Search icon CANCEL
Subscription
0
Cart icon
Your Cart (0 item)
Close icon
You have no products in your basket yet
Arrow left icon
Explore Products
Best Sellers
New Releases
Books
Videos
Audiobooks
Learning Hub
Free Learning
Arrow right icon
Arrow up icon
GO TO TOP
Resilient Cybersecurity

You're reading from   Resilient Cybersecurity Reconstruct your defense strategy in an evolving cyber world

Arrow left icon
Product type Paperback
Published in Sep 2024
Publisher Packt
ISBN-13 9781835462515
Length 752 pages
Edition 1st Edition
Arrow right icon
Author (1):
Arrow left icon
Mark Dunkerley Mark Dunkerley
Author Profile Icon Mark Dunkerley
Mark Dunkerley
Arrow right icon
View More author details
Toc

Table of Contents (19) Chapters Close

Preface 1. Current State FREE CHAPTER 2. Setting the Foundations 3. Building Your Roadmap 4. Solidifying Your Strategy 5. Cybersecurity Architecture 6. Identity and Access Management 7. Cybersecurity Operations 8. Vulnerability Management 9. User Awareness, Training, and Testing 10. Vendor Risk Management 11. Proactive Services 12. Operational Technology and the Internet of Things 13. Governance Oversight 14. Managing Risk 15. Regulatory and Compliance 16. Some Final Thoughts 17. Other Books You May Enjoy
18. Index

The Current Threat Landscape

The threat landscape within the cybersecurity world is extremely diverse and is continually becoming more complex. The task of protecting users, data, and systems is becoming more difficult and requires the progression of even more intelligent tools to keep threat actors out.

Common Cyber Threat Actors

Today, cyber criminals are more sophisticated, and large groups have formed with significant financial backing to support the harmful activities of these groups. The following are common threat actors:

  • National governments
  • Nation-states
  • Terrorists
  • Advanced Persistent Threat (APT) groups
  • Cyber mercenaries
  • Cyber arms dealers
  • Cyber extortionists
  • Spies
  • Organized crime groups
  • Hacktivists
  • Hackers
  • Business competitors
  • Malicious insiders/internal employees
  • Essentially anyone who has some malicious intentions with the use of technology

In addition, with the recent rise of GenAI, ChatGPT has transformed the field of cybersecurity in a very short amount of time. Previously, only highly skilled attackers were able to breach organizations. But with ChatGPT, even less skilled hackers can succeed by using AI in their operations. It’s now difficult to judge an attacker’s true level of skill during a sophisticated attack.

Types of Cyberattacks

There are many types of cyberattacks in the world today, and this creates a diverse set of challenges for organizations, especially cybersecurity leaders. One of the most common attack methods used today is that of malware. Malware is software or code designed with malicious intent that exploits vulnerabilities found within the system. The following types of threats are considered malware:

  • Adware
  • Spyware
  • Virus (polymorphic, multipartite, macro, or boot sector)
  • Worm
  • Trojan
  • Rootkit
  • Bots/botnets
  • Ransomware
  • Logic bomb

Ransomware in More Detail

With the prevalence of ransomware and the extreme damage it can inflict on an organization, let’s review this type of cyberattack in more detail. Ransomware has been around for a long time and the first documented incident occurred in 1989, known as PC Cyborg or the AIDS Trojan. In short, a ransomware attack is where an intruder encrypts data belonging to a user or organization, making it inaccessible. For the user or organization to gain access back to their data, they are held to a ransom in exchange for the decryption keys. The intruders will use many tactics to try and force payment, including threats to leak the data, list the data for sale on the dark web, and erase the backups, to name a few.

As the ransomware business continues to evolve, we are hearing that very mature business models have been put in place to support their efforts to hold organizations to ransom. There is even a ransomware-as-a-service model that allows hackers to subscribe and use the service to commit their own attacks. The latest tactic used by ransomware criminals is double extortion – essentially, exfiltrating the data in addition to encrypting it. This provides additional bargaining power for the threat actors and creates a lot more risk for organizations to handle. Unfortunately, there have been countless ransomware attacks to date that have made the news and they continue to occur often.

A couple of the more notable ransomware attacks include that against Colonial Pipeline, one of the largest fuel pipelines in the United States, and MGM Resorts, a global entertainment company. Both companies suffered a major impact: Colonial Pipeline was forced to shut down its fuel distribution operations, causing gas shortages for consumers throughout the East Coast of the United States. MGM Resorts encountered major operational challenges for many days and an estimated loss of approximately $100 million.

Other Types of Attacks

In addition to malware, the following table shows other types of attack techniques that can be used to exploit vulnerabilities and that you should be familiar with:

Main Category

Sub-Categories

Description

Examples

Malware

Virus, Worm, Trojan, Ransomware, Adware, Spyware, Bots/Botnets

Malicious software designed to damage, disrupt, or gain unauthorized access to systems.

ILOVEYOU virus, WannaCry ransomware, Mirai botnet

Social Engineering

Phishing, Spear Phishing, Whaling, Vishing, Smishing, BEC, Pretexting, Tailgating, Baiting

Manipulative techniques to trick individuals into divulging confidential information.

CEO fraud, IRS scam calls, lottery scams, tech support scams

Network Attacks

DoS, DDoS, MITM, DNS Tunneling, ARP Spoofing, IP Spoofing, Session Hijacking, Zero-Day Exploits

Disrupting network operations or exploiting network vulnerabilities for malicious purposes.

SYN flood, Wi-Fi evil twin, rogue DHCP server

Web Application Attacks

SQL Injection, XSS, CSRF, RFI, Command Injection, OWASP Top 10

Exploiting web application vulnerabilities to compromise systems or data.

File upload attacks, broken authentication

Exploitation

Zero-Day, Buffer Overflow, Privilege Escalation, RCE

Utilizing software vulnerabilities for unauthorized actions or data breaches.

Heartbleed, Shellshock, Microsoft Exchange Server vulnerabilities

Password Attacks

Brute Force, Dictionary, Credential Stuffing, Rainbow Table, Keylogger, Password Spraying

Techniques aimed at uncovering or bypassing passwords to gain unauthorized access.

John the Ripper, Hydra, Hashcat

Physical Attacks

Tailgating, Shoulder Surfing, Dumpster Diving, Theft, Device Tampering

Direct physical methods to gain unauthorized access or information.

Unauthorized entry, stolen hardware

IoT Attacks

Mirai Botnet, Connected Device Exploits

Targeting IoT devices for unauthorized access or to create botnets.

Unpatched smart home devices, compromised wearable devices

Cryptocurrency-Related

Cryptojacking, Phishing Scams, Exchange Hacks, 51% Attacks

Attacks aimed at cryptocurrencies, including theft, exchange exploitation, and blockchain attacks.

Fake crypto giveaways, compromised exchanges, malware for mining

Other

APT, Insider Threats, Supply Chain Attacks, Mobile Attacks

Diverse attacks including state-sponsored attacks, malicious insiders, and mobile device targeting.

Stuxnet, data theft by employees, SolarWinds attack, SMS-based malware

Supply Chain Challenges

Another attack becoming more common is that against the supply chain, where the threat actors look to compromise a vendor’s software or application, which in turn will compromise all its downstream customers. A couple of the more notable include the attack against SolarWinds, a monitoring and performance management tool, and Progress, a company with many solutions including that of MOVEit, a managed file transfer solution. With SolarWinds, threat actors implanted malicious code into their software, which was received by thousands of customers. Once installed, hackers were provided with the ability to infiltrate customer networks. With MOVEit, threat actors took advantage of a zero-day exploit that allowed them to exfiltrate the sensitive data of many companies, the damage of which would continue for many months. In addition to supply chain challenges, there is the need for improved third-party risk management as we need to hold our third parties to a higher level of standard with cybersecurity. Third parties continue to become compromised, potentially putting our data at greater risk and/or impacting the services being provided to us. We will be covering third-party risk in more detail in Chapter 10, Vendor Risk Management.

Impact on Organizations

Even more concerning is the case of organizations permanently closing their doors because of a cybersecurity incident. The cybersecurity incident alone may not be the sole reason for the closure of an organization, but it adds an extreme operational and financial burden that an already struggling organization may not be able to recover. Some notable examples recently include that of St. Margaret’s Health hospital located in Spring Valley, Illinois.

Although other factors were to blame, a ransomware attack in 2021 that significantly impacted operations was specifically noted. Lincoln College in Illinois is another unfortunate example of the impact of a cyber attack. An institution that was able to survive 157 years finally shut its doors in May 2022. The coronavirus pandemic and a ransomware event were both publicly noted as major events forcing the college to permanently close.

A close-up of a document

Description automatically generated

Figure 1.3: A snippet from Lincon College’s home page taken October 2023

Source: https://lincolncollege.edu

Another unfortunate example is that of KNP Logistics Group, a UK-based logistics firm that went into administration in September 2023. Along with other challenges mentioned was a ransomware attack that significantly impaired the operations of the firm and the ability to secure the investments needed to continue.

Special Considerations for OT and IoT

Although not applicable to most industries, other challenges that need to be addressed involve continuing to increase the protection of Operational Technology (OT) and the Internet of Things (IoT). Managing and securing these technologies efficiently requires a different set of skills. The ability of threat actors to compromise power plants, manufacturing plants, water treatment facilities, internet-connected cars, and more poses a major risk. These types of attacks go beyond the impact of data exfiltration and financial loss; they have the ability to cause significant harm to people. Examples include the ability of a threat actor to take control of systems that could bring down a power plant supplying power to an entire city, take over a power plant and control machinery, or modify the chemicals within a water treatment facility.

These risks cannot be taken lightly, and it is critical that organizations are aware of these risks and ensure cybersecurity is a priority.

Emerging Threats – AI and Beyond

Being a cybersecurity leader requires the ability to be dynamic and up to date as emerging threats continue to evolve at a very fast pace. We need to understand what risk they pose and how to reduce this risk. The most recent emerging threat is that of AI as it becomes more accessible to everyone. Although there are many benefits from using AI, it is already coming with a lot of challenges from a cybersecurity perspective as it is being used to advance cyber threat actors’ malicious intents. Unfortunately, AI is already being used to create more advanced attack methods, speed up the ability to create new malware at a rapid pace, impersonate others using deepfake capabilities, and develop and initiate advanced email types of attacks such as sophisticated phishing campaigns with fewer signals (reduced spelling mistakes, more realistic conversation, catered to company culture, etc.). As AI and other technologies continue to evolve, so do our defense mechanisms.

Now that we have covered the current threat landscape, let’s move on to the next section, which provides statistics around the reality of what we are dealing with.

You have been reading a chapter from
Resilient Cybersecurity
Published in: Sep 2024
Publisher: Packt
ISBN-13: 9781835462515
Register for a free Packt account to unlock a world of extra content!
A free Packt account unlocks extra newsletters, articles, discounted offers, and much more. Start advancing your knowledge today.
Unlock this book and the full library FREE for 7 days
Get unlimited access to 7000+ expert-authored eBooks and videos courses covering every tech area you can think of
Renews at $19.99/month. Cancel anytime
Banner background image