Common Vulnerabilities and Exposures (CVEs)

 It is crucial to highlight the importance of protecting against emerging threats with effective network detection and response (NDR) tools. To support this point, let’s take a look at some data on the number of Common Vulnerabilities and Exposures (CVEs) published by NIST in the USA during 2023. CVEs use a scale of up to 10, and many that are rated 9 or higher often allow cybercriminals to remotely launch intrusion attacks or execute remote code, giving them unauthorised access to your network.

In the first 11 months of 2023, NIST published over 25,000 CVEs, with nearly 5,000 rated at severity 9 or higher. The number of CVEs has been increasing year-on-year for the past six years. While this increase may be due to more diligence and reporting by cybersecurity teams, it is also partly due to an expanding attack surface.

Attack Surface Expansion

The shift towards hybrid working has hastened the decline of traditional network borders. With an increasing number of people working remotely, greater adoption of cloud-based services, a rise in the number of connected devices, and the complexity of supply chains, the conventional approach of relying on firewalls and intrusion detection technologies to secure networks is no longer sufficient.

As a result, the concept of zero trust has gained more prominence in addressing this challenge. However, it alone cannot fully secure the new way of working. In such a scenario, cybersecurity teams must assume that attackers will breach their defences. Therefore, it is crucial to have NDR protection to continuously monitor all network activity in real-time to detect anomalies.

AI-Powered Attacks and Defence

Artificial Intelligence (AI) is changing the cybersecurity landscape at a rapid pace. Attackers and defenders now leverage its capabilities. Cybercriminals use AI to automate attacks, create more advanced malware, devise better Phishing attacks, and evade detection by security tools. On the other hand, AI offers powerful help for cybersecurity defenders, enabling them to detect security threats in real time, diagnose incidents, and respond automatically to issues more quickly than relying solely on humans would allow. However, solely relying on AI tools is not viable – human experts are still vital to deliver protection and recovery from cyber-attacks.

Ransomware

Ransomware attacks will remain a significant threat to organisations of all sizes in 2024. It has become easier for people to profit from this type of attack with the availability of  Ransomware-as-a-Service resources that anyone can access.

Interestingly, efforts to prevent US-based organisations from paying a ransom to attackers have led to a decrease in the number of ransomware attacks against US targets in 2022. However, this year still had the second-largest number of attacks, and the final quarter had the highest number since Q3 of 2021. Data from 2023 predicts that ransomware attack numbers will be similar to the previous year, indicating that ransomware remains a significant threat.

As individual ransomware attacks become more sophisticated, organisations will need to strengthen their defences and adopt more resilient cybersecurity strategies during 2024. This will help mitigate the impact of their defences getting breached.

Malware

Apart from ransomware, which is a specific type of malware, there are other types of malware that are used for cyber-attacks. Some examples include:

– Wipers, which function like ransomware, but instead of encrypting data for profit, they erase it.

– Spyware, which sits on systems and collects data.

– Keyloggers, which record keyboard entries for attackers.

– Adware, which displays unwanted ads that generate revenue for attackers.

– Trojans, which mimic legitimate software to trick users into running them.

– Worms, which exploit known vulnerabilities to spread between systems.

– Viruses, which are still a problem if not countered.

– Bots and botnets, which typically disrupt systems via denial-of-service attacks.

Supply Chain Vulnerabilities

Upstream and downstream business partners in the supply chain pose a significant risk of cyber-attacks against organisations. Additionally, vendors providing business services are also a potential threat. In today’s interconnected world, no business operates in isolation, and as a result, threats originating from linked IT systems or even emails should be identified, quantified, and mitigated. During 2023, we saw several high-profile supply chain attacks, and it is likely that we may witness more such attacks in 2024.

Phishing & Other Social Engineering Attacks

It is a well-known fact that people are the weakest link in the security chain. I don’t make this statement to criticise people – we all make mistakes. However, it is important to incorporate this fact into cybersecurity planning. Social engineering attacks, such as phishing emails and other messaging-based techniques, are a significant source of successful attacks and data gathering used for attack planning.

These attacks are becoming more sophisticated as criminals use advanced large language models like ChatGPT to compose more believable emails, dummy websites, and other collateral to trick people into clicking malicious links or divulging data they shouldn’t.

In the future, we can expect to see an increase in Business Email Compromise (BEC) and targeted spear-phishing attacks, as attackers target prominent individuals and their associates within organisations. Additionally, we can expect to see attacks that use AI-deep fake videos and audio portrayals of real people to trick staff as part of phishing attacks.

Crypto Scams

Social engineering-based attacks have given rise to crypto scams. In these scams, attackers send seemingly harmless messages to mobile phones or messaging services to initiate a conversation. They then build trust with people using innocuous conversations about everyday topics to establish a relationship with the recipient before luring them to a scam website that promises to help them make money through cryptocurrency. However, the website is there to steal their money, and it also exposes the victim’s organisation to other malware and attacks.

IoT Vulnerabilities

The use of Internet of Things (IoT) sensors and devices is rapidly increasing in the built environment and manufacturing industry. However, some of these IoT devices are known to have poor security measures. For instance, many devices come with the same default admin account and password, which is often not changed during deployment.

This widespread use of IoT devices increases the risk of cyber-attacks and introduces easily exploitable vulnerabilities. If these devices have access to other network systems, it can create a backdoor for anyone who knows the default account settings. Therefore, it is crucial to ensure that IoT devices are adequately secured to prevent unauthorised access and protect sensitive data.

Insider Threats

It is crucial to be aware of insider threats posed by disgruntled employees or staff who have been bribed by attackers. Instead of searching for vulnerabilities to exploit, attackers may persuade an employee to insert a malware-infected USB drive into a network-connected PC. To prevent such attacks and similar methods, it is essential to implement security measures such as 24×7 Network Detection and Response and Zero Trust best practices, which prevent the spread of malicious code between systems.

Get more information on Insider Threats in the Halodata Insider Threat Report. Free to download from https://halodata.asia/SG-insider-threat-report/

It’s Time to Get Started with Halodata