Organizations need to consolidate and automate their security infrastructure to enable them to better monitor and manage their attack surfaces and prevent all types of threats with less complexity and less demand on staff resources
This is an exclusive interview conducted by the Editor team of CIO News with Kazi Nazrul Islam, Deputy Chief information security and compliance officer (DCISCO) at IT Consultants Limited.
The sport of attack:
Cyberattacks across all industry sectors increased 25–39% in the third quarter of 2022 compared to 2021, and multiple global cyber research studies predict a continued sharp rise worldwide, driven by increases in ransomware exploits and in state-mobilized hacktivism driven by international conflicts. At the same time, organizations’ security teams will face growing pressure as the global cyber workforce gap of 3.4 million employees widens further and governments are expected to introduce new cyber regulations to protect citizens against breaches.
In 2022, cyber criminals and state-linked threat actors continued to exploit organizations’ hybrid working practices, and the increase in these attacks is showing no signs of slowing as the Russia-Ukraine conflict continues to have a profound impact globally. Organizations need to consolidate and automate their security infrastructure to enable them to better monitor and manage their attack surfaces and prevent all types of threats with less complexity and less demand on staff resources.
Type of attack prediction for 2023:
- Crime-as-a-service (CaaS)
- Edge device attack (OT systems and satellite-based internet networks)
- Hello, crypto wallet heists
- Segmentation attack
Details of attack service and preventive measures:
Where an experienced cyber-criminal develops advanced tools or services that are put up either for sale or rent to other, often less experienced cyber-criminals. As a result, even those with limited knowledge and expertise are able to carry out attacks with relative ease.
Common types of CaaS:
Ransomware-as-a-Service (RaaS): A more popular attack service that is climbing faster.
DDoS-as-a-Service: This is a favourite of unscrupulous competitors looking to sabotage other companies in their industry, and it may even be carried out by disgruntled employees.
Phishing kits: 97 per cent of employees may not be able to spot a phishing email. Google and Facebook were both taken for $100 million (USD) each.
Malware kits: Malware-as-a-service is becoming one of the most popular tools for crooks. Most of the kits feature a rental-based business model where an individual pays for an account.
Although there’s nothing you can do directly to stop cyberattacks from occurring as a whole, there’s plenty you can do to protect your organization. It all revolves around a two-pronged approach:
- Cybercrime prevention
- Post-incident containment
Standard security tools—EDR technology, sandbox solutions augmented with MITRE ATT&CK mappings, anti-malware engines using AI detection signatures, advanced intrusion prevention system (IPS) detection, and NGFWs—must be able to scale to address the proliferation of cyber threats. New reconnaissance tools and services that monitor dark web activity, such as locating compromised credentials for sale, are essential in helping organisations stop attacks before they can happen. Ideally, these technologies should be deployed everywhere an organisation operates, from data centres to branch offices, using an integrated security platform that can see, share, correlate, and respond to threats as a unified solution. Finally, using deception technology such as honeypots is essential in developing a secure infrastructure and detecting attacker activity early in the kill chain.
Edge device attack (OT systems and satellite-based internet networks):
The motivation for cybercriminals looking to exploit edge devices is simple: Targets like OT systems and satellite-based networks offer attackers new entry points into an organization’s environment. The increase in network edges also means there are more places for living-off-the-land-type threats to hide, allowing attackers to make their malicious operations appear as normal network activity and go undetected.
The attack also knocked nearly 6,000 German wind turbines offline, where turbine controls became unavailable because of their compromised satellite connection.
To protect OT successfully, we must also protect IT. Security must be part of any IT/OT convergence strategy from day zero. There are foundational steps security leaders can take to ensure their OT and IT environments are secured. Best practices include conducting network mapping and connectivity analysis, detecting suspicious activities, implementing a zero-trust framework, aligning the right remote access tools, and implementing a strong identity and access management (IAM) strategy.
Hello, Crypto Wallet Heists:
Bank transactions and wire transfers used to be prime targets for cybercriminals. Yet as banks increasingly enhance their security measures—encrypting transactions and requiring multi-factor authentication (MFA)—it’s now more difficult for hackers to intercept these transactions. But as the saying goes, “When one door closes, another opens.” As predicted, we observed more instances of malware designed to target stored crypto credentials and drain digital wallets. Digital wallets are easy targets for hackers, as they tend to be less secure. We can point to numerous examples of major non-fungible token (NFT) hacks that occurred in 2022. In February, attackers launched a phishing attack on OpenSea users, stealing $1.7 million in NFTs. Then hackers successfully stole $400K in NFTs from Premint users just a few months later. Several NFT hacks that occurred on the popular social platform Discord also made headlines. That said, the vulnerabilities and further exploitation of these blockchains have yet to be widely exploited, which may fuel further scepticism regarding cryptocurrency markets.
Keeping crypto wallets safe starts with the wallet owner. Using a non-custodial wallet is preferred, as it gives the crypto user full ownership of their cryptocurrency holdings and control over their private keys. A custodial wallet—or one owned by a third party—is riskier, as the user doesn’t have total control over their wallet.
Segmentation attack and preventive measures:
Network segmentation offers many benefits for businesses. Segmentation improves security by preventing attacks from spreading across a network and infiltrating unprotected devices. In the event of an attack, segmentation also ensures that malware can’t spread into other enterprise systems. Micro segmentation is a network security technique that enables security architects to further segment an environment for lateral visibility of all assets in the same broadcast domain. Granularity is achieved by logically dividing the network environment into distinct security segments, down to the individual workload level. Because policies are applied to individual workloads, microsegmentation offers enhanced resistance to attacks. And if a breach does occur, it limits a hacker’s ability to move among compromised applications.
Also read: Technology is always going to be in the game
CIO News, a proprietary of Mercadeo, produces award-winning content and resources for IT leaders across any industry through print articles and recorded video interviews on topics in the technology sector such as Digital Transformation, Artificial Intelligence (AI), Machine Learning (ML), Cloud, Robotics, Cyber-security, Data, Analytics, SOC, SASE, among other technology topics