Saturday, February 4, 2023
spot_img
spot_img

‘More is More’ is the mantra cybercriminals live by

spot_img
spot_img
spot_img
- Advertisement --

By Vishak Raman, Vice President of Sales, India, SAARC, and Southeast Asia at Fortinet

Cybercrime has become a serious nuisance with its high rate of attacks that are getting beyond control. While “less is more” is the strategy of CISOs behind consolidating networks and security, “more is more” seems to be the mantra cybercriminals continue to live by. As we look at our threat predictions for 2023 and beyond, there is “more” at every turn. Cybercrime will converge with advanced persistent threat methods and cybercriminals are finding ways to weaponize new technologies at scale to enable more disruption and destruction. The most troubling trend we’ve observed across the cyber landscape this year that we anticipate will continue into the future—is that threats of all kinds are becoming increasingly ubiquitous. From Ransomware-as-a-Service (RaaS) to new attacks on non-traditional targets like edge devices and virtual cities, the growing volume and variety of increasingly sophisticated cyber threats will surely keep security teams on their toes in 2023 and beyond.

New Threat Trends in 2023 and Beyond: It’s not surprising that cyber adversaries will continue to rely on tried-and-true attack tactics, particularly those that are easy to execute and help them achieve a quick payday. However, FortiGuard Labs predicts that several distinct new attack trends will emerge in 2023. Here’s a glimpse of several attack developments we’ll be watching for in the next year:

The Enormous growth of CaaS: Given cybercriminals’ success with RaaS, we predict that a growing number of additional attack vectors will be made available as a service through the dark web. In addition to the sale of ransomware and other Malware-as-a-Service offerings, we’ll also start to see new a-la-carte criminal solutions.

Money Laundering Meets Machine Learning: We also expect that money laundering will get a boost from automation. Setting up money mule recruitment campaigns has historically been a time-consuming process. We anticipate that cybercriminals will start using machine learning (ML) for recruitment targeting, helping them to identify potential mules better while reducing the time it takes to find these recruits. Over the longer term, we expect that Money Laundering-as-a-Service (LaaS) is also on the horizon, which could quickly become part of the growing CaaS portfolio.

Deep Web Destinations Welcome a Wave Cyber Crime: Since the availability of newer online destinations like virtual cities that take advantage of augmented reality (AR), virtual reality (VR), and mixed reality (MR) technologies has provided immense gateways to users, they also open the door to innumerable cases of cybercrime. From virtual goods and assets that can easily be stolen to potential biometric hacking, we expect this attack surface will result in a new wave of cybercrime.

Rampant use of wipers: We’ve already witnessed the alarming growth in the prevalence of wiper malware, but nothing can stop the attackers. Beyond the existing reality of threat actors combining a computer worm with wiper malware, and even ransomware for maximum impact, the concern going forward is the commoditization of wiper malware for cybercriminals. Malware that may have been developed and deployed by nation-state actors could be picked up and re-used by criminal groups and used throughout the CaaS model. Since it is widely and easily available,  combined with the right exploit, wiper malware could cause massive destruction in a short period of time given the organized nature of cybercrime today.

Ways to Protect Your Organization Against the Evolving Threat Landscape: Although the enormity of threats can often feel like an uphill battle, the positive news is that most of the tactics they’re using to execute these attacks are familiar, which better positions security teams to protect against them.

Understanding the lifecycle of an attack can go a long way in helping you protect your networks—the MITRE ATT&CK framework is an excellent resource. Implementing network segmentation is also critical in protecting your organization against cyber criminals. Segmentation improves security by preventing attacks from spreading across a network and infiltrating unprotected devices. Segmentation also ensures that malware can’t spread into your other systems.

Cybersecurity defenses have traditionally been deployed one solution at a time, usually in response to an emerging challenge. But a collection of point solutions simply doesn’t work in today’s growing threat landscape. Consolidation and integration into a single cybersecurity platform are crucial, especially considering the increasing ubiquity of all types of threats today, no matter the industry or the size of an organization.

Using an inline sandbox service is a good option to protect against sophisticated ransomware and wiper malware threats. It offers real-time protection against evolving attacks because it can ensure only benign files will be delivered to endpoints if integrated with a cybersecurity platform.

Implement Network Segmentation and Micro-segmentation: Micro-segmentation is a network security technique that enables security architects to further segment an environment for lateral visibility of all assets in the same broadcast domain. Granularity is achieved by logically dividing the network environment into distinct security segments down to the individual workload level. Because policies are applied to individual workloads, micro-segmentation offers enhanced resistance to attacks. In the event of a breach in security,  it limits a hacker’s ability to move among compromised applications.’

If you have an interesting Article / Report/case study to share, please get in touch with us at editors@roymediative.com  roy@roymediative.com, 9811346846/9625243429.

- Advertisement -
spot_img
spot_img
spot_img
spot_img