You're reading from Resilient Cybersecurity Reconstruct your defense strategy in an evolving cyber world

Product type Paperback

Published in Sep 2024

Publisher Packt

ISBN-13 9781835462515

Length 752 pages

Edition 1st Edition

Concepts

Cybersecurity

Author (1):

Mark Dunkerley

View More author details

Table of Contents (19) Chapters

Preface

1. Current State FREE CHAPTER

2. Setting the Foundations

3. Building Your Roadmap

4. Solidifying Your Strategy

5. Cybersecurity Architecture

6. Identity and Access Management

7. Cybersecurity Operations

8. Vulnerability Management

9. User Awareness, Training, and Testing

10. Vendor Risk Management

11. Proactive Services

12. Operational Technology and the Internet of Things

13. Governance Oversight

14. Managing Risk

15. Regulatory and Compliance

16. Some Final Thoughts

17. Other Books You May Enjoy

18. Index

The Current Threat Landscape

The threat landscape within the cybersecurity world is extremely diverse and is continually becoming more complex. The task of protecting users, data, and systems is becoming more difficult and requires the progression of even more intelligent tools to keep threat actors out.

Common Cyber Threat Actors

Today, cyber criminals are more sophisticated, and large groups have formed with significant financial backing to support the harmful activities of these groups. The following are common threat actors:

National governments
Nation-states
Terrorists
Advanced Persistent Threat (APT) groups
Cyber mercenaries
Cyber arms dealers
Cyber extortionists
Spies
Organized crime groups
Hacktivists
Hackers
Business competitors
Malicious insiders/internal employees
Essentially anyone who has some malicious intentions with the use of technology

In addition, with the recent rise of GenAI, ChatGPT has transformed the field of cybersecurity in a very short amount of time. Previously, only highly skilled attackers were able to breach organizations. But with ChatGPT, even less skilled hackers can succeed by using AI in their operations. It’s now difficult to judge an attacker’s true level of skill during a sophisticated attack.

Types of Cyberattacks

There are many types of cyberattacks in the world today, and this creates a diverse set of challenges for organizations, especially cybersecurity leaders. One of the most common attack methods used today is that of malware. Malware is software or code designed with malicious intent that exploits vulnerabilities found within the system. The following types of threats are considered malware:

Adware
Spyware
Virus (polymorphic, multipartite, macro, or boot sector)
Worm
Trojan
Rootkit
Bots/botnets
Ransomware
Logic bomb

Ransomware in More Detail

With the prevalence of ransomware and the extreme damage it can inflict on an organization, let’s review this type of cyberattack in more detail. Ransomware has been around for a long time and the first documented incident occurred in 1989, known as PC Cyborg or the AIDS Trojan. In short, a ransomware attack is where an intruder encrypts data belonging to a user or organization, making it inaccessible. For the user or organization to gain access back to their data, they are held to a ransom in exchange for the decryption keys. The intruders will use many tactics to try and force payment, including threats to leak the data, list the data for sale on the dark web, and erase the backups, to name a few.

As the ransomware business continues to evolve, we are hearing that very mature business models have been put in place to support their efforts to hold organizations to ransom. There is even a ransomware-as-a-service model that allows hackers to subscribe and use the service to commit their own attacks. The latest tactic used by ransomware criminals is double extortion – essentially, exfiltrating the data in addition to encrypting it. This provides additional bargaining power for the threat actors and creates a lot more risk for organizations to handle. Unfortunately, there have been countless ransomware attacks to date that have made the news and they continue to occur often.

A couple of the more notable ransomware attacks include that against Colonial Pipeline, one of the largest fuel pipelines in the United States, and MGM Resorts, a global entertainment company. Both companies suffered a major impact: Colonial Pipeline was forced to shut down its fuel distribution operations, causing gas shortages for consumers throughout the East Coast of the United States. MGM Resorts encountered major operational challenges for many days and an estimated loss of approximately $100 million.

Other Types of Attacks

In addition to malware, the following table shows other types of attack techniques that can be used to exploit vulnerabilities and that you should be familiar with:

Main Category	Sub-Categories	Description	Examples
Malware	Virus, Worm, Trojan, Ransomware, Adware, Spyware, Bots/Botnets	Malicious software designed to damage, disrupt, or gain unauthorized access to systems.	ILOVEYOU virus, WannaCry ransomware, Mirai botnet
Social Engineering	Phishing, Spear Phishing, Whaling, Vishing, Smishing, BEC, Pretexting, Tailgating, Baiting	Manipulative techniques to trick individuals into divulging confidential information.	CEO fraud, IRS scam calls, lottery scams, tech support scams
Network Attacks	DoS, DDoS, MITM, DNS Tunneling, ARP Spoofing, IP Spoofing, Session Hijacking, Zero-Day Exploits	Disrupting network operations or exploiting network vulnerabilities for malicious purposes.	SYN flood, Wi-Fi evil twin, rogue DHCP server
Web Application Attacks	SQL Injection, XSS, CSRF, RFI, Command Injection, OWASP Top 10	Exploiting web application vulnerabilities to compromise systems or data.	File upload attacks, broken authentication
Exploitation	Zero-Day, Buffer Overflow, Privilege Escalation, RCE	Utilizing software vulnerabilities for unauthorized actions or data breaches.	Heartbleed, Shellshock, Microsoft Exchange Server vulnerabilities
Password Attacks	Brute Force, Dictionary, Credential Stuffing, Rainbow Table, Keylogger, Password Spraying	Techniques aimed at uncovering or bypassing passwords to gain unauthorized access.	John the Ripper, Hydra, Hashcat
Physical Attacks	Tailgating, Shoulder Surfing, Dumpster Diving, Theft, Device Tampering	Direct physical methods to gain unauthorized access or information.	Unauthorized entry, stolen hardware
IoT Attacks	Mirai Botnet, Connected Device Exploits	Targeting IoT devices for unauthorized access or to create botnets.	Unpatched smart home devices, compromised wearable devices
Cryptocurrency-Related	Cryptojacking, Phishing Scams, Exchange Hacks, 51% Attacks	Attacks aimed at cryptocurrencies, including theft, exchange exploitation, and blockchain attacks.	Fake crypto giveaways, compromised exchanges, malware for mining
Other	APT, Insider Threats, Supply Chain Attacks, Mobile Attacks	Diverse attacks including state-sponsored attacks, malicious insiders, and mobile device targeting.	Stuxnet, data theft by employees, SolarWinds attack, SMS-based malware

Supply Chain Challenges

Another attack becoming more common is that against the supply chain, where the threat actors look to compromise a vendor’s software or application, which in turn will compromise all its downstream customers. A couple of the more notable include the attack against SolarWinds, a monitoring and performance management tool, and Progress, a company with many solutions including that of MOVEit, a managed file transfer solution. With SolarWinds, threat actors implanted malicious code into their software, which was received by thousands of customers. Once installed, hackers were provided with the ability to infiltrate customer networks. With MOVEit, threat actors took advantage of a zero-day exploit that allowed them to exfiltrate the sensitive data of many companies, the damage of which would continue for many months. In addition to supply chain challenges, there is the need for improved third-party risk management as we need to hold our third parties to a higher level of standard with cybersecurity. Third parties continue to become compromised, potentially putting our data at greater risk and/or impacting the services being provided to us. We will be covering third-party risk in more detail in Chapter 10, Vendor Risk Management.

Impact on Organizations

Even more concerning is the case of organizations permanently closing their doors because of a cybersecurity incident. The cybersecurity incident alone may not be the sole reason for the closure of an organization, but it adds an extreme operational and financial burden that an already struggling organization may not be able to recover. Some notable examples recently include that of St. Margaret’s Health hospital located in Spring Valley, Illinois.

Although other factors were to blame, a ransomware attack in 2021 that significantly impacted operations was specifically noted. Lincoln College in Illinois is another unfortunate example of the impact of a cyber attack. An institution that was able to survive 157 years finally shut its doors in May 2022. The coronavirus pandemic and a ransomware event were both publicly noted as major events forcing the college to permanently close.

A close-up of a document

Description automatically generated

Figure 1.3: A snippet from Lincon College’s home page taken October 2023

Source: https://lincolncollege.edu

Another unfortunate example is that of KNP Logistics Group, a UK-based logistics firm that went into administration in September 2023. Along with other challenges mentioned was a ransomware attack that significantly impaired the operations of the firm and the ability to secure the investments needed to continue.

Special Considerations for OT and IoT

Although not applicable to most industries, other challenges that need to be addressed involve continuing to increase the protection of Operational Technology (OT) and the Internet of Things (IoT). Managing and securing these technologies efficiently requires a different set of skills. The ability of threat actors to compromise power plants, manufacturing plants, water treatment facilities, internet-connected cars, and more poses a major risk. These types of attacks go beyond the impact of data exfiltration and financial loss; they have the ability to cause significant harm to people. Examples include the ability of a threat actor to take control of systems that could bring down a power plant supplying power to an entire city, take over a power plant and control machinery, or modify the chemicals within a water treatment facility.

These risks cannot be taken lightly, and it is critical that organizations are aware of these risks and ensure cybersecurity is a priority.

Emerging Threats – AI and Beyond

Being a cybersecurity leader requires the ability to be dynamic and up to date as emerging threats continue to evolve at a very fast pace. We need to understand what risk they pose and how to reduce this risk. The most recent emerging threat is that of AI as it becomes more accessible to everyone. Although there are many benefits from using AI, it is already coming with a lot of challenges from a cybersecurity perspective as it is being used to advance cyber threat actors’ malicious intents. Unfortunately, AI is already being used to create more advanced attack methods, speed up the ability to create new malware at a rapid pace, impersonate others using deepfake capabilities, and develop and initiate advanced email types of attacks such as sophisticated phishing campaigns with fewer signals (reduced spelling mistakes, more realistic conversation, catered to company culture, etc.). As AI and other technologies continue to evolve, so do our defense mechanisms.

Now that we have covered the current threat landscape, let’s move on to the next section, which provides statistics around the reality of what we are dealing with.