This article is part of Panther’s new Future of Cyber Attacks Series which features interviews with cyber security experts, thought leaders, and practitioners with a goal of better understanding what organizations can do to prepare themselves for the future of cyber attacks.
The following is an interview we recently had with Isla Sibanda, Ethical Hacker and Cybersecurity Specialist
How have cyber attacks evolved over the past 12 months?
The majority of documented DDoS assaults are volumetric, i.e., they target network capacity and saturate it with junk packets to jam genuine users’ connectivity. A DNS amplification attack, which spoofs DNS queries to flood back at a target, is a typical way of doing so. DNS amplification attacks accounted for 17% of all DDoS assaults reported to the F5 SIRT in 2019. By 2020, that percentage had nearly doubled, reaching 31%.
A DNS query flood is another DNS DDoS tactic, in which an attacker makes malicious DNS queries that are purposefully malformed in order to deplete a DNS server’s resources. Malicious DNS queries against customers were responsible for 12% of DDoS assaults in 2020.
DDoS assaults on web applications increased during the first half of 2020. In 2019, web applications were recognized as the target of 4.2 percent of DDoS assaults recorded to the F5 SIRT. However, by 2020, this had grown sixfold to 26%.
Geographic variations in attack type were also highlighted by the F5 SIRT incident data. Around the world, the Asia/Pacific region had the largest percentage of incidents reported as DDoS assaults (83 percent). DDoS assaults were the most common in Europe, the Middle East, and Africa (EMEA), accounting for 54 percent of recorded instances.
What lessons can be learned from the biggest cyber attacks in recent history?
No system is safe: Nobody likes to brag about being the “first known” or “best known” victim of a cyber assault. Is there a way to keep your company from being connected with such negative press? Limit Internet connectivity points with silos if you don’t want to be complacent.
The utility’s internet connection was attacked in the cryptojacking case through an opportunity created by some restricted internet access for remote monitoring. Radiflow CEO Ilan Barda told Wired that the utility was not targeted. “The attackers were just looking for unused computing power that they could take advantage of.”
Train your personnel: Without the aid of human mistakes, the Triton attack vector would not have been able to propagate throughout the Middle Eastern network. Triton requires programming control to conduct activities on the infected network since it was designed to function as a remote access Trojan (RAT). This example emphasizes the need of instilling a sense of vigilance in employees and boosting awareness of potential risks. Hope this is helpful!
Stay current: On legacy platforms, industrial control systems frequently run out-of-date software. Concerns that new control systems or software upgrades would cause critical infrastructure to become unstable might stymie the best practice of constantly upgrading. Still, before unleashing havoc on the ICS, the cyber thief just has to identify one minor flaw to attack.
What will cyber attacks look like in the future?
As cyber-attacks get more sophisticated, they will begin to replicate our online characteristics and impersonate individuals. Alternatively, a hostile attacker may take control of your AI helper. Alternatively, weaponized AI may get to the point where it can successfully mimic a living human you trust.
Following that, these new machine intelligence will go for the very defenses that are being used against them. They will learn how to use the firewall and when the security team is in the office. They’ll adjust to dodge and weaken defenses as a result. Meanwhile, they’ll utilize their might to propagate, breaking through barriers to compromise and infecting equipment with ruthless efficiency.
What are three pieces of advice for organizations looking to get ahead of the cyber attacks of the future?
Preparing: Businesses must sit down and evaluate which aspects of their operations are crucial to their survival. The evaluation then moves on to determine which data is critical and what cybersecurity measures are required to safeguard it. The discussion must focus on how to effectively safeguard such procedures and activities.
When a company has remote teams who need to access a certain application process or customer care, for example, such remote access must be secure at all times. It’s all about keeping bad actors out of customer and corporate data. Examining data and balancing the risks of how it may be misused.
Build a response plan: First and foremost, a written plan is required. Those classified as “high performing” were more than twice as likely as the typical organization to have a cybersecurity incident response plan (CSIRP) for their whole company, according to IBM Security’s 2020 Cyber Resilient Organization Report. What’s interesting about these top achievers is that their strategies were more likely to be implemented uniformly across the board. They were also significantly more likely than the typical responder to have prepared reaction strategies for specific attacks. A training program for all employees can help make a better and more effective plan.
There is a tremendous demand for more effective crisis training than what most providers now offer. Online crisis simulations that are short and gamified are one such commercial offering. These exercises are simple to carry out, may be modified to target an organization’s most critical present threats, and can be performed on demand. They are accessible to remote employees, who are often overlooked during in-office simulations and larger-scale hands-on training events. They’re also less time-consuming than tabletop workouts. As a result, online crisis situations may boost buy-in across the organization, including among non-technical employees.