With hackers constantly changing the way they target people, and staff members becoming victim to ever more technology they must secure, it can be difficult to keep on top of what the next big threat is
Ransomware has been dubbed 2022’s big threat to watch out for, but with all the security know-how out in the world, how do hackers still gain access to the building? What’s their current main entry point?
Phishing is nothing new, yet it is still one of the largest vulnerabilities to businesses today. Phishing criminals are always seeking ways to maximise their profits, and with phishing, they know they can do that by better tailoring the email lure to resonate with the intended recipient. At the end of 2021, BlackBerry revealed that Chinese cyberespionage group APT41 had been targeting victims in India using COVID-19 phishing lures. The image uncovered was that of a state-sponsored campaign that played on people’s hopes for a swift end to the pandemic as a lure to entrap its victims. If these hackers were then able to access the user’s business emails, servers or more, they have every opportunity to cause destruction.
It’s become increasingly difficult for everyday users to spot targeted phishing messages and spear phishing attempts. This means that phishing defence must involve a strong partnership and action between the employee and employer level. Employees can do their part with the usual security fundamentals, guaranteeing all their devices are protected by security software and enabling auto-updates to ensure that phishing attackers can’t exploit known, fixable vulnerabilities. Employers can help users bolster their phishing awareness not only through regular employee training, but also by arming users with endpoint security controls for both corporate and employee-owned devices.
Similarly to phishing, social engineering baits its victims into its trap. This can be done through various methods: email, phone, texting, in person, social media and more. Hackers are now targeting their prey in numerous ways. This is particularly true of users who work at organisations which have a high value to an attacker, such as banking and financial institutions.
For example, a threat actor could create a fake LinkedIn profile that looks convincing enough for staff to accept their friend request. They might then send messages to those employees under the guise of aspiring to a role at the company, or a sad personal story as to why they might need help in getting a job there, and an employee may share a small nugget of information which is just enough to give them that ‘in’ they needed.
This is the case when considering one organisation at a time. However, with the emergence of Artificial Intelligence (AI) as a tool in cyber, this can be used to support social engineering campaigns at scale, helping criminals convince their victims.
Vulnerability management refers to the identification, evaluation and treatment of security threats on an ongoing basis.
These days, hackers aren’t waiting for an exploit to be published, and are installing backdoors until they can find an exploit to use. Yet some organisations still operate on the assumption that they are safe until an exploit has been publicly released.
Unfortunately, this means that companies can be too slow to upgrade or patch systems that require it, and behind attackers who are sprinting ahead of those updates being run. Organisations should therefore be proactive rather than reactive in their detection.
Alert fatigue is a real concern and happens due to the sheer volume of security alerts most businesses end up having to triage each day. Each organisation has several solutions which can generate thousands of security alerts daily, depending on the size of the business. What’s more, many of these are often false positives, and because of the fatigue of combing through these alerts, it can lead to real positives being missed.
Organisations may therefore find it more cost-effective to leverage subscription-based managed detection and response (MDR) solutions. These services provide continuous threat hunting and monitoring, including through AI, to filter data and remove the noise and irrelevant alerts, meaning they can assess real threats to the business and when to escalate, so that an organisation’s internal team can prioritise and focus their efforts.
It’s clear that while hackers are finding more and more ways into the building, it’s often the same old routes that are letting them in. Indeed, our 2022 BlackBerry Threat report found that the proliferation of digital channels has brought old tactics back into the mainstream, primarily because of their ability to scale. It’s therefore imperative that businesses put in place the measures needed to keep organisations and employees safe, but also to admit when they need the support in doing so.
About the Author
Patrick Slattery is the Global Director of Managed Detection and response (MDR) services at BlackBerry. He is an accomplished leader with a track record of success in technical direction, leading new ventures and growing business. Skilled business operations leadership in Cybersecurity services, sales enablement and go-to-market strategy.
Featured image: ©Zetha_work