Bhopal: During the APAC National Cloud & Cyber Security Summit, Vishal Lanjekar, Strategic Cyber Security Advisor (JAPAC) at Palo Alto Networks, spoke at length about the different cyber security threats that constantly develop with modern days, stressing on the importance of redefining them to form a resilient response against them.
Redefining cyber threats in today’s day
Geopolitical tensions: Geopolitical tensions can manifest in the form of cyber attacks, where nations or state-sponsored entities use digital means to compromise the security or infrastructure of another country. This can include activities such as hacking into government systems, critical infrastructure, or engaging in espionage to gain sensitive information, monetary gains and sabotage.
Economic espionage: This type of cyber attack involves unauthorised access to or theft of sensitive economic information for the benefit of another country or organisation. Techniques, such as hacking into corporate networks, infiltrating databases, or utilising malware to gather confidential information related to trade secrets, intellectual property, or economic strategies, are employed.
Proliferation of non-state actors: Non-state actors, such as hacktivist groups or cybercriminal organisations, may conduct attacks for various motives, including political, ideological, or financial gains.
Transnational crimes: Transnational criminal organisations engage in various cyber attacks to further their illicit activities, such as financial fraud, money laundering, and trafficking. These cyber attacks can include hacking into financial systems, conducting identity theft, or exploiting vulnerabilities in networks for criminal purposes.
Terrorism: Cyber attacks carried out by terrorist groups involve the use of digital means to achieve their objectives, which can range from spreading propaganda to causing disruption or damage. These attacks may target government systems, or individuals with the aim of instilling fear, advancing ideological goals, or achieving broader political objectives.
Tools that are used for these threats include ransomware, social engineering, hacktivism and AI, including fraud GPT and worm GPT. It also includes Distributed Denial of Service (DDoS), a type of cyber threat where multiple compromised computers are used to flood a target system or network with traffic, causing a disruption in its normal functioning. The goal is to overwhelm the target’s resources, such as bandwidth or server capacity, making it inaccessible to legitimate users.
Cloud-focused cyber threats
Cloud-focused cyber threats refer to a type of cybersecurity risk that specifically targets cloud computing environments and services. Cloud-focused threats can exploit vulnerabilities in cloud infrastructure, applications, or data stored in the cloud. Common examples include unauthorised access to cloud accounts, data breaches, misconfigurations, and attacks on cloud service providers.
Use of TTPs to execute cyber threats
TTPs in the context of cyber threats stand for tools, tactics, and procedures. These are the methodologies and behaviours that malicious actors employ to carry out cyber attacks.
Tools include exploiting software vulnerabilities, using social engineering tactics, or deploying malware. Tactics for executing cyber threats include stealing sensitive information, disrupting services, or gaining unauthorised access. And procedures provide a more granular level of information about how an attack is carried out in a specific instance.
Some common TTPs include external remote services, where attackers gain unauthorised access to a target system or network and utilise external remote services to establish a foothold or maintain access. They then proceed to leverage external remote services as a means to enter and navigate through a network, especially if these services have security vulnerabilities or are improperly configured.
Another type of TTP used is through valid accounts where attackers blend in with legitimate user activity, making it more challenging for security systems to detect and respond to their presence. They acquire or compromise legitimate user credentials through methods like phishing, credential stuffing, or keylogging. Once obtained, valid accounts are used to log in and navigate within the target system without raising suspicion.
As-a-service business model
As-a-service cyber attack models refer to illicit services offered by cybercriminals to facilitate various malicious activities. This model allows individuals or groups without advanced technical skills to access and deploy sophisticated cyber attack capabilities. It includes ransomware-as-a-service, phishing-as-a-service and fraud-as-a-service (like identity threats).
Ransomware-as-a-service: In this business model ready-to-use ransomware or tools for creating custom ransomware are offered. Some RaaS platforms operate on an affiliate basis, where affiliates distribute the ransomware and receive a percentage of the ransom payments.
Phishing-as-a-service: In this model pre-built phishing kits are provided that include fake websites, email templates, and other tools to facilitate phishing attacks. Services may offer assistance in harvesting and selling login credentials obtained through phishing attacks.
Fraud-as-a-service: In this model services for buying and selling stolen credit card information are offered which often include additional details like cardholder names and addresses. Services are provided for taking over user accounts, including methods for credential stuffing, phishing, or other techniques. They also assist in creating and distributing fake documents for various fraudulent activities, such as identity theft.
How does one strategically approach these modern-day attacks?
Develop a breach mindset: Stressing on the fact that nothing is 100% secure, Lanjekar suggests developing a breach mindset where one knows the steps to take if a breach happens and responds accordingly.
Threat centric approach: Lanjekar proposes developing cyber security policies and controls, looking at one’s organisation’s digital infrastructure from an attacker’s point of view.
Collaboration: Lanjekar highlights the importance of collaboration and says companies need to collaborate within, as well as outside their organisation, with multiple agencies and private sector players to build a community which is led by intelligence and driven by AI, and can automatically detect threats and quash them.
Discussion about this post