To successfully defend an organization from cyber-attacks, it’s crucial to build awareness around the evolving and emerging cyberthreats and risks.
Among the top trending threats are:
- A new kind of phishing attack has surfaced using Teams chat. Microsoft researchers wrote that the attackers are using Teams messages “to send lures that attempt to steal credentials from a targeted organization by engaging a user and eliciting approval of multifactor authentication prompts.” Microsoft believes these attacks are aimed at gaining initial access, which can later be sold to other threat actors who’ll use the access for malicious activities
- In this age of artificial intelligence (AI), generative AI - (GenAI) powered threats like WormGPT, FraudGPT and DarkGPT have already been identified by security researchers. Hackers using ChatGPT will likely come up with more sophisticated and convincing phishing attacks like a ‘doubt-free’ mail from a distant relative
- Deepfake videos have been in the news for quite some time now. The one trending right now is Tom Hanks telling people: It wasn’t me! But what’s worrisome is the availability of online tools that help in creating these convincing videos for phishing scams. Voice deepfakes are also on the rise with real-time voice cloning in minimal latency, without raising any suspicion
- A strange trend has emerged where an attacker — posing as security expert — tries to lessen a disruption. The attacker shares a fake story with a victim, then a bogus security audit report and pretends to help. Next, the attacker makes the victim understand how to better secure a breached environment and extract money by providing security consulting services
- Invoice fraud in which an attacker poses as a vendor and sends a fake invoice to a customer after deleting the original bill. This fake invoice contains the attacker’s account details
- Supply chain attacks are nothing new. But a software supply chain attack in March resulted in a cascading effect, leading to two attacks on the same supply chain. The 3CX attack was caught in weeks and luckily had limited impact
However, what caught the attention of the FBI is ransomware and new ways and tactics to implement it. The Federal report came after Cisco Talos researchers in August wrote that cybercriminals are consistently rebranding or merging with multiple ransomware-as-a-service (RaaS) outfits for leaked codes to target individuals and smaller companies.
For instance, cybercrime group Clop tried setting up a leak site on the clearweb and was behind the MOVEit attack campaign. Two more prominent examples are RaaS targeting VMware’s popular ESXi hypervisor and the high-profile attacks against MGM and Caesars Entertainment that was carried out by an alliance between Scattered Spider and Alphv using BlackCat ransomware.
According to the FBI advisory, threat groups are bringing multiple ransomware attacks on a victim in close proximity with new data destruction tactics being used.
These attacks include deployment of two variants in different combinations that result in data encryption, exfiltration and financial losses from ransom payments and against an already compromised system that significantly harms victim entities.
As for the second emerging trend, multiple ransomware groups increased the use of custom data theft, wiper tools and malware to pressure victims to negotiate. In some cases, new code was added to known data theft tools to prevent detection. Also, malware containing data wipers remained dormant until a set time, then executed to corrupt data in alternating intervals, the agency report added.
What the FBI recommended?
Among mitigating factors were secured backups, comprehensive ransomware protection, keeping all operating systems, software and firmware up to date, future-proof protection and secure and closely monitor remote desktop protocol use.
On par with the FBI recommendations, a prominent insurance service provider based in Basel, Switzerland, recently sought to enhance its data protection plan with HCLTech.
The client’s key problems revolved around complexity related to siloed data, scalability issues and security challenges with limited ransomware protection and no ransomware recovery capability in the existing multi-vendor environment.
The customer also lacked the ability to support varied cloud workloads and meet SLAs for audit, recovery and backup validation and testing. With the rising data volume and cyberthreats, the company aimed to consolidate five existing legacy backup products into one modern data security and management platform.
The company also wanted to protect its highly regulated data in applications such as Microsoft 365 and the workloads running in Azure and AWS as a part of its multi-cloud strategy. There was also a need to strengthen the company’s security posture on cloud with ransomware recovery, virtual air-gapped vault and secure backup capabilities.
This solution simplified the customer’s approach to data management and provided a flexible deployment model that worked across various use cases, including backup, ransomware recovery, disaster recovery and immutable cloud-based vault and on-prem and as-a-service offerings.
The customer met the most stringent SLAs using the unified platform that was powered by built-in data and metadata security to achieve secured and compliant backups. Now the client can safeguard traditional and modern data sources on site as well as on Azure, AWS and M365.
The customer now proactively detects ransomware attacks and is ready for rapid recovery with comprehensive data protection that includes proactive anomaly detection and near-instant mass restore capabilities.
This cyber resilience resulted in reduced downtime and financial losses, optimized data management costs by consolidating on a single platform and faster recovery from a ransomware attack among other benefits.