This article is part of Panther’s new Future of Cyber Attacks Series which features interviews with cyber security experts, thought leaders, and practitioners with a goal of better understanding what organizations can do to prepare themselves for the future of cyber attacks.
The following is an interview we recently had with Morgan Hill, Director of Support, Cinch I.T.
Over the last 12-36 months there has been a major split in the types of malicious attacks we’ve seen targeting businesses. While everyone anticipated an exponential increase in these attacks, the evolution into two predominant categories many support systems and security teams did not necessarily expect.
The primary type of targeted attack which remains the most active and growing, a trend most certain to continue, are automated and script-based attacks initiated via email. These attacks are generally easiest to spot and prevent, however due to the ease of deployment across a vast many end users the malicious actors are employing a quantity versus quality approach in their attacks.
While these attacks continue to target a massive audience, there has recently begun a trend of far more dedicated threat purveyors intelligently and actively targeting networks. These threats are far more dangerous as they are being enacted by a ruthless, and more importantly patient, intelligence. Once the network or infrastructure has been actively analyzed and breached, the criminals do not immediately try to scam or send internal phishing attacks to company executives, but can remain in the network silently for hours, days, or even weeks to determine the best way to exploit and benefit financially through in-depth analysis.
Cyber criminals have been consistently evolving and improving their methods month over month. From the complexity of the attack vectors, to advanced social engineering, to the encryption methods and software they use, these criminals are always getting better at their practices and making it harder to defend against. The biggest takeaway I can see in recent experience is that businesses, vendors, and indeed the government are struggling to keep pace with the rapidly changing landscape. Some of this comes from an ignorance to the threats and their expansion, but other weaknesses come from a willful disregard for security measures being put in place and having them being actively upkept due to a perceived loss in convenience.
Is multi-factor authentication an additional step to what people are accustomed to? Most definitely. Yet, I and others familiar with the threat landscape at the moment will argue for its mandatory use in all possible situations due to it being worth the slight trade-off.
The complex multi-pronged approach will evolve and become more common for increasingly smaller business and service providers including MSP’s. Including complex social engineering attacks in combination to the traditional network and system assault.
The future attacks will become more complex and dedicated as we are already seeing in the wild. Beginning with an information gathering phase and a detailed plan of attack including which employees and systems of an organization are the most vulnerable or at risk, then working to exploit these weaknesses in a near undetectable method until they are fully ready to strike where it causes the most damage, providing them the most profitable outcome.
There are a multitude of techniques or services that can be involved here of course, so I’ve narrowed down the below in my order of importance for my clients:
1 – Two/Multi Factor Authorization. The first system I put in place and would recommend it’s enabled and enforced on all platforms; it can be for all users (scoped by location or VPN whenever possible). This will protect from a great many attack vectors and prevent employee errors also to a large degree.
2 – Employee Training. Continual employee training and updates on the latest threats. This can include many aspects such as phishing simulations, weekly or monthly training for new malicious trends, and dark web scans for password breaches. Giving employees good habits and up to date knowledge is one of the best ways to ensure they can identify a potential malicious event.
3 – Critical System Patching. Critical systems patching in place for any public facing systems such as email servers, external facing Firewalls, IIS or web servers, or any connected IOTs devices. Many systems are seeing exploits becoming more common due to both cyber-criminals as well as ethical hacking teams. Keeping the latest security patches installed and current is a good way to close these exploits on your systems, as well as retiring older systems that are not being actively updated.
4 – Advanced Email Protection Services. Many providers have services not only for email encryption and archiving, but also advanced email threat protection services which are becoming more robust. Employing protection services that not only look for spam or phishing emails, but also employ impersonation prevention, Macro detection systems, and URL link scanning can greatly reduce the amount of bad email from even reaching the end users.
5 – Regular Security Audits. The final component after educating employees on detecting threats, protecting them via MFA, preventing them from receiving as many threats as possible, and protecting internet facing system security flaws, is all about the validation. At minimum, a quarterly or annual security audit including penetration testing is a great way to prove systems are protected, and that employees are practicing good behaviors to keep the organization safe.