The changing face of cybersecurity threats in 2023

Detection:

One of the first signs of a website spoofing attack is an unusual or too-good-to-be-true request – such as a special Amazon sale offering 25% discount on the latest model of the iPhone. You know very well it’s not going to happen. However, scammers might add a sense of urgency saying the offer expires in 2 hours, for example. On closer look, you’ll always find that it’s a shortened URL or a URL with a spelling slightly different than the company’s primary domain. A quick Google search should settle it.

Website spoofing puts a bigger onus on the user or individual than the organization for detection.

Prevention:

Nearly 75% of Forbes Global 2000 companies haven’t implemented vital domain security measures, indicating continued widespread susceptibility to domain and website spoofing.

It’s a common misconception that only enterprise domains are spoofed. SMBs and startups are equally at risk. You need to use a reputable registrar and hosting provider. Further, regularly monitor your domain and DNS settings, as well as your website logs for signs of abnormal traffic with unusual referrers or URL modifiers. Implement a Web Application Firewall (WAF) on your web server and Domain-based Message Authentication, Reporting & Conformance (DMARC) for emails.

Data exfiltration

Exfiltration is an umbrella term for the methods attackers use to steal data from the victim’s systems. Once they’ve identified and copied the data they want, adversaries use packaging, compression, encryption and hiding techniques to avoid detection at the time of stealing (transferring) it.

One of the most prevalent and damaging types of attacks – ransomware – relies on data exfiltration. The goal of the attacker is to identify file servers on which sensitive information is stored and then lock it or transfer it out of the network using email or by uploading to external servers. Some shocking ransomware stats:

  • Ransomware accounts for 10% of all breaches.
  • The average cost of a ransomware attack is close to $2 million.
  • A significant ransomware attack will occur once every 2 seconds by 2031.

Detection:

Intrusion Detection Systems (IDS) that actively monitor network for suspicious traffic are the first line of defense against data exfiltration techniques. Traffic to and from unseen IP address ranges, file access at unusual times, major spikes in outbound traffic and outbound connections to external servers via a generic or non-secure protocol are typical indications of exfiltration threats.

Prevention:

In the age of Bring Your Own Device (BYOD) and remote work, preventing data exfiltration needs a comprehensive, well-rounded data security and governance strategy. Using a Security Information and Event Management (SIEM) system lets you collect and converge data from disparate IT environments and touchpoints for real-time monitoring and analysis.

Further, a next-generation firewall (NGFW) will provide an additional layer of defense against newer, advanced attacks by allowing you to monitor all network protocols at all times and blocking unauthorized channels. Finally, use Zero Trust Architecture (ZTA) policies to validate any and all data transfer, compression and encryption activities.

Proactive detection and prevention

In 2023, it is impossible for you to know of all the threats and vulnerabilities out there. It is impossible to know your adversaries. It is impossible to know their approaches. “With the increasing availability of sophisticated technological and social engineering tools, attackers have a higher chance of succeeding – and gaining big – with little risk,” Mazin warns.

A proactive threat detection and response program with user behavior analytics (UBA), regular threat hunting and penetration testing, and pre-emptive honeypot traps will soon be generic components of a typical security strategy, if not the norm.



Source link