It is taking less time for organisations to detect attackers in their environment, a report by Mandiant Consulting, a part of Google Cloud, has found. This suggests that companies are strengthening their security posture.
The M-Trends 2024 report also highlighted that the top targeted industries of 2023 were financial services, business and professional services, tech, retail and hospitality, healthcare and government. This aligns with the fact that 52% of attackers were primarily motivated by financial gain, as these sectors often possess a wealth of sensitive and therefore valuable information.
Financially-motivated activity was found to have gone up by 8% since 2022, which is partially explained by the parallel rise in ransomware and extortion cases. The most common ways that threat actors gained access to a target network were through exploits, phishing, prior compromise and stolen credentials.
Dr Jamie Collier, Mandiant Threat Intelligence Advisor Lead for Europe, told TechRepublic in an email: Despite the focus on ransomware and extortion operations within the security community, these attacks remain effective across a range of sectors and regions. Extortion campaigns therefore remain highly profitable for cyber criminals.
As a result, many financially-motivated groups conducting other forms of cyber crime have transitioned to extortion operations in the last five years.
TechRepublic takes a deeper look into the top five cyber security trends of 2023 and expert recommendations highlighted by the 15th annual M-Trends report:
According to the M-Trends report, the median dwell time of global organisations decreased from 16 days in 2022 to 10 days in 2023 and is now at its lowest point in more than a decade. The dwell time is the amount of time attackers remain undetected within a target environment and indicates the strength of a businesss cyber posture. This figure suggests that companies are making meaningful improvements to their cyber security.
However, there could be another contributing factor; the average proportion of attacks due to ransomware increased to 23% in 2023 over 18% in 2022.
Dr. Collier explained to TechRepublic: The impact of extortion operations is immediately obvious. In the event when ransomware is deployed, a victims systems will be encrypted and rendered unusable. Alternatively, if data is stolen, a cyber criminal will quickly be in touch to extort a victim.
SEE: Top 7 Cybersecurity Threats for 2024
Organisations in the Asia-Pacific region saw the biggest reduction in median dwell time, with it decreasing by 24 days over the last year. Mandiant analysts link this to the fact that the majority of attacks detected were ransomware-related, and this majority was higher than any other region. Meanwhile, companies in Europe, the Middle East and Africa saw the average dwell time increase by two days. This is thought to be due to the regional data normalising following a concerted defensive effort by Mandiant in Ukraine in 2022.
Another proof that businesses are getting better at detecting cyber threats is that Mandiant found that 46% of compromised organisations first identified evidence of compromise internally rather than by an outside entity like a law enforcement agency or cyber security company, up from 37% in 2022.
Cyber criminals are increasingly targeting edge devices, using living off the land techniques, and deploying zero-day exploits, suggesting a renewed focus on maintaining persistence on networks for as long as possible.
Dr. Collier told TechRepublic: With network defenders increasingly on the lookout for extortion campaigns, evasive tactics increase the chances of a successful operation. Ransomware operations are far more effective when cyber criminals can reach the most sensitive and critical areas of a targets network and evasive tactics help them to achieve this.
Edge devices typically lack endpoint detection and response (EDR) capabilities, so they are solid targets for cyber criminals looking to go under the radar. In 2023, Mandiant investigators found that the first and third most targeted vulnerabilities were related to edge devices. These were:
The report authors wrote: Mandiant expects that we will continue to see targeting of edge devices and platforms that traditionally lack EDR and other security solutions due to the challenges associated with discovery and investigation of compromise. Exploitation of these devices will continue to be an attractive initial access vector for Chinese espionage groups to remain undetected and maintain persistence into target environments.
SEE: Q&A on how Dell sees security at the edge
About 20% of malware families detected by Mandiant in 2023 did not fit into a typical category, which is a higher proportion than previous years. Furthermore, 8% of attacks in this other category involved the use of remote administration tools and other utilities. These are less likely to be flagged by default by EDR, or other security tools, which can keep the attacker undetected, and are often coupled with living off the land techniques.
Living off the land is the use of legitimate, pre-installed tools and software within a target environment during a cyber attack to help evade detection. This can reduce the overall complexity of the malware by allowing the attacker to weaponize existing features that have already been security tested by the organisation. It is particularly effective with edge devices because they are typically not monitored by network defenders, allowing them to remain on the network for longer.
A recent example the Mandiant researchers spotted is a backdoor named THINCRUST, which was appended into the web framework files that were responsible for providing the API interface for FortiAnalyzer and FortiManager devices. The threat actors were able to harness the native API implementation to access and send commands to THINCRUST by simply interacting with a new endpoint URL they had added.
In 2023, Mandiant researchers tracked 97 unique zero-day vulnerabilities exploited in the wild, representing a more than 50% growth in zero-day usage over 2022. The zero-days were exploited by espionage groups and financially-motivated attackers looking to steal valuable data to turn a profit.
The reports authors anticipate the number of identified zero-day vulnerabilities and exploits that target them will continue to grow in the coming years due to a number of factors, including:
Cloud adoption is continuously growing Gartner predicts more than 50% of enterprises will use industry cloud platforms by 2028 and, therefore, more attackers are turning their attention to these environments. According to CrowdStrike, there was a 75% increase in cloud intrusions in 2023 over 2022.
Mandiant analysts say attackers are targeting weakly implemented identity management practices and credential storage to obtain legitimate credentials and circumvent multifactor authentication (MFA).
SEE: UKs NCSC Issues Warning as SVR Hackers Target Cloud Services
Mandiant observed instances where attackers gained access to cloud environments because they happened across credentials that were not stored securely. Credentials were discovered on an internet-accessible server with default configurations or had been stolen or leaked in a previous data breach and not been changed since. They also gained access using different techniques to bypass MFA, covered in more detail in the next section.
Once inside the cloud environment, the authors observed bad actors performing a number of tactics to abuse the cloud services, including:
Now that multifactor authentication has become a standard security practice in many organisations, attackers are exploring new, creative tactics to bypass it. According to Mandiant, the number of compromises against cloud-based identities configured with MFA is increasing.
In 2023, the firm observed an increase of adversary-in-the-middle (AiTM) phishing pages that steal post-authentication session tokens and allow bad actors to circumvent MFA. In an AiTM campaign, attackers set up a proxy server that captures a users credentials, MFA codes and session tokens issued by the logon portal while relaying the connection to the legitimate server.
SEE: New phishing and business email compromise campaigns increase in complexity, bypass MFA
The majority of business email compromise cases Mandiant responded to in 2023 involved the threat actor circumventing the users MFA via AiTM. In the past, the relative complexity of setting up AiTM phishing infrastructure compared to traditional credential harvesting forms may have kept the number of these attacks low. However, there are now a number of AiTM kits and phishing-as-a-service offerings advertised in the cybercriminal underground, according to Mandiant. These products significantly lower the barrier to entry for AiTM phishing, resulting in an uptick.
Other techniques the Mandiant researchers observed attackers using to bypass MFA include:
Red teams consist of cyber security analysts who plan and execute attacks against organisations for the purposes of identifying weaknesses. In 2023, Mandiant consultants used generative AI tools to speed up certain activities in red team assessments, including:
Dr. Collier told TechRepublic: The role of AI in red teaming is highly iterative with a lot of back and forth between large language models (LLMs) and a human expert. This highlights the unique contribution of both.
AI is often well suited for repetitive tasks or fetching information. Yet, having red team consultants that understand the trade craft and possess the skills to apply context provided by LLMs in practical situations is even more important.
AI was also used in Mandiants purple team engagements, where analysts must become familiar with a clients environment from the perspective of an attacker and defender to foster collaboration between red and blue teams. Generative AI was used to help them understand the customers platform and its security more quickly.
SEE: HackerOne: How Artificial Intelligence Is Changing Cyber Threats and Ethical Hacking
In the report, the authors speculated on how cyber security analysts could use AI in the future. Red teams generate a substantial amount of data that could be used to train models tuned to help secure customer environments. However, AI developers will also have to find novel ways to ensure models have appropriate guardrails in place while simultaneously allowing for the legitimate use of malicious activity by red teams.
The combination of red team expertise and powerful AI leads could result in a future where red teams are considerably more effective, and organisations are better able to stay ahead of the risk posed by motivated attackers, the authors wrote.
The metrics reported in M-Trends 2024 are based on Mandiant Consulting investigations of targeted attack activity conducted between January 1, 2023 and December 31, 2023.
See original here:
Top 5 Global Cyber Security Trends of 2023, According to Google Report - TechRepublic
- Google researchers have cracked a key internet security tool - Recode [Last Updated On: February 26th, 2017] [Originally Added On: February 26th, 2017]
- Letter: Internet security is in jeopardy - INFORUM [Last Updated On: February 26th, 2017] [Originally Added On: February 26th, 2017]
- New internet security device launched to safeguard schools against child abuse - Phys.Org [Last Updated On: February 26th, 2017] [Originally Added On: February 26th, 2017]
- Everything You Need to Know About Cloudbleed, the Latest Internet Security Disaster - Gizmodo [Last Updated On: February 26th, 2017] [Originally Added On: February 26th, 2017]
- Data from internet-connected teddy bears held ransom, security expert says - Fox News [Last Updated On: February 28th, 2017] [Originally Added On: February 28th, 2017]
- Emsisoft Internet Security 2017.2.0.7219 - TechCentral.ie [Last Updated On: February 28th, 2017] [Originally Added On: February 28th, 2017]
- What you need to know about 'Cloudbleed,' the latest internet security bug - Globalnews.ca [Last Updated On: February 28th, 2017] [Originally Added On: February 28th, 2017]
- Google cracks longtime pillar of internet security - MarketWatch [Last Updated On: February 28th, 2017] [Originally Added On: February 28th, 2017]
- BullGuard | Internet Security and Antivirus protection ... [Last Updated On: March 2nd, 2017] [Originally Added On: March 2nd, 2017]
- Internet Storm Center - SANS Internet Storm Center [Last Updated On: March 2nd, 2017] [Originally Added On: March 2nd, 2017]
- Internet-connected 'smart' devices are dunces about security - ABC News [Last Updated On: March 11th, 2017] [Originally Added On: March 11th, 2017]
- Derry internet security expert warns that advanced internet technology 'a risk to us all' - Derry Now [Last Updated On: March 11th, 2017] [Originally Added On: March 11th, 2017]
- Firewall Test, Web Tools and Free Internet Security Audit ... [Last Updated On: March 11th, 2017] [Originally Added On: March 11th, 2017]
- Internet security in the spotlight: How is the internet safer today than it was 20 years ago? - Mobile Business Insights (blog) [Last Updated On: March 11th, 2017] [Originally Added On: March 11th, 2017]
- Jim Mullen: Unsocial internet security | Columnists | auburnpub.com - Auburn Citizen [Last Updated On: March 11th, 2017] [Originally Added On: March 11th, 2017]
- Internet security company launches a perfume line to promote cybersecurity - Mashable [Last Updated On: March 12th, 2017] [Originally Added On: March 12th, 2017]
- Internet security - Wikipedia [Last Updated On: March 12th, 2017] [Originally Added On: March 12th, 2017]
- Are you undermining your web security by checking on it with the wrong tools? - The Register [Last Updated On: March 18th, 2017] [Originally Added On: March 18th, 2017]
- Bruce Schneier on New Security Threats from the Internet of Things - Linux.com (blog) [Last Updated On: March 18th, 2017] [Originally Added On: March 18th, 2017]
- Carpe Diem: home internet security - KFOX El Paso [Last Updated On: March 18th, 2017] [Originally Added On: March 18th, 2017]
- Motivation Monday: home internet security - KFOX El Paso [Last Updated On: March 18th, 2017] [Originally Added On: March 18th, 2017]
- Medical records of 26m patients at risk because of GP surgeries' failing internet security - The Sun [Last Updated On: March 18th, 2017] [Originally Added On: March 18th, 2017]
- Free Internet Security | Why Comodo Internet Security Suite ... [Last Updated On: March 18th, 2017] [Originally Added On: March 18th, 2017]
- Internet Security Software | Trend Micro USA [Last Updated On: March 18th, 2017] [Originally Added On: March 18th, 2017]
- Fix crap Internet of Things security, booms Internet daddy Cerf - The Register [Last Updated On: March 21st, 2017] [Originally Added On: March 21st, 2017]
- Internet of Things security: What happens when every device is smart and you don't even know it? - ZDNet [Last Updated On: March 21st, 2017] [Originally Added On: March 21st, 2017]
- CUJO is cuter than Wall-E, and it's the only internet security device you'll ever need - Yahoo News [Last Updated On: March 21st, 2017] [Originally Added On: March 21st, 2017]
- The Senate just voted to undo landmark rules covering your Internet privacy - Washington Post [Last Updated On: March 25th, 2017] [Originally Added On: March 25th, 2017]
- What the Cloudbleed disaster says about the state of internet security - Information Age [Last Updated On: March 25th, 2017] [Originally Added On: March 25th, 2017]
- Google Has Declared Symantec Harmful To Internet Security - UPROXX [Last Updated On: March 25th, 2017] [Originally Added On: March 25th, 2017]
- Internet Security Analysts: North Korea Is Planning a Global Bank Heist - Breitbart News [Last Updated On: March 28th, 2017] [Originally Added On: March 28th, 2017]
- Internet Security Firm Confirms WikiLeaks 'Vault 7' At Least 40 Cyberattacks Tied to the CIA - The Ring of Fire Network [Last Updated On: April 14th, 2017] [Originally Added On: April 14th, 2017]
- Homeland Security warns of 'BrickerBot' malware that destroys unsecured internet-connected devices - ZDNet [Last Updated On: April 20th, 2017] [Originally Added On: April 20th, 2017]
- A Global Industry First: Industrial Internet Consortium and Plattform Industrie 4.0 to Host Joint IIoT Security ... - Business Wire (press release) [Last Updated On: April 20th, 2017] [Originally Added On: April 20th, 2017]
- Mucheru urges private sector to boost investment in internet security - The Standard (press release) [Last Updated On: April 25th, 2017] [Originally Added On: April 25th, 2017]
- Cloudflare debuts a security solution for IoT - TechCrunch [Last Updated On: April 28th, 2017] [Originally Added On: April 28th, 2017]
- Russian-controlled telecom hijacks financial services' Internet traffic - Ars Technica [Last Updated On: April 28th, 2017] [Originally Added On: April 28th, 2017]
- Avira Internet Security Suite v15.0.26 - TechCentral.ie [Last Updated On: April 28th, 2017] [Originally Added On: April 28th, 2017]
- NSA To Limit Some Collection Of Internet Communication - NPR [Last Updated On: April 29th, 2017] [Originally Added On: April 29th, 2017]
- Report Indicates '10 Concerts' Facebook Trend Could Compromise Your Internet Security - Complex [Last Updated On: April 29th, 2017] [Originally Added On: April 29th, 2017]
- "Improving the World" through Internet Security: Chatting with David Gorodyansky, CEO of AnchorFree - Huffington Post [Last Updated On: May 3rd, 2017] [Originally Added On: May 3rd, 2017]
- Don't Fall For This Tech Support Scam Targeting PC Users - KTLA [Last Updated On: May 3rd, 2017] [Originally Added On: May 3rd, 2017]
- Yikes! Antivirus Software Fails Basic Security Tests - Tom's Guide [Last Updated On: May 3rd, 2017] [Originally Added On: May 3rd, 2017]
- Watch Hackers Sabotage an Industrial Robot Arm - WIRED [Last Updated On: May 3rd, 2017] [Originally Added On: May 3rd, 2017]
- Decoding Internet Security: Spear phishing - Washington Post [Last Updated On: May 5th, 2017] [Originally Added On: May 5th, 2017]
- From the Desk of Jay Fallis: To internet vote, or not to internet vote - BarrieToday [Last Updated On: May 7th, 2017] [Originally Added On: May 7th, 2017]
- Crippling cyberattack continues to spread around the world - Los Angeles Times [Last Updated On: May 14th, 2017] [Originally Added On: May 14th, 2017]
- Cyber Security Experts: Russia Disproportionately Targeted by Malware - Voice of America [Last Updated On: May 14th, 2017] [Originally Added On: May 14th, 2017]
- The Latest: 29000 Chinese institutions hit by cyberattack - ABC News [Last Updated On: May 15th, 2017] [Originally Added On: May 15th, 2017]
- Cyberattack Aftershock Feared as US Warns of Its Complexity - New York Times [Last Updated On: May 15th, 2017] [Originally Added On: May 15th, 2017]
- This week's poll: Priorities for improving internet security - The Engineer [Last Updated On: May 18th, 2017] [Originally Added On: May 18th, 2017]
- Akamai Releases First Quarter 2017 State of the Internet / Security Report - PR Newswire (press release) [Last Updated On: May 18th, 2017] [Originally Added On: May 18th, 2017]
- Do Macs get viruses? - PC Advisor [Last Updated On: May 18th, 2017] [Originally Added On: May 18th, 2017]
- Massive Ransomware Attack Underscores Threats To Internet Security - Benzinga [Last Updated On: May 19th, 2017] [Originally Added On: May 19th, 2017]
- Security News This Week: Hoo-Boy, Mar-a-Lago's Internet Is Insecure - WIRED [Last Updated On: May 20th, 2017] [Originally Added On: May 20th, 2017]
- Internet security firm calls for law to compel information sharing to ... - The Star, Kenya [Last Updated On: May 22nd, 2017] [Originally Added On: May 22nd, 2017]
- Check It Out: No need to unplug after reading books on internet security - The Columbian [Last Updated On: May 22nd, 2017] [Originally Added On: May 22nd, 2017]
- How to beat security threats to 'internet of things' - BBC News - BBC News [Last Updated On: May 25th, 2017] [Originally Added On: May 25th, 2017]
- Best Mac antivirus 2017 - Macworld UK [Last Updated On: May 25th, 2017] [Originally Added On: May 25th, 2017]
- Avira, Kaspersky Top Windows 10 Antivirus Tests - Tom's Guide [Last Updated On: May 25th, 2017] [Originally Added On: May 25th, 2017]
- Paranoid about internet security? Here are the most secure OS options - The American Genius [Last Updated On: May 28th, 2017] [Originally Added On: May 28th, 2017]
- Blockchain Offers Hope for the Broken Internet - Fortune [Last Updated On: May 28th, 2017] [Originally Added On: May 28th, 2017]
- New uses for RFID and security for the internet of things - Phys.Org [Last Updated On: May 31st, 2017] [Originally Added On: May 31st, 2017]
- Security Best Practices for the Internet of Things - Web Host Industry Review [Last Updated On: May 31st, 2017] [Originally Added On: May 31st, 2017]
- Internet infrastructure security guidelines for Africa unveiled - Premium Times [Last Updated On: May 31st, 2017] [Originally Added On: May 31st, 2017]
- In addressing internet security issues, make sure to provide solutions - Minneapolis Star Tribune [Last Updated On: May 31st, 2017] [Originally Added On: May 31st, 2017]
- Whistic Partners with the Center for Internet Security to Extend the ... - PR Web (press release) [Last Updated On: June 1st, 2017] [Originally Added On: June 1st, 2017]
- Internet Security Alliance: NIST framework metrics should focus on threats - Inside Cybersecurity (subscription) [Last Updated On: June 1st, 2017] [Originally Added On: June 1st, 2017]
- China cyber-security law will keep citizens' data within the Great Firewall - The Register [Last Updated On: June 1st, 2017] [Originally Added On: June 1st, 2017]
- Cyber security: Africa gets Internet security guidelines - TheNewsGuru [Last Updated On: June 1st, 2017] [Originally Added On: June 1st, 2017]
- China to Implement Its First Law on Internet Security After Ransomware Attack - Sputnik International [Last Updated On: June 1st, 2017] [Originally Added On: June 1st, 2017]
- Decoding Internet Security: Ransomware - Washington Post [Last Updated On: June 1st, 2017] [Originally Added On: June 1st, 2017]
- Internet security upgrade on course - Business Daily (press release) (blog) [Last Updated On: June 1st, 2017] [Originally Added On: June 1st, 2017]
- What's the Safest Laptop For Internet Security? - HuffPost [Last Updated On: June 2nd, 2017] [Originally Added On: June 2nd, 2017]
- Every Day Is Internet Security Day - The Chief-Leader [Last Updated On: June 3rd, 2017] [Originally Added On: June 3rd, 2017]
- 5 Reasons why internet security is crucial in 2017 - Techworm [Last Updated On: June 3rd, 2017] [Originally Added On: June 3rd, 2017]
- Are Pop-Ups An Internet Security Threat? - Good Herald [Last Updated On: June 4th, 2017] [Originally Added On: June 4th, 2017]
- 3 Ways Software Programs Can Help With Internet Security in 2017 - Geek Snack [Last Updated On: June 7th, 2017] [Originally Added On: June 7th, 2017]
- Inside Social Security: Make every day your internet security day - Santa Ynez Valley News [Last Updated On: June 7th, 2017] [Originally Added On: June 7th, 2017]
- SOCIAL SECURITY: Every day is internet security day - Palm Beach Post [Last Updated On: June 7th, 2017] [Originally Added On: June 7th, 2017]