughly review their managed file transfer solution, implement DLP solutions and encrypt sensitive data to protect themselves.
Malware Threats are Becoming Polyglot
In recent years, there has been a noticeable rise in the utilization of programming languages like Golang, Nim, and Rust for the development of malicious software. While the volume is still low compared to other languages like C or C++, that is something we expect to change in the future.
Go’s simplicity and concurrency capabilities have made it a favourite for crafting lightweight and speedy malware. Nim’s focus on performance and expressiveness has rendered it useful for creating intricate malware. Meanwhile, Rust’s memory management features are attractive to ransomware groups and other threat actors concerned about the encryption efficiency of malware samples.
What adds to the complexity of this burgeoning space is the lack of comprehensive analysis tools for these languages. The relative newness of Nim and Rust means that established security tooling is less abundant compared to languages like C or Python. This scarcity of analysis tools poses a significant challenge for cybersecurity experts aiming to dissect and counteract malware written in these languages.
We’re already starting to observe an increase in Golang-based malware in recent months, and thus, predict that 2024 will see a notable surge in malware from these languages.
Even More Layers of Ransomware Extortion
As ransomware groups are primarily financially driven, it’s unsurprising to see them find new ways to extort their victims for more money and pressure them to pay the ransom. We are starting to see ransomware groups contact the clients of their victims as a new way to apply pressure and combat recent ransomware mitigations. This allows them to ransom the stolen data not only with the direct victim of their attack but also with any clients of the victim who may be impacted by the stolen data.
Ransomware groups finding ways to leverage the media and public pressure onto their victims isn’t new. Back in 2022, one of Australia’s most significant health insurance companies suffered from a data breach. In tandem with their ransom to the insurance company, the threat actors publicized much of the medical data — leading to pressure from the public and officials to pay the ransomware actors to take down the medical information. In addition, due to the tremendously private nature of data being released, clients walked into the insurance company’s shopfronts and offered to pay for their details to be removed. In 2023, observing a similar event, a ransomware group threatened to contact the clients of companies they had compromised, offering them the option to pay to remove their personal and private details from the exposed data.
As this additional form of extortion grows in popularity, it adds a 5th avenue for these attackers to ransom those affected. We expect to see a shift in the landscape where ransomware groups more often look to target entities that handle not only sensitive personal information, but intimate details that can be used to extort clients. It would not be surprising for the healthcare, social media, education, and SaaS industries to come further under fire in 2024 from these groups.
Ready Your Sword
Take heart. The road ahead is filled with peril, but knowledge is your sword. With it, you can sustain your SOC team and let them know what to look out for. Attackers should not be the only ones who adapt. We must do the same. Have a safe 2024.
Expert Speak
Shadow IT – Is It Really a Problem?
Personally, I love shadow IT—most employees do. But is it a problem? Let’s explore.
Wondering what shadow IT is? Shadow IT refers to the use of software and hardware tools or services by employees without the knowledge of the organization’s IT department.
The use of shadow IT tools has been a topic of discussion for years, with each company having its stance. Using these tools is often more about personal preference than anything else, and the same applies to how companies handle them. Most people lean toward shadow IT because official IT software tools often do not offer features that cater to individual preferences.
Some commonly used tools that fall under shadow IT include project management tools like Trello and Notion, messenger apps like WhatsApp, and file transfer apps like WeTransfer and Dropbox. The common factor? They’re all easy to access and use. However, with the rise of GenAI, everyone’s new shadow IT tool is ChatGPT.
The problems
I’m sure you already know the main issues that make companies dislike shadow IT tools: privacy and security.
Let’s look at ChatGPT. The use of ChatGPT isn’t regulated in most organizations, and many companies are still at a crossroads regarding GenAI tools. There’s a risk of employees unintentionally sharing sensitive information, leading to data leaks. This could include intellectual property, like code used to build applications, or personal information such as phone number, email address, house address, and more.
Whatever the sensitive information may be, it’s not safe to share it with tools like ChatGPT. Threat actors are constantly trying to breach systems, especially widely used tools like ChatGPT, where there’s much to gain. There’s still an obvious vulnerability here despite companies providing best practices to employees.
Another problem with shadow IT tools is that they restrict collaboration. If one team member uses a cool, new project management app to track progress and others use a different tool, it’s difficult to stay on the same page. For example, design and development teams often work together on the same project, such as designing web pages.
If the design team uses one project management tool and the development team another, how can they collaborate and work in sync to meet deadlines? It creates unnecessary friction. This is why organizations provide the same, approved project management tools for everyone. While using different tools might boost individual productivity, it can cause productivity issues within the project as a whole.
From a financial standpoint, companies pay for business tools that their employees use. If employees start using free online tools instead, the money spent on approved tools for a user who uses a shadow IT tool instead becomes a loss for the company.
Additionally, when organizations approve software solutions, those tools are vetted by a team of professionals and comply with the laws and regulations that the company must follow. However, we can’t be sure those tools are compliant when employees download apps on an ad-hoc basis, and employees usually don’t check for these things when they download or use shadow IT apps.
The good
Shadow IT tools are awesome. We all agree on that. The tools organizations give us, or approve, are often outdated. They’ve been around in the tech landscape for years (for good reasons, of course), but as technology advances, we don’t want to be tied to old tools that lack new features, which could make our work easier.
Restricting access to apps doesn’t feel great. We all work differently and have unique preferences. Using shadow IT tools that we like makes us feel more productive, and empowered, and allows for individuality in the workplace. When we use tools we love, we tend to be more efficient compared to when we’re stuck using approved, traditional tools that may lack the features we need.
The verdict
Shadow IT comes with many advantages, and dismissing it solely because of the risks isn’t wise. If we think about it, all tools carry some degree of risk. It’s up to us to be educated and understand how to use them securely and efficiently while benefiting the team and the company we work for. Shadow IT tools might benefit you individually, but what’s more important is to look at the bigger picture and ensure that your teamwork doesn’t get affected because of this.
Speaking of the financial loss that a company incurs while giving out tools that an employee may not need, what can be done instead is that organizations can avoid giving all the tools that an employee might need. Even if it’s a tool that employees may need regularly, us a request-based system so that employees reach out to get a paid tool by the company only if they need it and want to use it. This eliminates the unnecessary cost incurred by the company when an employee is provided with paid tools by default but chooses to use a shadow IT tool instead.
At first glance, shadow IT might seem like a problem, but with employee education and empowerment, it doesn’t have to be. Restricting shadow IT tools is easy, but educating employees is key.
ManageEngine is a company that believes in employee-driven innovation and encourages its employees to be aware of secure cybersecurity practices while allowing room for individuality. To learn more about ManageEngine and its offerings that allow you to have a secure and efficient IT infrastructure, click here.
Cyber Security
How to Decrease the Burden of Authentication Requirements
Written by Roman Cuprik, Content Writer at ESET (more…)
Cyber Security
Skills Gap Exposes Organisations to Risks
Written by Rob Rashotte, Vice President, Global Training & Technical Field Enablement at Fortinet (more…)
-
Cyber Security7 days ago
Tenable Urges Organisations to Reimagine Cybersecurity at GITEX 2024
-
Cyber Security7 days ago
Check Point Software to Emphasise its Prevention-First Approach to Cyber Security
-
GITEX1 week ago
OPSWAT to Showcase its Mobile Critical Infrastructure Protection Lab at GITEX 2024
-
GITEX1 week ago
Fortinet to Focus on Digital Transformation with Advanced Security at GITEX 2024
-
GITEX1 week ago
Snowflake to Demo its AI Data Cloud at GITEX 2024
-
GITEX7 days ago
Sophos to Highlight Advanced MDR Capabilities at GITEX Global 2024
-
Critical Communications3 days ago
Hytera to Show Off 4G and 5G Body Cameras for Law Enforcement at GITEX GLOBAL 2024
-
Artificial Intelligence6 days ago
Dataiku Launches LLM Guard Services to Control Generative AI Rollouts