Between Log4j, ongoing geopolitical tension and increasing ransomware attacks on public services, it’s clear that we urgently require modern defence strategies to protect not only businesses, but society at large.
With a focus on prevention, organisations must collectively face up to these emerging threats and adapt best practices to properly defend against future cyberattacks.
Sophisticated Attackers: Who and What To Watch Out For
Today’s threat landscape is plagued by numerous sophisticated attackers looking to cause disruption and gain valued assets. One of the most common and destructive threats to an organisation is lateral movement, a tactic in which an attacker moves on from a compromised device to others within the same network. An analysis by VMware Contexa found that 44% of intrusions included lateral movement. Attackers use this entry method to target valuable data and systems, island hop across networks, exfiltrate data, and deploy ransomware – all by gaining access into one entry point.
Today’s malicious actors are also incorporating deepfakes into their attack methods to evade security controls. Malicious synthetic media known as deepfakes leverages AI or machine learning to create false likenesses. VMware’s latest Global Incident Response Threat Report, unearthed that two out of three defenders saw malicious deepfakes used as part of an attack, a 13% increase from last year. Email was the top delivery method for deepfakes, which corresponds with the rise in Business Email Compromise (BEC) across the industry. The danger here is clear; identity fraudsters have a powerful new ally and verification measures need updated measures to fight back.
The potential for digital warfare is particularly high and must be factored into organisations’ cyber defence strategies, regardless of size, sector or location.
Prepare Your Defences: How to Fight Back
There are five key strategies organisations must implement now to ensure they are prepared against these sophisticated threat actors – from protecting against lateral movement to defending against ransomware attacks.
Focus on workloads holistically: Rather than just monitoring anomalous behaviour and vulnerabilities at key entry points, companies must expand their efforts to understand the inner workings of their entire workload.
Inspect in-band traffic: Don’t be fooled by attacks disguised as legitimate IT practices. If you use accepted protocols (such as the LDAP protocol that companies use to store usernames and passwords), attackers may connect to systems that should be off-limits. Don’t assume traffic shipped in a familiar wrapper is safe.
Integrate your network detection and response (NDR) with your endpoint detection and response (EDR): Detection and response technology employs real-time, continuous monitoring of systems to detect and investigate potential threats before using automation to contain and remove them. By combining EDR and NDR, enterprises can access a deep data set to lay a solid security foundation and gain visibility into both the endpoint and network.
Embrace Zero Trust principles: Assume every digital transaction could be dangerous and emphasise strong threat hunting and IR capabilities with broad visibility for the assumption of a breach, as well as robust identity, access and attribute management for every interaction between users and resources and among resources themselves. In addition to continuous security monitoring, all users must be authenticated and capable of accessing only authorised, relevant systems. This reduces the blast radius of an attack by disabling any east-west spread to other systems.
Conduct continuous threat hunting: Security teams must assume attackers have multiple avenues into their organisation. Threat hunting on all devices can help security teams detect behavioural anomalies.
Updating Defence Strategies Enables A Future-Ready Security Team
Despite the challenges facing today’s security teams, there have been promising indications that defenders are adapting their responses to effectively fight back. Cybercriminals are spending less time within an environment before an investigation occurs, and defenders are taking the initiative to adopt new techniques, such as virtual patching. While there is still ample room for improvement, defenders are becoming more resilient and proving they can continually adapt their defences to the threats of tomorrow.
About the Author
Rick McElroy is Principal Cyber Security Strategist, at VMware. VMware is a leading provider of multi-cloud services for all apps, enabling digital innovation with enterprise control. At the heart of everything we do lies the responsibility and the opportunity to build a sustainable, equitable and more secure future for all. Since our founding in 1998, our employees and partners have been behind the tech innovations transforming entire industries. Today, we continue to cultivate a culture of innovation where curiosity meets execution.
Featured image: ©lassedesignen
