CS Jan-Feb 2024
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
Computing<br />
Security<br />
Secure systems, secure data, secure people, secure business<br />
SAFEGUARDING HR<br />
Human resources<br />
now a key target for<br />
AI-related cybercrime<br />
NEWS<br />
OPINION<br />
INDUSTRY<br />
COMMENT<br />
CASE STUDIES<br />
PRODUCT REVIEWS<br />
THE IRON FIST<br />
Demands for ransomware<br />
not to be paid stepped up<br />
BREAKTHROUGH?<br />
Experts pinpoint some of<br />
best strategies that can help<br />
you stay safe in <strong>2024</strong><br />
ALL AT SEA<br />
Tempest of threats lashes<br />
organisations fighting to stay<br />
above the waterline<br />
Computing Security <strong>Jan</strong>uary/<strong>Feb</strong>ruary <strong>2024</strong>
comment<br />
DEAL OR NO DEAL?<br />
EDITOR: Brian Wall<br />
(brian.wall@btc.co.uk)<br />
LAYOUT/DESIGN: Ian Collis<br />
(ian.collis@btc.co.uk)<br />
SALES:<br />
Edward O’Connor<br />
(edward.oconnor@btc.co.uk)<br />
+ 44 (0)1689 616 000<br />
Daniella St Mart<br />
(daniella.stmart@btc.co.uk)<br />
+ 44 (0)1689 616 000<br />
Stuart Leigh<br />
(stuart.leigh@btc.co.uk)<br />
+ 44 (0)1689 616 000<br />
In early December 2023, a provisional deal was struck on what would be landmark<br />
European Union rules governing the use of artificial intelligence, including<br />
governments' use of AI in biometric surveillance and how to regulate AI systems,<br />
such as ChatGPT.<br />
"With the political agreement, the EU moves toward becoming the first major<br />
world power to enact laws governing AI," enthused global news agency Reuters after<br />
the agreement was announced. The moment was hard won: it came after almost<br />
15 hours of negotiations between EU countries and European Parliament members,<br />
which followed an almost 24-hour debate the previous day.<br />
The accord requires foundation models such as ChatGPT and general-purpose AI<br />
systems (GPAI) to comply with transparency obligations before they are put on the<br />
market. These include drawing up technical documentation, complying with EU<br />
copyright law and disseminating detailed summaries about the content used for<br />
training - and much more, which Computing Security will cover in future issues.<br />
Not everyone is happy about the outcome, including DigitalEurope whose director<br />
general Cecilia Bonefeld-Dahl commented: "We have a deal, but at what cost? We fully<br />
supported a risk-based approach, based on the uses of AI, not the technology itself,<br />
but the last-minute attempt to regulate foundation models has turned this on its head."<br />
Brian Wall<br />
Editor<br />
Computing Security<br />
brian.wall@btc.co.uk<br />
PUBLISHER: John Jageurs<br />
(john.jageurs@btc.co.uk)<br />
Published by Barrow & Thompkins<br />
Connexions Ltd (BTC)<br />
35 Station Square,<br />
Petts Wood, Kent, BR5 1LZ<br />
Tel: +44 (0)1689 616 000<br />
Fax: +44 (0)1689 82 66 22<br />
SUBSCRIPTIONS:<br />
UK: £35/year, £60/two years,<br />
£80/three years;<br />
Europe: £48/year, £85/two years,<br />
£127/three years<br />
R.O.W:£62/year, £115/two years,<br />
£168/three years<br />
Single copies can be bought for<br />
£8.50 (includes postage & packaging).<br />
Published 6 times a year.<br />
© <strong>2024</strong> Barrow & Thompkins<br />
Connexions Ltd. All rights reserved.<br />
No part of the magazine may be<br />
reproduced without prior consent,<br />
in writing, from the publisher.<br />
www.computingsecurity.co.uk <strong>Jan</strong>/<strong>Feb</strong> <strong>2024</strong> computing security<br />
@<strong>CS</strong>MagAndAwards<br />
3
Secure systems, secure data, secure people, secure business<br />
Computing Security <strong>Jan</strong>uary/<strong>Feb</strong>ruary <strong>2024</strong><br />
inside this issue<br />
CONTENTS<br />
Computing<br />
Security<br />
NEWS<br />
OPINION<br />
INDUSTRY<br />
COMMENT<br />
CASE STUDIES<br />
PRODUCT REVIEWS<br />
SAFEGUARDING HR<br />
THE IRON FIST<br />
Demands for ransomware<br />
Human resources<br />
not to be paid stepped up<br />
now a key target for<br />
AI-related cybercrime<br />
BREAKTHROUGH?<br />
Experts pinpoint some of<br />
best strategies that can help<br />
you stay safe in <strong>2024</strong><br />
ALL AT SEA<br />
COMMENT 3<br />
Deal or no deal?<br />
Tempest of threats lashes<br />
organisations fighting to stay<br />
above the waterline<br />
NEWS 6 & 8<br />
Hornetsecurity reveals a staggering<br />
144% increase in phishing<br />
Cyberattacks are breaching defences<br />
on a massive scale<br />
Support-line aims to ward off attackers<br />
New platform out to deliver vital boost<br />
to cyber resilience<br />
If you're feeling vulnerable…<br />
ARTICLES<br />
THROUGH THE LURKING GLASS 10<br />
How might the 'darker forces' of cyber<br />
security impact the industry in <strong>2024</strong>? In<br />
this in-depth feature, we open up the<br />
space to allow several observers to put<br />
forward their thoughts on what might be<br />
lurking up ahead over the next 12 months<br />
THE SAFEGUARDING OF HR 14<br />
Robert O'Brien of MetaCompliance on<br />
the power of cyber security training<br />
AI - WHERE NEXT? 18<br />
With ever more alarming news emerging<br />
TOP-LEVEL FIBRE BEHIND CYBER 16<br />
about the perils of AI, how might the<br />
VIPRE Security offers its key pointers for<br />
technology advance and mutate from here -<br />
getting executive support for cybersecurity<br />
and what will that mean for the security<br />
industry as AI’s powers, for good and bad,<br />
continue to expand at a remarkable rate?<br />
NO COMPROMISE ON TRUST 21<br />
No device, nor user, should be trusted<br />
until secure authentication has taken<br />
place, insists one leading vendor<br />
LIFE INSIDE THE CLOUDS 27<br />
PHISHING FOR THE ANSWERS 22<br />
Traditional cloud security is failing the<br />
Domain phishing scams have now reached<br />
modern enterprise, claims new research<br />
unprecedented levels of sophistication. a<br />
far remove from the phishing scams of old,<br />
POINT OF IMPACT 28<br />
says one observer: “Cybercriminals have<br />
In 2023, some of the biggest corporate<br />
evolved their tactics, crafting websites that<br />
names were brought to their knees. Can<br />
mirror legitimate domains with alarming<br />
we truly expect anything better for <strong>2024</strong>?<br />
precision”.<br />
WE SHALL NOT BE MOVED! 24<br />
The US government and dozens of foreign<br />
allies have pledged never to pay ransom<br />
FIGHTING BACK ON ALL FRONTS 32<br />
demands, in a bid to discourage financially<br />
Stealers, loaders, zero-day exploits, brute<br />
motivated hackers and ransomware gangs<br />
force attacks, ransomware, - the list of<br />
from profiteering when cyber-attackers<br />
vulnerabilities is overwhelming. How can<br />
strike. Now, who will be the first to blink?<br />
organisations stay above the water line?<br />
computing security <strong>Jan</strong>/<strong>Feb</strong> <strong>2024</strong> @<strong>CS</strong>MagAndAwards www.computingsecurity.co.uk<br />
WHY AI IS ON ALL OUR MINDS 31<br />
More reflections on artificial intelligence.<br />
See also our main feature on pages 18-20<br />
4
Layers aren’t just for cakes; they’re<br />
essential in cybersecurity’s secret<br />
recipe for protection!<br />
Bake it happen with VIPRE Security Group. Secure your<br />
bytes before you take a bite with Email Security, Endpoint<br />
Security and User Protection<br />
www.vipre.com
news<br />
Bernard Montell.<br />
HORNETSECURITY REVEALS EVER-GROWING THREAT FROM CYBERCRIMINALS<br />
Cyber Security Report uncovers massive step-up in phishing attacks<br />
CYBERATTACKS BREACHING<br />
DEFENCES ON MASSIVE SCALE<br />
Security leadership "needs to be<br />
involved in high-end business decision<br />
making".<br />
Of the cyberattacks that have been<br />
experienced by UK organisations in<br />
the last two years, 48% of these were<br />
successful, according to Tenable.<br />
"This forces security teams to focus<br />
time and efforts on reactively<br />
mitigating cyberattacks, rather than<br />
preventing them in the first instance,"<br />
says the company. With just 60% of<br />
UK organisations confident that their<br />
cybersecurity practices are capable of<br />
successfully reducing the organisation's<br />
risk exposure, there is obviously work<br />
to be done. Comments Bernard Montel,<br />
EMEA technical director and security<br />
strategist, Tenable: "Our study confirms<br />
that security teams are being overwhelmed<br />
by the sheer volume of cyberattacks<br />
they have to react to.<br />
As the attack surface becomes ever<br />
more complex, this imbalance will only<br />
worsen. Security leadership needs to be<br />
involved in high-end business decision<br />
making."<br />
An analysis of 45 billion emails found a 144% increase in<br />
'Daniel Hofmann.<br />
phishing, compared to last year, rising from 12.5% of all<br />
threats in 2022 to 30.5% this year. Hornetsecurity's Cyber<br />
Security Report <strong>2024</strong> reveals the growing threat of cybercriminals<br />
using harmful web links in this way.<br />
It is phishing, however, that remains the most common email<br />
attack technique, states the company. Its use increased by<br />
nearly 4% points this year, rising from 39.6% to 43.3% of all<br />
email attacks. Commenting on the latest report findings,<br />
Daniel Hofmann, Hornetsecurity CEO, says: "Email continues<br />
to be one of the key methods of attack that threat actors use -<br />
and it's essential that firms of all sizes, and across all sectors,<br />
put in place a robust email security strategy to future-proof<br />
their business. The boom in malicious web links and steady rise<br />
in phishing demonstrates that organisations cannot underestimate<br />
the damage such threats can cause and must ensure they use next gen security service,<br />
while also maintaining security awareness throughout the workplace."<br />
Of the 45 billion emails analysed, more than a third (36.4%) were categorised as unwanted.<br />
Within this category, just over 3.6% - or more than 585 million - were identified as malicious.<br />
This represents the widespread nature of the risk, with a vast number of emails posing potential<br />
threats. Threat actors are savvy and adaptable, adds the company, stating: "In the last year,<br />
following Microsoft disabling macros by default in Office, there was a significant decline in the<br />
use of DOCX files (by 9.5 percentage points) and XLSX files (by 6.7 percentage points). Instead,<br />
cyber-criminals opted for HTML files [37.1% of files analysed], PDFs [23.3%] and Archive files<br />
[20.8%]. HTML file usage is a particularly notable trend: usage rose by 76.6% over the last year."<br />
To see the full Cyber Security Report, including predictions for <strong>2024</strong>, go to:<br />
https://www.hornetsecurity.com/en/cyber-security-report<br />
CYBER THREATS ARE HITTING BUSINESS LEADERS HARD<br />
Cyberattacks are growing increasingly sophisticated, with 97% of companies<br />
being targeted by email-based phishing attacks in 2022.<br />
That is the finding of Mimecast's 2023 State of Email Security report. This increase<br />
in cyber threats is having a real impact on business leaders, the company says,<br />
show-ing that "cyber risk is not just an IT problem, but a critical vulnerability for<br />
the organisation".<br />
The most prevalent attacks highlighted in the report reported are phishing,<br />
ransomware and spoofing. Phishing was found to be the most widespread,<br />
especially among large enterprises with more than 10,000 employees, where<br />
73% reported a significant rise in phishing attempts.<br />
Smaller businesses were affected more severely. Although two-thirds reported<br />
falling victim to ransomware, 73% of those who acknowledged suffering<br />
a ransomware attack were from companies with 1,000-5,000 employees.<br />
6<br />
computing security <strong>Jan</strong>/<strong>Feb</strong> <strong>2024</strong> @<strong>CS</strong>MagAndAwards www.computingsecurity.co.uk
DON’T<br />
SaaSSS<br />
GET YOUR<br />
KICKED! !<br />
TAKE CONTROL NOW AND<br />
PROTECT YOUR SaaS DATA<br />
Global SaaS vendors like Microsoft, Google and Salesforce<br />
don’t assume any responsibility for your data hosted<br />
in their applications. So, it’s up to you to take control<br />
and fully protect your SaaS data from cyber threats or<br />
accidental loss. Arcserve SaaS Backup offers complete<br />
protection for your SaaS data, eliminating business<br />
interruptions due to unrecoverable data loss.<br />
Arcserve SaaS Backup<br />
Complete protection for all your SaaS data.<br />
arcserve.com<br />
The unified data resilience platform
news<br />
Sukru Ilker Birakoglu.<br />
SUPPORT-LINE AIMS TO WARD OFF ATTACKERS<br />
With almost a third of UK businesses reporting a cyber<br />
breach or attack in the past 12 months, a cyber and<br />
data security support-line has been launched.<br />
The 'My Cyber Clinic' support-line - from consultancy<br />
<strong>CS</strong>S Assure - is described as a "low-cost and<br />
comprehensive solution, which provides businesses with<br />
a highly experienced taskforce of cyber and data security<br />
experts on speed dial to safeguard them from threats<br />
and breaches".<br />
Charlotte Riley, director of information security at<br />
technology at <strong>CS</strong>S Assure, comments: "Too often,<br />
Charlotte Riley.<br />
businesses are put off from protecting themselves from<br />
a cyber-attack or data breach due to the associated costs and not knowing where to<br />
start. However, with virtually everything connected to the internet in today's digital<br />
world, the need to protect valuable data is more important than ever."<br />
IF YOU'RE FEELING VULNERABLE…<br />
SAP patch monitoring and configuration<br />
automated to boost protection<br />
A new offering from Logpoint - the<br />
Vulnerability Monitoring Analyzer - is<br />
focused on enabling organisations to<br />
automate the assessment of SAP patches<br />
and ease how these are prioritised.<br />
"As SAP patching is carried out manually,<br />
automating the patch review process will<br />
bolster the protection of SAP systems and<br />
help safeguard against cybercriminals<br />
looking to exploit systems lacking critical<br />
security updates," states the company.<br />
Comments Sükrü Ilker Birakoglu, who<br />
is senior director at Logpoint: "With the<br />
Vulnerability Monitoring Analyzer, we<br />
aim to help SAP basis managers and<br />
administrators and SAP security<br />
consultants enhance efficiency, amplify<br />
the security posture and improve<br />
the uptime of their most valuable<br />
applications by automating SAP patch<br />
monitoring and configuration."<br />
And he adds: "We provide actionable<br />
insights to help customers work<br />
effectively on remediating the most<br />
critical issues faster."<br />
PLATFORM TARGETS BOOST TO CYBER RESILIENCE<br />
Commvault Cloud, powered by Metallic AI, takes on the<br />
attackers<br />
The new Commvault Cloudplatform, claims the company,<br />
can "radically improve cyber resilience in an era of non-stop<br />
ransomware and malicious cyberattacks".<br />
Commvault Cloud has been designed specifically, it states,<br />
in order to enable users to predict threats faster, ensure<br />
clean recoveries and accelerate threat response times.<br />
Comments Sanjay Mirchandani, president and CEO,<br />
Commvault: "Achieving enterprise-grade cyber resilience<br />
is more than building taller walls or deeper moats. It Sanjay Mirchandani.<br />
requires a new approach that looks holistically across the<br />
entire landscape, from best-in-class data protection and security to AI-powered data<br />
intelligence and lightning-fast recovery."<br />
SOLUTION AIMS TO SAFEGUARD STUDENTS FROM HARMFUL CONTENT<br />
J<br />
amf Safe Internet, said to be a comprehensive content filtering and web security<br />
solution optimised for education, is now available on Chromebook.<br />
"Jamf Safe Internet is designed to help schools protect students from harmful<br />
content on the internet, inappropriate websites and phishing attacks," says Jamf,<br />
"while also allowing admins to enforce acceptable-use policies in a seamless way."<br />
Adds Suraj Mohandas, vice president of strategy, Jamf: "With technology now firmly<br />
embedded in the student experience, there is a growing need for digital safety<br />
across all devices to eliminate cyberattacks and prevent students from accessing<br />
unsafe content."<br />
8<br />
computing security <strong>Jan</strong>/<strong>Feb</strong> <strong>2024</strong> @<strong>CS</strong>MagAndAwards www.computingsecurity.co.uk
Simplify work,<br />
protect devices<br />
and data<br />
with Jamf’s award-winning solution<br />
Trusted Access is Jamf’s vision for<br />
a zero trust experience that users<br />
love and organisations trust. Only<br />
authorised users, on enrolled devices<br />
that are secure and compliant,<br />
can access sensitive data.<br />
Visiting Black Hat Europe<br />
on 6–7 December?<br />
Join us at stand 513.<br />
www.jamf.com<br />
REQUEST<br />
Y O U R<br />
F R E E<br />
TRIAL<br />
TODAY
<strong>2024</strong> predictions<br />
THROUGH THE ‘LURKING’ GLASS<br />
HOW MIGHT THE 'DARKER FORCES' OF CYBER SECURITY IMPACT THE INDUSTRY IN <strong>2024</strong>?<br />
HERE, SEVERAL OBSERVERS OFFER THEIR THOUGHTS ON WHAT MIGHT BE LURKING UP AHEAD<br />
It's the question that so many in the cyber<br />
security industry have all been asking<br />
themselves of late, even when escaping the<br />
office, home or away, for a welcome festive<br />
break: what can we expect in the year ahead?<br />
Lots of positives to underpin a thriving<br />
business, hopefully, but also recognition that<br />
the darker forces that threaten organisations<br />
at large will not be going away. What do<br />
some of those 'in the field' make of it all?<br />
Yvonne Bernard, CTO, Hornetsecurity:<br />
It's no secret that generative artificial<br />
intelligence (gen AI) has quickly become<br />
a force to be reckoned with. Since the public<br />
release of ChatGPT in November 2022 and its<br />
following viral popularity, gen AI has turned<br />
the cybersecurity industry on its head, with<br />
OpenAI's ChatGPT registering more than<br />
180 million unique visitors as of August 2023,<br />
according to Reuters.<br />
In <strong>2024</strong>, cybercriminals can be expected<br />
to continue developing their understanding<br />
of dark web variants of ChatGPT - such as<br />
DarkBERT and WormGPT - to automate<br />
additional portions of a cyberattack chain<br />
(also known as a cyber kill chain). If successful<br />
in their endeavours, it will likely mean that<br />
cybercriminals will have the ability to speed<br />
up the rate of their attacks even further.<br />
These AI tools allow even inexperienced<br />
cybercriminals to not only launch attacks, but<br />
also learn how to facilitate attacks. As such,<br />
it has driven an increase in cyberattacks<br />
throughout 2023. Spear-phishing remains<br />
the most popular type of attack and, with<br />
the popularity of gen AI, it is likely not only<br />
to remain popular, but notably increase,<br />
given that spear-phishing attack chains can<br />
be completely automated and thus<br />
significantly simplified, due to<br />
personalised spear-phishing methods. With<br />
gen AI, users now only need a few pieces of<br />
information, such as an email address or place<br />
of employment, to initiate spear-phishing<br />
attacks.<br />
On top of all that, with the advent of new<br />
technology also comes new opportunities for<br />
criminal activity from bad actors - consider the<br />
potential for a cyberattack against a gen<br />
AI service. The goal of an attack of this kind<br />
likely would be to poison the gen AI tool's<br />
responses to spread misinformation. So,<br />
what are businesses to do? AI seems like a<br />
challenging opponent to best, but companies<br />
that have stringent training and tools in place<br />
among their employees are well set up to<br />
defend against even the most sophisticated<br />
AI-aided cyberattacks.<br />
The latest security tools are already using AI<br />
for good, to help detect attacks. Additionally,<br />
the risks of account hijacking can be reduced<br />
with the use of innovative two-factor identification<br />
(2FA) methods, such as FIDO2 (Fast<br />
IDentity Online).<br />
Effective cybersecurity also comes down to<br />
people. It is imperative to implement a 'human<br />
firewall', whereby employees are trained to<br />
recognise potential cyberattacks. This includes<br />
establishing the 'mindset-skillset-toolset' triad:<br />
Mindset: raise employee awareness of<br />
growing cyber threats<br />
Skillset: implement awareness training<br />
from classic learning forms with simulations<br />
Toolset: include tools to support employee<br />
security behaviour, such as password managers<br />
to protect against log-in data theft.<br />
Companies that remain vigilant and up to<br />
date on these gen AI and other emerging<br />
technological developments, and adjust their<br />
security accordingly, will be best equipped<br />
for cyber safety in <strong>2024</strong> and beyond.<br />
Usman Choudhary, chief product and<br />
technology officer at VIPRE Security Group<br />
Generative AI will drive self-service security<br />
and help to alleviate the cyber talent shortage.<br />
Historically, security has been considered a<br />
highly specialised and technical profession.<br />
As a result, security teams in enterprises have<br />
borne the burden of keeping the organisation<br />
safe, alongside attempts to encourage involvement<br />
from technology users and staff to also<br />
take ownership by staying vigilant to help<br />
thwart phishing attacks and other scams.<br />
Generative AI will change this in <strong>2024</strong>,<br />
initiating a drive towards self-service cybersecurity.<br />
This technology will commoditise and<br />
democratise security by providing Natural<br />
Language Processing-based tools to<br />
enable employees to identify fraudulent<br />
10<br />
computing security <strong>Jan</strong>/<strong>Feb</strong> <strong>2024</strong> @<strong>CS</strong>MagAndAwards www.computingsecurity.co.uk
<strong>2024</strong> predictions<br />
activity independently and accurately, to<br />
effectively escalate to infosecurity teams as<br />
appropriate. Likewise, infosecurity teams<br />
will have at their disposal capabilities that<br />
automate time- and resource-intensive<br />
processes across the cybersecurity spectrum.<br />
All this combined will make a marked stride<br />
in helping to alleviate the global cyber talent<br />
shortage.<br />
Investment in security will see an upsurge to<br />
reflect generative AI. As much as AI is a tool<br />
that will help to make strides in strengthening<br />
cybersecurity defences, it is also a technique<br />
that is being widely deployed by threat actors<br />
to breach those safeguards with success.<br />
Following a period of relatively stationary<br />
budgets, enterprises will increase spending<br />
in security, investing especially in generative<br />
AI-based products, services and cybersecurity<br />
skills.<br />
Aaron Kiemele, CISO at Jamf<br />
In <strong>2024</strong>, cybersecurity teams will need to be<br />
extra vigilant about nation state threats. Major<br />
elections taking place across the world, as well<br />
as the continued conflict in Ukraine and Israel,<br />
will drive increased cyberattacks from statesponsored<br />
groups. Advanced persistent threat<br />
(APT) groups linked to foreign governments<br />
will expand their targets beyond large organisations<br />
in critical infrastructure or sensitive<br />
industries. Smaller businesses in the supply<br />
chain or partner ecosystem will increasingly<br />
be attacked as vectors to the true targets.<br />
Collaboration, management and cloud tools<br />
used by smaller suppliers will be attractive<br />
targets for nation state actors. These tools<br />
hold sensitive data and access that could<br />
provide an easy pathway for lateral movement<br />
towards a larger primary target. Organisations<br />
of all sizes will need to ensure they are not<br />
the weak link that allows adversaries access<br />
to their partners and customers. Cybersecurity<br />
teams should expand their protection, detection<br />
and response capabilities, with nation<br />
state campaigns in mind. Partnering closely<br />
with governments and information-sharing<br />
organisations will also be key to identify and<br />
defend against threats early.<br />
Ultimately, the APT landscape in <strong>2024</strong> will be<br />
highly complex. But with robust preparation<br />
and cooperation, organisations can develop<br />
appropriate resilience against even significant<br />
nation state capabilities.<br />
Simon Hodgkinson, former BP CISO<br />
and strategic adviser to Semperis<br />
Businesses are finally starting to understand<br />
that cyber isn't a topic for the IT department,<br />
but an enterprise risk. Earlier this year, Uber's<br />
former chief security officer was sentenced for<br />
his role in covering up a data breach. Such<br />
headlines drive home an important message:<br />
Organisations are waking up to the fact that<br />
security and operational resilience need to<br />
be owned by the boardroom. Incoming<br />
regulations such as NIS2, as well as the<br />
general rise in cyber awareness, reinforce<br />
this. Operational technology is one area<br />
that's particularly difficult to protect and<br />
organisations will need to put mitigating<br />
controls in place to counter the risks.<br />
Guido Grillenmeier, principal technologist,<br />
Semperis<br />
Attackers are still exploiting basic vulnerabilities<br />
- with the help of AI. The core weak<br />
spots used by attackers haven't changed<br />
over the years and are still being exploited<br />
successfully. Take Active Directory as an<br />
example, Microsoft's core identity service,<br />
which is used by hackers to gain user<br />
privileges and penetrate deeper into their<br />
victim's network. Attackers' initial entry<br />
methods are evolving, though, with Artificial<br />
Intelligence allowing cybercriminals to create<br />
ever more sophisticated and convincing<br />
phishing campaigns that play tricks with<br />
users' emotions. Even users with a high level<br />
of security awareness can now get caught out<br />
by such incredibly well-engineered phishing<br />
attempts. The release of Windows Server<br />
2025 towards the end of <strong>2024</strong> recognises<br />
the need to reinforce identity security, with<br />
the introduction of some additional security<br />
Yvonne Bernard, Hornetsecurity: with the<br />
advent of new technology also comes<br />
new opportunities for criminal activity<br />
from bad actors.<br />
Usman Choudhary, VIPRE: generative AI will<br />
drive self-service security and help to alleviate<br />
the cyber talent shortage.<br />
www.computingsecurity.co.uk @<strong>CS</strong>MagAndAwards <strong>Jan</strong>/<strong>Feb</strong> <strong>2024</strong> computing security<br />
11
<strong>2024</strong> predictions<br />
Aaron Kiemele, Jamf: smaller businesses<br />
in the supply chain or partner ecosystem<br />
will increasingly be attacked as vectors to<br />
the true targets.<br />
Simon Hodgkinson, Semperis: Businesses<br />
are finally starting to understand that cyber<br />
is an enterprise risk.<br />
features in Active Directory. It is good to see<br />
that there is a bigger focus placed on identity<br />
protection.<br />
Zscaler<br />
AI and machine learning (ML) will resurface<br />
the data privacy debate. We are starting<br />
to see customers asking about how best to<br />
protect their own data when working with<br />
third-party providers. There is a growing<br />
concern that, as cloud providers and other<br />
vendors have access to an organisation's<br />
data, they are more likely to become a<br />
target of bad actors to acquire a company's<br />
data using AI and ML solutions.<br />
Additionally, there is also a legislation<br />
discussion to be had, as GDPR currently<br />
puts AI models in jeopardy. As models are<br />
trained on datasets, organisations need<br />
a stable and consistent set of data, in<br />
order to be as accurate as possible. GDPR<br />
currently says that companies should only<br />
keep data for as long as it is necessary<br />
to process it, which could have serious<br />
implications for AI models moving forward.<br />
In <strong>2024</strong>, we expect companies to revisit<br />
their data privacy statutes and strive to<br />
enforce more bespoke data loss prevention<br />
(DLP) tools to secure their datasets and<br />
ensure data privacy is at the top of the<br />
cybersecurity agenda.<br />
Organisations will need to learn to hide<br />
their attack surface at a data level. The<br />
influx of generative AI, such as ChatGPT,<br />
has forced businesses to realise that, if their<br />
data is available on the internet, then it<br />
can be used by generative AI and therefore<br />
competitors, no matter if it is an owned IP<br />
or not. So, if organisations want to avoid<br />
their IP getting utilised by AI tools, then<br />
they will need to ensure their attack surface<br />
is now hidden on a data level, rather than<br />
just at an application level. Based on this<br />
trend, we predict we will see initiatives<br />
to classify data into risk categories and<br />
implement security measurements<br />
accordingly to prevent leakage of IP.<br />
Amit Sinha, CEO, DigiCert<br />
AI may be a coup for defenders, but in <strong>2024</strong><br />
attackers are going to use it to develop new<br />
tactics and launch ever-more sophisticated<br />
attacks. At the most basic level, they'll be<br />
able to use generative AIs like ChatGPT or<br />
malicious versions like FraudGPT to educate<br />
themselves on how to plan and perpetrate<br />
cyberattacks, with little pre-existing technical<br />
knowledge or coding experience. Even fledgling<br />
attackers will be able to use AI capabilities<br />
to scrape key information about potential<br />
victims, harvesting crucial data from<br />
around the internet to enable social engineering<br />
attacks and perpetrate identity fraud.<br />
Generative AIs will be increasingly used to<br />
create sophisticated malware that can avoid<br />
detection by using advanced techniques like<br />
Steganography. Indeed, examples of this<br />
have already emerged. These 'intelligent'<br />
malware strains will be harder to anticipate<br />
and many legacy detection systems will<br />
struggle to keep up against these new<br />
threats.<br />
Just as AI technologies will grant the ability<br />
to create websites quickly, it will allow attackers<br />
to create fake websites, watering holes<br />
and phishing websites like never before -<br />
because of AI's ability to write, build and<br />
render a page as fast as a search result can<br />
be delivered.<br />
Generative AIs are also capable of impersonating<br />
others by learning their writing style<br />
and tone of voice. This sets the stage for<br />
advanced phishing attacks that can better<br />
impersonate a victim's colleagues, friends or<br />
family than a real human can. This will give<br />
spear-phishing and highly targeted phishing<br />
attacks a much greater degree of authenticity,<br />
especially because they'll emanate from<br />
trusted accounts that the intended victim<br />
supposedly knows well. Better and more<br />
realistic Deepfakes will also emerge, which<br />
will fuel social engineering and<br />
12<br />
computing security <strong>Jan</strong>/<strong>Feb</strong> <strong>2024</strong> @<strong>CS</strong>MagAndAwards www.computingsecurity.co.uk
<strong>2024</strong> predictions<br />
disinformation campaigns. The threat of AIempowered<br />
cyber-attacks are understood by<br />
many. A 2023 survey showed that 81% of<br />
respondents were concerned about the<br />
potential risks associated with the rise of<br />
generative AIs like ChatGPT, while only 7%<br />
were optimistic that AI tools could enhance<br />
internet safety. In <strong>2024</strong>, those concerns may<br />
be vindicated.<br />
Brian Martin, director of product<br />
management, Integrity360<br />
In <strong>2024</strong>, we foresee the evolution of threat<br />
exposure management taking hold as a<br />
concept in the market. With many prevalent<br />
and upcoming technologies centred on CTEM<br />
[Continuous Threat Exposure Management]<br />
at present, it suggests that it's going to start<br />
becoming mainstream next year.<br />
CTEM will enable organisations to be more<br />
proactive about identifying and assessing key<br />
problem areas in the attack surface that has<br />
grown substantially in the last couple of years.<br />
However, this will extend beyond simply<br />
identifying and addressing vulnerabilities,<br />
enabling organisations to alter their posture,<br />
looking at users, security controls and other<br />
key pieces of the puzzle needed to change<br />
to ensure best practices are embraced. A more<br />
widespread embrace of CTEM is also likely to<br />
accelerate the convergence of key security<br />
tools.<br />
When we talk about threat exposure<br />
management, there's a few different pillars,<br />
products and capabilities, including: external<br />
attack surface management, cyber asset<br />
management, attack path management,<br />
digital risk protection, vulnerability assessment<br />
and management, and continuous testing.<br />
Currently, these are all separate products -<br />
that's likely to change in the year ahead.<br />
Consolidation is going to be a theme for<br />
<strong>2024</strong>, as previously standalone products<br />
continue to become features of broader<br />
overarching solutions, such as CTEM<br />
programmes.<br />
Jamal Elmellas, chief operating officer<br />
at Focus-on-Security<br />
Skills shortages will begin to be felt, due to<br />
them being cumulative. There is an annual<br />
shortfall of 11,200 cybersecurity employees,<br />
according to UK Government research, and<br />
this is cumulative, which means year-on-year<br />
the shortage is intensifying.<br />
Moreover, an increase in demand for cyber<br />
roles of 30% and growth in employment<br />
of 10% over the course of 2022 indicates<br />
demand is also on the up. In <strong>2024</strong>, the<br />
shortages of skilled cybersecurity employees<br />
will start to bite and businesses will no<br />
longer be able to keep doing what they have<br />
been doing and recruit from the same small<br />
pool of talent. Recruitment strategies will<br />
have to become more creative in a bid to<br />
identify raw talent, if security teams don't<br />
want to be left short staffed.<br />
Emergence of more low cost or free<br />
training schemes to boost intake. Industry<br />
bodies have already taken proactive action,<br />
with the likes of (ISC)2 offering a million free<br />
entry level certification courses and exams,<br />
while in the US a number of universities have<br />
launched free online courses. Advances in<br />
the provision of courses online mean this is<br />
now a viable low-cost alternative. So, next<br />
year we can expect to see more subsidised or<br />
free training, in a bid to attract more people<br />
into the sector or to upskill professionals to<br />
fill those roles that are in high demand.<br />
A brain drain as more senior execs leave the<br />
field, due to stress and burnout. Stress levels<br />
continue to be high, with incidents and alert<br />
levels on the rise, which means we are on<br />
track to realise Gartner's prediction of 50%<br />
of cybersecurity leaders changing jobs and<br />
25% leaving by 2025. Thus far that exodus<br />
has been tempered by the cost-of-living<br />
crisis, but, as inflation stabilises and confidence<br />
returns, there will be an exodus at the<br />
top. Given the years of experience needed to<br />
fill these roles, this could seriously destabilise<br />
security teams and stall security projects.<br />
Guido Grillenmeier, Semperis: good to<br />
see that there is a bigger focus placed<br />
on identity protection.<br />
Amit Sinha, DigiCert: AI technologies will<br />
allow attackers to create fake websites,<br />
watering holes and phishing websites<br />
like never before.<br />
www.computingsecurity.co.uk @<strong>CS</strong>MagAndAwards <strong>Jan</strong>/<strong>Feb</strong> <strong>2024</strong> computing security<br />
13
training<br />
SAFEGUARDING HR IN THE AGE OF INCESSANT THREAT<br />
ROBERT O'BRIEN OF METACOMPLIANCE HIGHLIGHTS HOW DEPARTMENTAL CYBER SECURITY<br />
TRAINING CAN HELP PROTECT AGAINST THE RELENTLESS CYBER THREATS FACED BY HR TEAMS<br />
MetaCompliance chief evangelist Robert<br />
O'Brien: AI-related cybercrime has led to<br />
a surge in targeted attacks, with the<br />
human resources department of<br />
particular focus.<br />
Imagine that you had the opportunity<br />
to hire a talent management professional<br />
whose qualifications were<br />
unparalleled, suggests Robert O'Brien,<br />
chief evangelist, MetaCompliance. "They<br />
possess not only an in-depth understanding<br />
of HR systems, people management<br />
processes and recruitment strategies, but<br />
also an extensive knowledge of sociology,<br />
behavioural economics and a myriad<br />
of other skills. Enter the era of AI, the<br />
epitome of this visionary professional."<br />
Whether you embrace it or resist it,<br />
AI is an indomitable force that is here to<br />
stay, he points out, with its impact set to<br />
dwarf the transformative influence of the<br />
internet in the workplace. "The world of<br />
tomorrow, shaped by AI, will make our<br />
current interactions with technology<br />
seem as rudimentary as child's play."<br />
Most organisations are currently<br />
grappling with the challenges posed<br />
by employees incorporating AI, such as<br />
chatbots and GPTs, into their daily work<br />
routines, O'Brien continues. "These challenges<br />
encompass a wide array of issues,<br />
with two critical concerns rising to the<br />
surface: PR vulnerability and the fallibility<br />
of AI responses, which are at the forefront<br />
of the problems organisations must<br />
navigate as they embrace AI adoption.<br />
"On the flip side, cybercriminals exhibit<br />
no hesitation in embracing AI and are<br />
eagerly leveraging this technology to<br />
amplify their assaults on organisations,<br />
motivated by both mischief and financial<br />
gain." For specific departments in the<br />
organisation, this enthusiasm for AIrelated<br />
cybercrime has led to a surge in<br />
targeted attacks,<br />
with the human resources<br />
department of particular focus.<br />
Cybercriminals are harnessing the<br />
wealth of knowledge provided by AI to<br />
impersonate HR personnel, their trusted<br />
suppliers and other high-ranking executive<br />
functions. This deception enables<br />
them to infiltrate confidential data<br />
stores and exploit the authority of the<br />
HR department, often manipulating<br />
privileged interactions within the<br />
organisation for their deceitful ends."<br />
SURGE IN ATTACKS ON HR<br />
Traditionally, cyber threats involved<br />
remote hackers employing social<br />
engineering techniques or leveraging<br />
vulnerabilities in outdated software<br />
systems," states O'Brien. "While these<br />
methods are still prevalent, the advent<br />
of AI technology has opened a Pandora's<br />
box of possibilities for cybercriminals.<br />
This evolution is driven by the increased<br />
sophistication of AI, allowing it to<br />
automate and enhance the effectiveness<br />
of various cyberattack vectors.<br />
"The potential consequences of AIdriven<br />
attacks are nothing short of<br />
alarming. We're no longer dealing solely<br />
14<br />
computing security <strong>Jan</strong>/<strong>Feb</strong> <strong>2024</strong> @<strong>CS</strong>MagAndAwards www.computingsecurity.co.uk
training<br />
LEFT: The increased sophistication of AI<br />
has allowed it to enhance the effectiveness<br />
of cyberattack vectors.<br />
with<br />
stolen<br />
passwords<br />
or isolated cyber<br />
incidents. Instead, we face a<br />
multi-faceted threat landscape that can<br />
have devastating repercussions for organisations<br />
and individuals alike. Among<br />
these consequences, three aspects loom<br />
large: data breaches, reputational<br />
damage and legal implications. Each<br />
poses a unique set of challenges for HR<br />
teams and the organisations they serve."<br />
He adds: "In a survey conducted in<br />
August 2023, involving 205 IT security<br />
decision-makers, undertaken by a<br />
prominent pan-European cyber security<br />
organisation, it became evident that<br />
mounting concerns surround the use of<br />
AI, with deepfakes taking centre stage.<br />
A staggering 68% of the respondents<br />
expressed apprehension regarding cybercriminals<br />
exploiting deepfake technology<br />
to breach their organisations, skilfully<br />
circumventing people's natural<br />
defences."<br />
HACKERS AND THE DARK WEB<br />
And he cautions: "Hackers now have their<br />
own AI arsenal and it goes by the name<br />
of WormGPT. Drawing from a vast corpus<br />
of human-generated text, WormGPT<br />
crafts content that is remarkably<br />
convincing, enabling it to masquerade as<br />
a trusted figure within a business email<br />
system. Unbelievably, hackers can gain<br />
access to WormGPT by subscribing<br />
through the dark web, granting them<br />
entry to a web interface where they can<br />
input prompts and receive responses that<br />
closely mimic human communication.<br />
"Primarily designed for phishing emails<br />
and business email compromise attacks,<br />
tests conducted by researchers uncovered<br />
that this chatbot possesses the ability<br />
to draft a persuasive email, seemingly<br />
from a company's top executive, coercing<br />
an employee to pay a fraudulent invoice,<br />
for example."<br />
Confronted with these ever-evolving<br />
threats, the question, he says, is this:<br />
what can HR leadership do to shield their<br />
teams from such threats?<br />
"First and foremost," he points out,<br />
"it's crucial to acknowledge that HR<br />
departments stand as prime targets<br />
for cybercriminals. These departments<br />
manage personal data and hold confidential<br />
information that is immensely<br />
valuable to malicious actors. Moreover,<br />
other parts of the organisation often<br />
take their cues from HR, making it a<br />
tempting gateway for cybercriminals<br />
to exploit their access to the broader<br />
network."<br />
The first step in fortifying your HR team<br />
against these threats is to initiate a<br />
dialogue with HR team members, he<br />
says. "Educate them on how they are<br />
being specifically targeted and empower<br />
them with the knowledge needed to<br />
thwart these scams. It's vital that this<br />
training is tailored to your organisation,<br />
taking into account the unique roles<br />
and responsibilities of your employees.<br />
"Ideally, this training should be<br />
tailored to the HR department, highlighting<br />
the unique threats to the HR<br />
team and what they can do to avoid<br />
them."<br />
VITAL TRAINING COMPONENT<br />
To make this training even more<br />
impactful, it should be delivered in the<br />
trainee's native language. "By doing so,<br />
you reduce resistance and enhance<br />
engagement, making it a vital component<br />
of their cyber security awareness.<br />
Ultimately, this personalised approach<br />
to security awareness is your best<br />
defence in safeguarding your HR<br />
department from the relentless tide of<br />
AI-driven cyber-attacks," he concludes.<br />
MetaCompliance's new departmental<br />
cyber security training series is designed<br />
to address 12 common cyber threats<br />
and specifically tailored to eight<br />
departments, including marketing,<br />
sales, finance, procurement, human<br />
resources, privileged users, legal and<br />
executive teams.<br />
To learn more about the series, visit:<br />
https://www.metacompliance.com/depa<br />
rtmental-series<br />
www.computingsecurity.co.uk @<strong>CS</strong>MagAndAwards <strong>Jan</strong>/<strong>Feb</strong> <strong>2024</strong> computing security<br />
15
cybersecurity<br />
THE TOP-LEVEL FIBRE BEHIND CYBER<br />
VIPRE SECURITY OFFERS ITS KEY POINTS FOR GETTING EXECUTIVE SUPPORT<br />
FOR CYBERSECURITY: A STRATEGIC IMPERATIVE FOR MODERN BUSINESSES<br />
In today's fast-paced digital landscape,<br />
cybersecurity has shifted from being<br />
merely an IT concern to a critical business<br />
imperative, says VIPRE Security. "While<br />
executives are increasingly aware of its<br />
importance, many chief information security<br />
officers (CISOs) struggle to secure the necessary<br />
support and understanding for a<br />
robust defence strategy." The solution to<br />
this challenge lies in effective communication,<br />
states the company.<br />
THE NEED TO TELL A COMPELLING<br />
CYBERSECURITY STORY<br />
Steve Jobs once emphasised the power of<br />
storytelling, asserting that storytellers shape<br />
the vision of generations. "CISOs must<br />
embrace this wisdom, crafting a narrative<br />
that resonates with executives who may lack<br />
technical expertise," argues VIPRE Security.<br />
"Instead of drowning them in jargon, CISOs<br />
should articulate how cybersecurity aligns<br />
with the organisation's overarching goals.<br />
By elucidating potential threats and the<br />
adversaries seeking to harm the company,<br />
a realistic picture of the current threat<br />
landscape emerges, facilitating a deeper<br />
understanding among executives."<br />
FOCUSING ON EXISTENTIAL RISKS<br />
AND REALISM IS ESSENTIAL<br />
"Rather than attempting to address all<br />
possible risks, CISOs should concentrate<br />
on existential threats - those that could<br />
potentially jeopardise the company's<br />
existence. Taking a data-driven approach,<br />
CISOs can develop a pragmatic cybersecurity<br />
strategy tailored to these high-priority<br />
risks. This focused approach ensures that<br />
resources are allocated efficiently, maximising<br />
the effectiveness of the security<br />
programme."<br />
CYBERSECURITY CARES:<br />
FRAMEWORK FOR SUCCESS<br />
"The CARE framework - Consistent,<br />
Adequate, Reasonable and Effective -<br />
provides a robust foundation for cybersecurity<br />
efforts," says VIPRE Security.<br />
"By demonstrating that proposed controls<br />
adhere to these principles, CISOs can assure<br />
executives that the cybersecurity programme<br />
is not only aligned with business objectives,<br />
but also regulatory requirements. This alignment<br />
not only safeguards the organisation,<br />
but also enhances its ability to achieve<br />
strategic goals without the hindrance of<br />
disruptive breaches or compliance fines."<br />
ROLE OF VIPRE SECURITY GROUP<br />
IN ENSURING CYBERSECURITY<br />
Implementing a layered cybersecurity<br />
approach is paramount in the current threat<br />
landscape. "VIPRE Security Group offers<br />
solutions that go beyond mere technology,<br />
acknowledging the significance of the<br />
human element," it comments. "Their<br />
SafeSend tool, when integrated with other<br />
VIPRE solutions, forms a comprehensive<br />
defence against cyber threats.<br />
"SafeSend not only enhances security and<br />
compliance, but also boosts employee<br />
productivity. By preventing accidental<br />
data leakage and ensuring the accuracy<br />
of outgoing communications, SafeSend<br />
mitigates risks associated with sensitive<br />
information mishandling. Through this tool,<br />
executives can feel secure in the knowledge<br />
that their communications are safeguarded,<br />
bolstering their confidence in the organisation's<br />
cybersecurity posture."<br />
In conclusion, advises the company, the<br />
path to securing executive support for cybersecurity<br />
lies in effective communication, a<br />
focus on existential risks and the implementation<br />
of frameworks like CARE. "By adopting<br />
these strategies and leveraging advanced<br />
solutions like SafeSend from VIPRE Security<br />
Group, businesses can navigate the digital<br />
landscape with confidence, ensuring not<br />
only their security, but also their continued<br />
success in an increasingly complex world.<br />
"Don't leave your organisation's fate to<br />
chance - invest in cybersecurity measures<br />
that empower your business to thrive<br />
securely in the digital age."<br />
16<br />
computing security <strong>Jan</strong>/<strong>Feb</strong> <strong>2024</strong> @<strong>CS</strong>MagAndAwards www.computingsecurity.co.uk
REGISTER<br />
FOR YOUR<br />
FREE TICKET<br />
WWW.CLOUDSECURITYEXPO.COM/BTC
artificial intelligence<br />
AI - WHERE NEXT?<br />
WITH EVER MORE ALARMING NEWS EMERGING ABOUT THE PERILS OF AI, HOW MIGHT THE TECHNOLOGY<br />
ADVANCE AND MUTATE FROM HERE - AND WHAT WILL THAT MEAN FOR THE SECURITY INDUSTRY?<br />
As AI technologies become ever more<br />
sophisticated, the security risks<br />
associated with their use and the<br />
potential for misuse will increase<br />
correspondingly. "Hackers and malicious<br />
actors can harness the power of AI to<br />
develop more advanced cyberattacks,<br />
bypass security measures and exploit<br />
vulnerabilities in systems," warns global<br />
media company Forbes. It's a dispiriting<br />
picture. Does it suggest that AI may<br />
gradually spiral out of control, to the<br />
point where it dictates, rather than<br />
follows? And what might that dystopian<br />
vision mean not just for our industry,<br />
but for humanity as a whole?<br />
However, as David Mahdi, CIO, Transmit<br />
Security, points out, technology is<br />
essentially "morally neutral" and can be<br />
used for good or ill. Just as AI and Large<br />
Language Models (LLMs) can be used for<br />
positive purposes, they can similarly be<br />
used with malicious intent. "It was not<br />
even one year after the release of ChatGPT<br />
that bad actors developed generative AIenabled<br />
tools, such as FraudGPT and<br />
EvilGPT," he points out. "Back in <strong>Feb</strong>ruary<br />
2023, we predicted that by <strong>2024</strong> attackers<br />
would have a Generative AI service that<br />
would include: reconnaissance information<br />
on specific companies, malicious code,<br />
software vulnerabilities, zero day vulnerabilities,<br />
compromised identities, credit<br />
cards, loyalty programme accounts,<br />
customer and employee personally identifiable<br />
information to help with social<br />
engineering attacks and more. We were<br />
right, if a few months off."<br />
The sheer scale and velocity of attacks will<br />
require organisations to start employing a<br />
holistic AI-based approach, in order to<br />
fight these new threats, Mahdi warns.<br />
"They need to go from relying on toughto-scale<br />
detection to overall automated<br />
defence strategies which empower teams -<br />
whatever size or level - to leverage AI/ML<br />
tools that enhance real-time detection, as<br />
well as offline analysis, case management,<br />
model improvement and proactive<br />
protection."<br />
ECOSYSTEMS WILL BE STREAMLINED<br />
As the industry's focus shifts towards<br />
operational agility and acceleration,<br />
companies will look to streamline their<br />
security ecosystems, limiting suppliers to<br />
a finite number of reliable and effective<br />
vendors, predicts Mike Spanbauer, field<br />
CTO at Juniper Networks. "The complexity<br />
of multi-system integrations will give way<br />
to vendors who can integrate efficiently<br />
and provide technology that just works.<br />
These vendors will be relied on to deploy<br />
secure IT systems, underpinned by artificial<br />
intelligence and machine learning [ML] that<br />
ensure fully optimised user experiences.<br />
This will be especially important as the<br />
quantifiable benefits from the use of AI<br />
related to analytics and operational<br />
playbooks develop further. These benefits<br />
will help bridge some of the heavy lifting<br />
that Security Operations Center (SOC)<br />
analysts do today. The technology will also<br />
benefit how response and mitigation<br />
capabilities translate into operational ones."<br />
At the same time, AI will continue to<br />
prove dangerous in the hands of threat<br />
actors, accelerating their ability to write<br />
and deliver effective threats. "Organisations<br />
will need to adapt how they approach<br />
defence measures and leverage new,<br />
proven methods to detect and block<br />
threats. We will see the rise of nearly realtime<br />
measures that can identify a potentially<br />
malicious file or variant of a known<br />
threat at line rate." We can also expect<br />
organisations to make larger investments<br />
in Zero Trust network security strategies,"<br />
Spanbauer continues.<br />
ACCELERATED THINKING<br />
One potential benefit to society that AI<br />
offers, states David Trossell, CEO and CTO<br />
of Bridgeworks, is the use of AI and ML in<br />
WAN Acceleration. Why is that? "Well, with<br />
increasing reliance on digital technologies,<br />
latency and packet loss could have their<br />
own field day by slowing down Wide Area<br />
Networks, such as the internet. When<br />
WANs are slow, hackers can intercept data<br />
that's often unencrypted in flight. A slow<br />
WAN can also extend the time it takes to<br />
back up and restore sensitive data that is<br />
required to maintain an organisation's<br />
service continuity.<br />
"WAN Optimisation doesn't live up to its<br />
promise. Data is sent unencrypted and is<br />
then re-encrypted at either end of the pipe.<br />
WAN Optimisation often doesn't live up to<br />
its data and network acceleration promise.<br />
AI is being used with SD-WANs and it's a<br />
great technology, but it, too, needs a boost<br />
with WAN Acceleration to increase the<br />
speed of encrypted data transfers.<br />
"Organisations must consider how they<br />
protect their data, and how they can<br />
increase their bandwidth utilisation by<br />
mitigating the effects of latency and packet<br />
loss to improve their ability to maintain<br />
service continuity and to prevent cyberattacks.<br />
WAN Acceleration can be an<br />
18<br />
computing security <strong>Jan</strong>/<strong>Feb</strong> <strong>2024</strong> @<strong>CS</strong>MagAndAwards www.computingsecurity.co.uk
artificial intelligence<br />
effective tool in the armoury of the security<br />
industry; they need to deploy AI over WANs<br />
to stop cybercriminals in their tracks. It<br />
can ensure that regulatory compliance is<br />
achieved and maintained."<br />
SCALING NEW CYBERCRIME LEVELS<br />
The UK government, for its part, has<br />
warned that AI is likely to increase the<br />
risk of cyberattacks by 2025 by allowing<br />
cybercriminals to orchestrate more<br />
effective and large-scale attacks at a faster<br />
rate, points out Charl van der Walt,<br />
head of security research at Orange<br />
Cyberdefense. "Cybercriminal activity<br />
has risen dramatically this year, which<br />
correlates with the explosion of ChatGPT<br />
and LLMs onto our collective consciousness.<br />
In fact, our data shows that the<br />
number of ransomware attacks that took<br />
place between <strong>Jan</strong>uary-September has<br />
increased by over three quarters YoY.<br />
While correlation isn't causation, there’s no<br />
doubt that AI is allowing cybercriminals to<br />
scale at a rate we have never seen before."<br />
A key trend he identifies is that LLMs<br />
and machine translation are forcing an<br />
increased 'internationalisation' of cyber<br />
extortion as a crime - allowing actors from<br />
different language groups to target and<br />
extort victims in English-speaking countries,<br />
and allowing victims in countries that don't<br />
use 'common' languages to be extorted<br />
more readily. "Think of places like China<br />
and Japan where language may have<br />
historically presented a barrier to criminals."<br />
The UK Government's focus on AI and its<br />
impact on cybercrime is therefore applaudable<br />
and, while we await regulation, he<br />
concludes, "it's vital that businesses are<br />
aware of its impact on the cybersecurity<br />
landscape and take every step possible to<br />
defend against it".<br />
"<br />
DEEP CONCERNS<br />
More than half (53%) of global IT decision<br />
makers are concerned about ChatGPT's<br />
ability to help hackers craft more believable<br />
and legitimate sounding phishing emails,<br />
says Gareth Lockwood, VP of product,<br />
Censornet. It's also much easier to create<br />
convincing deepfakes in manipulated<br />
videos and images. "Now, more than ever,<br />
bad actors can easily manipulate the<br />
power of AI to automate and advance<br />
attacks. Generative AI is helping hackers<br />
create highly persuasive content for<br />
phishing or business email compromise<br />
(BEC) attacks.<br />
"The pressing question that all cybersecurity<br />
teams need to ask, he feels, is how<br />
to adapt to these changes. "This comes at<br />
a time when security leaders are feeling<br />
overwhelmed. 35% of UK SMEs have two<br />
or fewer people in their cybersecurity team.<br />
And with this comes huge risk. One in five<br />
cybersecurity professionals are losing sleep<br />
over concerns - up from 9% on 2022,<br />
contributing to lack of concentration and<br />
inability to focus. Staffing shortfalls, coupled<br />
with the relentless pace and complexity<br />
of threats, places immense pressure on<br />
existing teams."<br />
Intelligent automation and integration<br />
are the keys to regaining control. "In the<br />
future, the evolution of AI in cybersecurity<br />
is expected to focus on predictive analytics<br />
and proactive threat mitigation. By harnessing<br />
the power of machine learning and<br />
data analysis, AI systems can anticipate<br />
potential vulnerabilities and threats before<br />
they materialise, allowing organisations to<br />
adopt a more pre-emptive security<br />
posture."<br />
HUMAN-AUTOMATION BALANCE<br />
AI is set to proliferate every aspect of the<br />
working environment, as organisations<br />
automate tasks and become more cost<br />
effective and efficient. To remain competitive,<br />
says Michelle Moody, managing<br />
director, Technology Consulting at Protiviti,<br />
"they will embark on the AI journey that<br />
will include a variety of use cases from<br />
supply chain optimisation, predictive/<br />
Charl van der Walt, Orange Cyberdefense:<br />
AI is allowing cybercriminals to scale at<br />
a rate we have never seen before.<br />
Mike Spanbauer, Juniper Networks: expect<br />
organisations to make larger investments in<br />
Zero Trust network security strategies.<br />
www.computingsecurity.co.uk @<strong>CS</strong>MagAndAwards <strong>Jan</strong>/<strong>Feb</strong> <strong>2024</strong> computing security<br />
19
artificial intelligence<br />
Gareth Lockwood, Censornet: intelligent<br />
automation and integration are the keys<br />
to regaining control.<br />
David Mahdi, Transmit Security: the sheer<br />
scale and velocity of attacks will require<br />
organisations to start employing a holistic<br />
AI-based approach.<br />
prescriptive maintenance, customer<br />
experience or organisational insights,<br />
to name a few".<br />
From a people perspective, organisations<br />
will need a well-skilled workforce that<br />
adapts to new/different job roles and<br />
constant upskilling, she adds. "Processes<br />
will be automated where possible with<br />
use of AI, However, this will need to be<br />
balanced with the human touch, as<br />
well as privacy and ethical uses of data.<br />
Technology will evolve rapidly, requiring<br />
constant upskilling across the organisation.<br />
There will be an increased demand for<br />
security skills to keep data safe and<br />
specialist resources to ensure compliance<br />
as the regulatory environment changes.<br />
New roles will be created around AI<br />
and data specialist, for example, and<br />
the demand for the right skills will outstrip<br />
the market. It will be vital for organisations<br />
to put a learning and development<br />
programme in place to upskill/reskill the<br />
workforce and instil critical-thinking skills<br />
across all areas of the organisation and at<br />
all levels."<br />
Meanwhile, the regulatory environment<br />
for AI is evolving worldwide and will<br />
continue to do so as the global market<br />
adopts the technology. "Regulation is good<br />
and will provide the guardrails needed for<br />
organisations to innovate and create public<br />
trust by holding industries to account for<br />
being ethical, unbiased, and fair, whilst<br />
honouring data protection and privacy<br />
obligations," states Moody.<br />
DATA BIAS<br />
Among the potential threats of AI usage<br />
is data bias, points out John Farley, managing<br />
director, Cyber Practice, Gallagher, in<br />
which inaccurate or incomplete information<br />
in AI systems can lead organisations<br />
to make unfair or discriminatory assumptions.<br />
"Another risk is the potential for<br />
malicious actors to launch misinformation<br />
campaigns through AI tools. Organisations<br />
should also pay attention to privacy liability<br />
risks - laws related to collecting, storing<br />
and sharing personally identifiable<br />
information could apply to AI usage.<br />
"In addition, if intellectual property<br />
becomes part of AI learning models and<br />
ultimately their generated outputs,<br />
organisations may expose themselves to<br />
copyright, trademark and patent<br />
infringement litigation. And although<br />
regulation of AI usage is in its early stages,<br />
expect increased regulatory scrutiny from a<br />
variety of global regimes. Compliance<br />
requirements may extend to those<br />
contributing to AI development and to<br />
those using it to provide goods and<br />
services."<br />
Given these risks, he advises, any organisation<br />
embracing generative AI tools should<br />
consider implementing a formal risk management<br />
plan for AI usage. "Coordination is<br />
essential across a variety of organisational<br />
stakeholder groups, such as legal, compliance,<br />
human resources, IT and communications.<br />
When conducting a risk assessment,<br />
an organisation should create<br />
an inventory of its existing AI tools and<br />
systems, and determine whether they have<br />
dependencies that may heighten risk. An<br />
organisation should be aware of the exact<br />
data its AI tools can use and whether their<br />
usage could lead to potentially harmful<br />
outcomes. A risk assessment should also<br />
address an organisation's governance<br />
programmes toward AI usage, including<br />
documented policies and procedures. In<br />
addition, organisations should be familiar<br />
with contractual liability risks, if agreements<br />
with third parties provide AI system usage."<br />
And of course, adds Gallagher, "an organisation's<br />
risk management framework for<br />
AI should address the emerging regulatory<br />
landscape and corresponding compliance<br />
requirements".<br />
For more insights and views on AI,<br />
see page 31.<br />
20<br />
computing security <strong>Jan</strong>/<strong>Feb</strong> <strong>2024</strong> @<strong>CS</strong>MagAndAwards www.computingsecurity.co.uk
zero trust<br />
NO COMPROMISE ON TRUST<br />
MACMON SECURE IS ADAMANT THAT NO DEVICE, NOR USER, SHOULD<br />
BE TRUSTED UNTIL SECURE AUTHENTICATION HAS TAKEN PLACE<br />
External network access to company<br />
resources is the new normal these days,<br />
says macmon secure. "Devices access<br />
cloud services, email applications and other<br />
potentially confidential company resources<br />
from anywhere and at any time. Separating<br />
cybersecurity efforts by technology is no<br />
longer a sustainable approach. Companies<br />
need to develop new integrated strategies<br />
that combine IT, OT and IoT security efforts<br />
and maximise the use of all the company's<br />
cybersecurity resources. Developing a<br />
comprehensive security strategy that<br />
addresses the current and emerging risks of<br />
digitalisation has never been more urgent."<br />
ZERO TRUST NETWORK ACCESS<br />
(ZTNA) - SECURITY CONCEPT FOR<br />
IT AND OT NETWORKS<br />
"The Zero Trust Network approach puts a stop<br />
to the damage of the growing number of<br />
cyberattacks and is based on the philosophy<br />
that neither a device nor a user should be<br />
trusted until secure authentication has taken<br />
place," the company adds. "The focus of<br />
ZTNA is on resources - and not on traditional<br />
perimeter security at the interface between<br />
a private or corporate network and a public<br />
network such as the internet. The 'new<br />
workers', or external service providers, access<br />
tools and company data from anywhere,<br />
using devices and apps. With ZTNA, it is<br />
possible to guarantee data security in the<br />
long term and meet modern network security<br />
requirements."<br />
OVERVIEW & CONTROL<br />
IMPROVE SECURITY<br />
ZTNA offers several advantages for<br />
companies that want to improve their<br />
network security. "ZTNA provides greater<br />
flexibility and scalability for organisations<br />
that need to adapt to changing<br />
business requirements and digital<br />
transformation. The concept of<br />
ZTNA is based on restriction and<br />
monitoring: Network Access Control<br />
(NAC) solutions only allow defined<br />
devices access to the network,<br />
regardless of whether they are<br />
iPads, laptops, medical or<br />
technical devices. IT administrators<br />
always know which<br />
devices are logged into the local<br />
network and can permanently<br />
identify and monitor them<br />
thanks to the complete<br />
network overview. Any<br />
device that has no<br />
business in the network is denied access from<br />
the outset.<br />
"With the increasing networking of<br />
production systems, which in some cases<br />
extends into the office world, the complexity<br />
and vulnerability of networks is increasing.<br />
With ZTNA, unauthorized use of systems in<br />
administration and production is therefore<br />
virtually impossible."<br />
A leading NAC solution should fulfil two<br />
requirements, states macmon secure: a<br />
complete overview of which devices are in<br />
the IT and OT network, and where they are<br />
located. "The type of device, such as clients,<br />
printers, production systems, ATMs, medical<br />
or technical devices, should not matter. This<br />
means that only authorised resources can be<br />
operated in the network. An efficient solution<br />
should also offer a simple deployment and<br />
maintenance, support of the industry<br />
standard 802.1X and seamless integration<br />
with a wide range of third-party security<br />
solutions. This significantly increases IT and<br />
OT network security."<br />
Comments Christian Bücker, pictured left,<br />
Global Product Line Software, macmon<br />
secure: "Our solution is regularly rated very<br />
positively in tests and has received several<br />
awards from international trade journals.<br />
Our clients come from public sector,<br />
healthcare, financial services, science,<br />
research, telecommunications, trade,<br />
industry, transport or logistics. The acquisition<br />
by Belden in 2022 puts us in a truly unique<br />
position, as we combine IT expertise with OT<br />
experience on many levels. We are part of<br />
Belden's Industrial Automation Solution,<br />
a global organisation headquartered in<br />
the Stuttgart region that includes leading<br />
network and connectivity brands."<br />
www.computingsecurity.co.uk @<strong>CS</strong>MagAndAwards <strong>Jan</strong>/<strong>Feb</strong> <strong>2024</strong> computing security<br />
21
phishing<br />
PHISHING FOR THE ANSWERS<br />
DOMAIN PHISHING SCAMS HAVE NOW REACHED LEVELS NEVER SEEN BEFORE.<br />
CONSTANT VIGILANCE CAN ENSURE THAT THEY DON’T PROVE SUCCESSFUL<br />
Businesses, consumers and individuals<br />
all profit from advanced technology in<br />
various aspects of their lives. However,<br />
cybercriminals also reap the benefits of innovative<br />
digital tools employing creative domain<br />
name phishing methods, points out Brian<br />
Lonergan, Identity Digital's vice president<br />
of product strategy. "This underscores the<br />
importance of domain names in cybersecurity<br />
for any business - from international corporations<br />
to local businesses. The good news is<br />
that there are ample tips and measures to<br />
ensure their safety," he states.<br />
Security must be a key factor when buying<br />
or upgrading a domain name, he adds,<br />
and working with the right domain registrar<br />
can make all the difference. Different<br />
registrars and registries will offer varying<br />
security measures, and it's important to<br />
review everything they offer to make the<br />
best decision for your organisation's specific<br />
needs. "For instance, Identity Digital includes<br />
Homographic Blocking for any Identity Digital<br />
domain to enhance protection against<br />
phishing attacks. In this type of phishing,<br />
attackers use characters similar to legitimate<br />
domain names, like replacing 'O' with '??'.<br />
They may also manipulate domain names<br />
using plurals or hyphens.<br />
"Homographic blocking technology identifies<br />
and blocks malicious domain name variants,<br />
safeguarding the brand from compromise,"<br />
comments Lonergan. "Additional practices<br />
companies should be vigilant against are<br />
domain name system [DNS] attacks, namely<br />
cache poisoning.<br />
"During a cache poisoning attack, a fraudster<br />
sends malicious DNS responses to a DNS<br />
server, which can contain false information,<br />
associating a valid domain with a malicious IP<br />
address, leaving victims vulnerable to spoofing<br />
attacks. One way to help prevent this is by<br />
working with a domain name registrar that<br />
offers Domain Name System Security Extensions<br />
[DNSSEC], which, when enabled, add<br />
cryptographic security to DNS responses."<br />
A quick and simple way to spot an attack, or<br />
the possibility of one, is by paying attention<br />
even to the tiniest variation in written communications,"<br />
he adds. "Be it an email, a text<br />
or a website's copy, all of that can indicate<br />
something malicious afoot. Any deviation in<br />
fonts, brand colour schemes or logos, website<br />
designs and, of course, grammar and spelling<br />
suggest that you might be looking at a poor<br />
imitation. Cybercriminals perpetuating phishing<br />
attacks do not put the same effort into maintaining<br />
the high calibre of branding and visual<br />
identity of the businesses they imitate."<br />
Security of one's domain name should be part<br />
of a business's overall security strategy, he says.<br />
"Luckily, we have more helpful means at our<br />
fingertips than ever before to stay ahead."<br />
Domain phishing scams have now reached<br />
unprecedented levels, says Steve Herbert, head<br />
of service delivery, Nominet. "However, these<br />
are not the phishing scams of old:<br />
cybercriminals have evolved their tactics, now<br />
meticulously crafting websites that mirror<br />
legitimate domains with alarming precision,<br />
making it increasingly challenging to<br />
distinguish between the authentic and the<br />
fraudulent."<br />
TACTI<strong>CS</strong> HAVE MOVED ON<br />
In the three months prior to December 2023,<br />
Nominet identified and blocked more than<br />
450 fake shops using .UK domains, which<br />
employed the same fake storefronts selling<br />
popular high street brands. "The threat actors<br />
got so desperate to reinstate these domains<br />
that they attempted to impersonate Nominet<br />
staff via LinkedIn," reveals Herbert. "These<br />
efforts were unsuccessful, of course, which<br />
is a great result for our staff and security<br />
procedures."<br />
22<br />
computing security <strong>Jan</strong>/<strong>Feb</strong> <strong>2024</strong> @<strong>CS</strong>MagAndAwards www.computingsecurity.co.uk
phishing<br />
Malicious actors who set up fake websites<br />
are, of course, hoping to catch users off<br />
guard. "The battle against domain phishing<br />
scams demands unwavering vigilance," he<br />
adds, "as most attacks prey on our busy<br />
lifestyles, in the hope we won't notice things<br />
are 'a little off', If something seems a little too<br />
good to be true, or the website perhaps isn't<br />
exactly how you remember it, it's always best<br />
practice to double-check the domain URL or<br />
the email address and language used in any<br />
correspondence."<br />
To be really sure, you can contact the<br />
company independently to enquire about the<br />
communication validity. Legitimate companies<br />
will generally have a website accessible from<br />
a search engine where anyone can find their<br />
details. Taking a proactive approach will stand<br />
you in good stead to pick up on anything<br />
suspicious, says Herbert.<br />
"We would recommend you visit the website<br />
of the company that any questionable email<br />
claims to be from to see if there are any<br />
announce-ments about phishing attempts.<br />
Having said that, just because there hasn't<br />
been one before doesn't mean there won't<br />
be a first!<br />
"For businesses, implementing basic levels<br />
of cyber hygiene, like technical measures of<br />
threat identification and mitigation, is a good<br />
first step, but unfortunately this often isn't<br />
enough," he continues. "For peace of mind,<br />
it's best practice to invest in a positive security<br />
culture, regular security awareness training<br />
and pen testing - these are simulated phishing<br />
attacks that will help you determine the<br />
effectiveness of staff awareness training.<br />
Deficiencies in process or employee blind<br />
spots can then be rectified."<br />
STAY VIGILANT<br />
Durali Cingit, incident response analyst<br />
at Integrity360, states that the important<br />
questions to ask when it comes to accessing<br />
a website and establishing if it is legitimate<br />
or a phishing one are: "How did I get here,<br />
directly or indirectly? Did I click on a link from<br />
an email? Did I use a search engine to get to<br />
this website? Have I been redirected to this<br />
website from a link?" These questions will help<br />
to keep you safe.<br />
"In order to distinguish the real from the<br />
fake, there are a few details to look out for on<br />
websites," he advises. "First, you want to check<br />
the URL of the website; safe and secure websites<br />
all begin with 'HTTPS://' and, depending<br />
on the browser you use, you will see a green<br />
padlock or the URL bar will be green as an<br />
indicator that this website is secure.<br />
However, threat actors have also adapted<br />
and evolved into now making their websites<br />
secure to fool users into thinking that the fake<br />
website is legit, so it's not enough to rely on<br />
this alone." Also, the 'About Us/Contact Us'<br />
page should provide a contact form or an<br />
email address, which can be a key indicator.<br />
"These pages are normally populated with<br />
different ways in which you can contact the<br />
organisation, whereas a phishing website<br />
may only contain one source of contact<br />
information."<br />
Finally, he suggests, you should ask yourself<br />
the 'How did I get here?' question. "The main<br />
tactic threat actors use to get users onto<br />
a phishing website is either through email<br />
or SMS message. Users should be alert and<br />
cautious as to who sent the email. If they<br />
were expecting an email form the sender, is<br />
the email asking them to click on a link or an<br />
attachment, which more often than not will<br />
redirect the user to a phishing website.<br />
"Same procedure with SMS text messages<br />
where users fall prey to fake text messages -<br />
eg, from the bank with a link that will ask the<br />
user to log in, in order to steal their financial<br />
login details."<br />
He also advises organisations to sign up to<br />
programmes that make it mandatory for all<br />
employees to take part in being educated on<br />
phishing and the signs to look out for.<br />
Brian Lonergan, Identity Digital: we have<br />
more helpful means at our fingertips<br />
than ever before to stay ahead.<br />
Steve Herbert, Nominet: in just three<br />
months, his company identified and blocked<br />
more than 450 fake shops using .UK<br />
domains.<br />
www.computingsecurity.co.uk @<strong>CS</strong>MagAndAwards <strong>Jan</strong>/<strong>Feb</strong> <strong>2024</strong> computing security<br />
23
ansomware<br />
WE SHALL NOT BE MOVED!<br />
SEVERAL COUNTRIES HAVE TAKEN A STAND AGAINST RANSOMWARE<br />
ATTACKS BY AGREEING NOT TO MAKE PAYMENTS TO HACKERS<br />
shoplifting. Ransomware is an epoch event<br />
in information security: CISOs who have<br />
promised to 'protect the business, if only<br />
I have enough people and budget' are just<br />
doing performance art," adds Gladwell.<br />
The US government and dozens of its<br />
international allies have pledged never<br />
to pay ransom demands, in a bid to<br />
discourage financially motivated hackers and<br />
ransomware gangs profiteering from the<br />
current onslaught of cyber-attacks.<br />
The joint pledge is aimed at enhancing<br />
international cooperation to combat the<br />
growth of ransomware. It embraces 48<br />
countries, as well as the European Union<br />
and Interpol, making it the largest cyber<br />
partnership in the world. (Anne Neuberger,<br />
the White House's deputy national security<br />
advisor for cyber and emerging technologies,<br />
recently reported that another country has<br />
joined the CRI since the meeting - bringing<br />
the total number of countries to 49.)<br />
The European Union and INTERPOL have<br />
also signed the pledge, which stops short<br />
of actually banning<br />
companies from<br />
making<br />
ransom<br />
payments, which the US government has for<br />
long warned could inadvertently create opportunities<br />
for further extortion by ransomware<br />
gangs. However, Neuberger says that the<br />
initiative will aim to "counter the illicit finance<br />
that underpins the ransomware ecosystem".<br />
Her argument is that ransom payments<br />
not only fuel future attacks, but also don't<br />
guarantee the safe return of stolen data - or<br />
that all copies have been erased. Data provided<br />
to the US government by ransomware<br />
negotiators shows that companies with good<br />
backups are able to recover "far more quickly"<br />
than companies that pay a ransom. "Paying<br />
a ransom not only encourages ongoing<br />
ransomware attacks, it also is not necessarily<br />
the fastest way to recover," she insists. "Do<br />
those backups and do the basic cybersecurity<br />
practices that we know make a difference."<br />
RAD-ICAL THINKING<br />
While the 'don't pay, won't pay' mantra serves<br />
as a laudable goal for reducing the motivation<br />
of attackers, organisations need to have<br />
resilience to withstand attacks before they<br />
are forced to take this position, states James<br />
Blake, EMEA CISO at Cohesity. "Best-selling<br />
author Malcom Gladwell nailed it in his<br />
closing keynote at Mandiant's MWise<br />
conference…when he talked about<br />
'Radical Asymmetric Distribution' (RAD):<br />
organisations are better off investing in the<br />
ability to recover quickly and withstand<br />
attacks than invest in the illusion that we<br />
can stop all attacks."<br />
CISOs have to start having adult conversations<br />
with the business and stop suggesting<br />
that "cyber risk is unlike any other risk. It needs<br />
to be brought into the realm of every other<br />
operational risk that is a cost of doing<br />
business, such as pandemics, hurricanes and<br />
"Only focusing on likelihood mitigations<br />
when you're facing the inevitable is an act of<br />
insanity - impact must be reduced and ideally<br />
resilience achieved. We starve the adversary<br />
of funds by organisations being able to<br />
withstand attacks, not by legislation. That will<br />
only criminalise the victims. Fundamentally<br />
changing the perspective on the balance of<br />
Protection/Detection to Response/Recovery is<br />
where value will really be delivered. Legislation<br />
like EU's DORA that promotes digital operational<br />
resilience will deliver far better pragmatic<br />
cyber risk management than simply locking<br />
up executives."<br />
BREACHED, BIT BY BIT<br />
Satnam Narang, senior staff research engineer,<br />
at Tenable, highlights how LockBit is breaching<br />
some of the world's largest organisations -<br />
many of whom have incredibly large security<br />
budgets.<br />
He also points to how threat researcher Kevin<br />
Beaumont found that attackers have been<br />
targeting a vulnerability in Citrix Netscaler,<br />
called CitrixBleed, after tracking attacks against<br />
various companies, including the Industrial<br />
and Commercial Bank of China (ICBC), DP<br />
World AU, Allen & Overy and Boeing.<br />
Narang believes ransomware attacks are a<br />
threat to civil society, as long as organisations<br />
keep paying. Therefore, large-scale enterprises<br />
need to be able to patch vulnerabilities like<br />
CitrixBleed quickly. "Mass exploitation of CVE-<br />
2023-4966, a critical sensitive information<br />
disclosure vulnerability in Citrix's NetScaler<br />
ADC and Gateway products, has been<br />
ongoing since October 30 [2023]. Dubbed<br />
'CitrixBleed' by researchers, at the time, there<br />
were estimates of 30,000 internet-facing<br />
assets that were vulnerable to this flaw.<br />
Recent analysis suggests that the number has<br />
24<br />
computing security <strong>Jan</strong>/<strong>Feb</strong> <strong>2024</strong> @<strong>CS</strong>MagAndAwards www.computingsecurity.co.uk
ansomware<br />
decreased to over 10,000 assets, with the<br />
majority located in the United States," he says.<br />
"With publicly available proof-of-concept<br />
exploit code, a variety of threat actors have<br />
been leveraging this flaw as part of their<br />
attacks over the last few weeks, including<br />
affiliates of the infamous LockBit ransomware<br />
group and Medusa. Ransomware groups<br />
are mostly indiscriminate in their attacks,<br />
motivated by profits over anything else.<br />
Organisations that use Netscaler ADC and<br />
Gateway products must prioritise patching<br />
these systems immediately, as the threat of<br />
exploitation is extremely high, especially by<br />
ransomware groups."<br />
SMASH-AND-GRAB ATTACKS<br />
Meanwhile, Sophos has revealed how these<br />
active adversaries are now carrying out<br />
ransomware 'fast' attacks in mere hours in its<br />
'2023 Active Adversary Report for Security<br />
Practitioners'. The Sophos X-Ops report<br />
showcases the forensics of fast smash-andgrab<br />
ransomware attacks and the precise<br />
tactics, techniques and procedures (TTPs)<br />
attackers are using to operate in this new<br />
high-speed attack mode - including preferred<br />
living-off-the-land binaries (LOLBins) and other<br />
tools and behaviours that get them close to<br />
crucial resources that they want to exploit.<br />
This evidence in the report, along with<br />
detailed explanations of how certain attacks<br />
unfold, demonstrates the need for regularly<br />
adapted security solutions to protect, detect<br />
and disrupt intrusions as fast as possible on<br />
the attack chain, states Sophos.<br />
"In the face of fast-moving adversaries who<br />
are continuously evolving their TTPs - and<br />
often blend the use of legitimate tools - to<br />
execute multi-stage attacks, cybersecurity<br />
defences need to be dynamic and foresightful,"<br />
state Raja Patel, chief product officer<br />
at Sophos. "Sophos is taking a proactive,<br />
protection-first approach to stopping threats<br />
at the front door before they escalate. We're<br />
evolving products with industry-first security<br />
capabilities that are powered by Sophos X-<br />
Ops' deep threat intelligence from more than<br />
half a million organisations globally to identify<br />
and counter threats at speed and scale."<br />
Adds John Shier, field chief technology officer<br />
at Sophos: "As attackers speed up their attack<br />
timelines, one of the best things organisations<br />
can do is increase friction whenever possible;<br />
in other words, if their systems are well maintained,<br />
attackers must do more to subvert<br />
them. That takes time and increases the<br />
detection window. Robust, layered defences<br />
create more friction, increasing the skill level<br />
the attacker needs to bring to the table. Many<br />
simply won't have what it takes and will move<br />
on to easier targets."<br />
NO SAFE PLACE<br />
In 2023, it seems ransomware was, well,<br />
everywhere. The Kyocera AVX's attack, for<br />
instance, impacted the personal data of over<br />
39,000 individuals, while the attack at China's<br />
largest bank (ICBC) resulted in the disruption<br />
of global financial services, including the US<br />
Treasury. Also prominent in the news was<br />
the State of Maine data breach, linked to a<br />
Russian ransomware gang, which was said to<br />
have affected 1.3 million residents.<br />
Little wonder, then, that Dr Ilia Kolochenko,<br />
founder of ImmuniWeb and a member of<br />
Europol Data Protection Experts Network,<br />
reflects on the growth of ransomware and<br />
why it won't slow down any time soon.<br />
"Unfortunately, the [illicit] business model of<br />
ransomware is both resilient and sustainable<br />
for perpetrators. First, there is a plethora of<br />
wealthy victims who are poorly protected<br />
and are a 'perfect victim', even for technically<br />
inexperienced criminals.<br />
"Secondly, the risk of getting caught - despite<br />
several prominent operations by law enforcement<br />
agencies in 2023 - are still infinitesimal.<br />
Moreover, many perpetrators are based in<br />
non-extraditable jurisdictions and can act with<br />
complete impunity. Thirdly, the abundance<br />
of cryptocurrencies makes money laundering<br />
very easy, allowing cybercriminals to fully<br />
James Blake, Cohesity: only focusing on<br />
likelihood mitigations when you're facing<br />
the inevitable is an act of insanity.<br />
Satnam Narang, Tenable: organisations that<br />
use Netscaler ADC and Gateway products<br />
must prioritise patching these systems<br />
immediately.<br />
www.computingsecurity.co.uk @<strong>CS</strong>MagAndAwards <strong>Jan</strong>/<strong>Feb</strong> <strong>2024</strong> computing security<br />
25
ansomware<br />
Raja Patel - Sophos: cybersecurity<br />
defences need to be dynamic and<br />
foresightful.<br />
Ilia Kolochenko, ImmuniWeb: the risk of<br />
getting caught - despite several prominent<br />
operations by law enforcement agencies in<br />
2023 - are still infinitesimal.<br />
enjoy the fruits of their crimes. In <strong>2024</strong>, we<br />
will likely see even more victims of ransomware<br />
that is gradually dethroning other - less<br />
profitable and more risky - types of cyberattacks."<br />
INVERTING THE PRINCIPLE<br />
In a bizarre twist to the principle of behaving<br />
with all due probity in this murky world, it has<br />
recently emerged that the ALPHV/BlackCat<br />
ransomware operation (widely accredited as<br />
being the first ransomware group to create<br />
a public data leaks website on the open<br />
internet) has filed a US Securities and<br />
Exchange Commission complaint against one<br />
of its alleged victims for not complying with<br />
the four-day rule to disclose a cyber-attack.<br />
Kolochenko, also adjunct professor of Cybersecurity<br />
& Cyber Law at Capitol Technology<br />
University, comments: "Misuse of the new SEC<br />
rules to make additional pressure on publicly<br />
traded companies was foreseeable. Moreover,<br />
ransomware actors will likely start filing<br />
complaints with other US and EU regulatory<br />
agencies when the victims fail to disclose a<br />
breach within the timeframe provided by law."<br />
Having said that, not all security incidents are<br />
data breaches and not all data breaches are<br />
reportable data breaches, he points out.<br />
"Therefore, regulatory agencies and<br />
authorities should carefully scrutinise such<br />
reports and probably even establish a new<br />
rule to ignore reports uncorroborated with<br />
trustworthy evidence, otherwise, exaggerated<br />
or even completely false complaints will flood<br />
their systems with noise and paralyse their<br />
work."<br />
REVISION TIME<br />
Kolochenko also suggests that victims of data<br />
breaches should urgently consider revising<br />
their digital forensics and incident response<br />
(DFIR) strategies by inviting corporate jurists<br />
and external law firms specialised in cybersecurity<br />
to participate in the creation, testing,<br />
management and continuous improvement<br />
of their DFIR plan. "Many large organisations<br />
still have only technical people managing the<br />
entire process, eventually triggering such<br />
undesirable events as criminal prosecution of<br />
CISOs and a broad spectrum of legal<br />
ramifications for the entire organisation.<br />
Transparent, well-thought-out and timely<br />
response to a data breach can save millions."<br />
ENHANCED EXTORTION<br />
Thomas Barton, who is senior IR analyst at<br />
Integrity360, addresses the very same issue:<br />
"This shows that ransomware operations are<br />
beginning to reach a maturity level where the<br />
responsible threat actors are fully aware of<br />
regulations affecting their target sector and<br />
are able to use regulatory bodies to enhance<br />
the threat of extortion. This highlights the<br />
importance of engaging experienced legal<br />
and cybersecurity profess-ionals before,<br />
during and after an incident who can assist in<br />
navigating the complex challenges that such<br />
an attack can present."<br />
Finally, and according to a new report by<br />
MIT professor Stuart Madnick, there were<br />
more ransomware attacks reported during<br />
the first nine months of 2023 than in the<br />
whole of 2022. It points to a stark increase in<br />
cyberattacks, impacting as many as 360<br />
million people up to and including August.<br />
One reason for the jump, according to<br />
Madnick, is that ransomware groups are<br />
becoming far more organised, operating<br />
as gangs and targeting organisations with<br />
critical user data, such as government and<br />
healthcare facilities.<br />
The other cause for the jump, he points out,<br />
is that cybercriminals are increasingly using<br />
secondary vendors to gain access to their main<br />
targets. "In today's interconnected world,<br />
virtually every organisation relies on a wide<br />
range of vendors and software. As a result,<br />
hackers only need to exploit vulnerabilities in<br />
third-party software or a vendor's system to<br />
gain access to the data stored by every<br />
organisation that relies on that vendor."<br />
26<br />
computing security <strong>Jan</strong>/<strong>Feb</strong> <strong>2024</strong> @<strong>CS</strong>MagAndAwards www.computingsecurity.co.uk
cloud security<br />
LIFE INSIDE THE CLOUDS<br />
TRADITIONAL CLOUD SECURITY IS FAILING THE MODERN ENTERPRISE,<br />
STATES ILLUMIO, AS IT RELEASES NEW GLOBAL RESEARCH FINDINGS<br />
New research just unveiled digs down<br />
into the current global state of cloud<br />
security, the impact of cloud breaches<br />
and "why traditional cloud security technologies<br />
fail to keep organisations secure in the<br />
cloud".<br />
The 'Cloud Security Index: Redefine Cloud<br />
Security with Zero Trust Segmentation' from<br />
Illumio is the result of a survey conducted by<br />
independent research firm Vanson Bourne. It<br />
canvassed the views of 1,600 IT and security<br />
decision makers across nine countries and<br />
found that "cloud risks are only getting<br />
worse, traditional cloud security tools are<br />
falling short and Zero Trust Segmentation<br />
(ZTS) is essential for the modern landscape",<br />
according to Illumio.<br />
Key findings in the research include:<br />
"Traditional cloud security is failing the<br />
modern enterprise: in the last year, nearly<br />
half of all data breaches (47%) originated<br />
in the cloud, and more than six in 10<br />
respondents believe cloud security is<br />
lacking and poses a severe risk to their<br />
business operations."<br />
"Cloud breaches cost organisations<br />
millions each year: The average organisation<br />
that suffered a cloud breach last<br />
year lost nearly $4.1 million, and yet 26%<br />
are operating under the assumption that<br />
breaches are not inevitable, posing<br />
serious risks to the business and its<br />
customers."<br />
"Zero Trust Segmentation is critical for<br />
cloud resilience: 97% [of those responding]<br />
believe ZTS can greatly improve their<br />
organisation's cloud security strategy,<br />
because it improves digital trust (61%),<br />
ensures business continuity (59%), and<br />
bolsters cyber resilience (61%)."<br />
According to Illumio: "As organisations take<br />
their most sensitive data to the cloud, they<br />
face increased complexity and risk. 98% of<br />
organisations store their most sensitive data<br />
in the cloud, including financial information,<br />
business intelligence and customer or employee<br />
personally identifiable information (PII). Yet<br />
over 9 in 10 are concerned that unnecessary<br />
or unauthorised connectivity between cloud<br />
services increases their likelihood of a breach."<br />
According to the research findings, the main<br />
threats to organisations' cloud security are:<br />
workloads and data overlapping traditional<br />
boundaries (43%); a lack of understanding<br />
of the division of responsibility between<br />
cloud providers and vendors (41%); social<br />
engineering attacks (36%); a lack of visibility<br />
across multi-cloud deployments (32%); and<br />
rising malware and ransomware attacks<br />
(32%).<br />
Some 93% of IT and security decision<br />
makers believe that segmentation of critical<br />
assets is a necessary step to secure cloudbased<br />
projects. Additionally, organisations<br />
with dedicated microsegmentation technology<br />
were less likely to have suffered a cloud<br />
breach in the last year (35%) than those<br />
without it (43%).<br />
"Because cloud environments are dynamic<br />
and interconnected, they're increasingly<br />
challenging for security teams to navigate<br />
with legacy solutions," comments John<br />
Kindervag, chief evangelist at Illumio -<br />
pictured right. "Organisations need modern<br />
security approaches that offer them real-time<br />
visibility and containment by default to<br />
mitigate risk and optimise opportunities<br />
afforded by the cloud. I'm optimistic that<br />
nearly every security team is prioritising<br />
improving cloud security in the months<br />
ahead and that they see solutions like ZTS as<br />
an essential piece of their Zero Trust journey."<br />
www.computingsecurity.co.uk @<strong>CS</strong>MagAndAwards <strong>Jan</strong>/<strong>Feb</strong> <strong>2024</strong> computing security<br />
27
attack… attack<br />
POINT OF IMPACT<br />
IN 2023, SOME OF THE BIGGEST CORPORATE NAMES WERE BROUGHT<br />
TO THEIR KNEES. CAN WE EXPECT ANY BETTER OUTCOME THIS YEAR?<br />
If the number and ferocity of attacks on<br />
organisations throughout 2023 is anything<br />
to go by, many more can expect a torrid<br />
time of it in <strong>2024</strong>. Some of the biggest<br />
corporate names have been brought to their<br />
knees. It seems that even unlimited resources<br />
to throw at self-protection may not be enough<br />
against opponents who now have the kinds<br />
of sophisticated weaponry that only a few<br />
years ago would have seemed to belong in<br />
a fantasy world.<br />
Now, where the slightest opportunity to<br />
launch an assault on a vulnerable target<br />
exists, the wheels spring into action. Take<br />
Russia-based ransomware group LockBit<br />
3.0's attack on Boeing. In this instance,<br />
the vulnerability that opened<br />
up the route inside the<br />
defences of the<br />
aviation giant<br />
was found<br />
within<br />
Citrix<br />
RANSOMWARE<br />
MALWARE<br />
software, known as Citrix Bleed. The hackers<br />
claimed they had obtained "a tremendous<br />
amount" of sensitive data from the aerospace<br />
giant and would dump it online, if Boeing<br />
didn't pay a ransom by November 2.<br />
Subsequently, the group removed Boeing's<br />
name from the leak site and extended the<br />
deadline to November 10. However, talks<br />
between Boeing and LockBit 3.0, if any,<br />
appear not to have been successful, as the<br />
latter published about 50GB of data allegedly<br />
stolen from Boeing's systems. It may serve as<br />
little consolation to Boeing that it is not alone<br />
- estimates suggest that LockBit may have<br />
hacked as many as 800 organisations in<br />
2023.<br />
LockBit ransomware, first seen on Russianlanguage-based<br />
cybercrime forums in <strong>Jan</strong>uary<br />
2020, has been detected all over the world,<br />
with organisations in the United States, India<br />
and Brazil among common targets, according<br />
to cybersecurity firm Trend Micro. Some of the<br />
subsequent estimates put the ransomware<br />
damage suffered by US organisations<br />
that have been hit by LockBit at as<br />
much as $90 million between 2020<br />
and mid-2023, making LockBit as<br />
one of the world's biggest hacking<br />
groups since its formation in 2020.<br />
William Hutchison, who is the<br />
former senior military officer at<br />
US Cyber Command, and CEO<br />
of SimSpace, says that the attack<br />
continues to highlight the urgent need for<br />
proactive security and continuous testing to<br />
prevent these situations. "Following a familiar<br />
pattern, they have gone after a company that<br />
deals with extremely sensitive military data,<br />
including missiles and the next iteration of<br />
Air Force One that could result in catastrophic<br />
CYBER-ATTACK<br />
consequences, should it fall into the wrong<br />
hands. Even if Boeing use backup data and<br />
resuscitate their webpages, they will be more<br />
worried about stolen data from this breach<br />
making it onto the dark web."<br />
Could the attack have been better guarded<br />
against? "This breach came via a zero-day<br />
vulnerability, which means the only way<br />
the company could have prepared was by<br />
simulating a new attack with their defence<br />
teams and helping them war game how to<br />
respond," he states. "Cybercriminals like to go<br />
quite 'low and slow' when they have gained<br />
access to a company's systems, because they<br />
do not want to be identified before they get<br />
to their target. Typically, this dwell time will<br />
last a period of days, weeks or months, and<br />
this is why it's important for organisations to<br />
train their staff, so they can recognise the<br />
signs of these intruders in the network and<br />
stop them before it becomes a critical<br />
problem."<br />
Threat actors are often underwritten or<br />
enabled by well-funded nation-states and this<br />
is why public and private organisations must<br />
continue to invest in cybersecurity, he adds.<br />
"This investment must be in people, processes<br />
and technology. Any weakness in one is a<br />
weakness in all. 85% of breaches are related<br />
to human error. It is an exponential problem<br />
now, because it drives crime, as there are too<br />
many people paying, allowing hackers to<br />
make a quick buck."<br />
REACTIVE, NOT PROACTIVE<br />
Meanwhile, Vanta has recently released its<br />
annual 'State of Trust' Report, an in-depth<br />
analysis uncovering global trends in security,<br />
compliance and the future of trust, in which<br />
nearly two-thirds of UK businesses (66%) say<br />
that they need to improve their security and<br />
28<br />
computing security <strong>Jan</strong>/<strong>Feb</strong> <strong>2024</strong> @<strong>CS</strong>MagAndAwards www.computingsecurity.co.uk
attack… attack<br />
compliance measures, with only one in four<br />
(25%) rating their organisation's security<br />
and compliance strategy as reactive.<br />
For companies of all sizes, limited risk<br />
visibility and resource constraints make it<br />
challenging to improve their security. Fewer<br />
than half (42%) of UK organisations rate their<br />
risk visibility as strong. Equally concerning is<br />
that 21% have downsized IT staff and 62%<br />
have either already reduced IT budgets or are<br />
planning to do so, as they continue grappling<br />
with the on-going and challenging global<br />
economic environment.<br />
"Business and IT leaders alike know that they<br />
need to improve their organisations' security<br />
and compliance, especially because it<br />
supports landing customers and improves<br />
reputation - which is a clear theme in our<br />
State of Trust report, " says Paulo Rodriguez,<br />
head of international at Vanta. "Yet they have<br />
blind spots getting in their way. Just as clearly,<br />
there is an appetite for automation and AI to<br />
help combat the pressures of improving and<br />
demonstrating security; ultimately making<br />
compliance a strategic imperative, rather than<br />
a nice to have."<br />
KEY TRENDS HIGHLIGHTED<br />
Another recent release is Gatewatcher's 'Cyber<br />
Threat Semester' Report, which explores cyber<br />
threat trends between <strong>Jan</strong>uary-June 2023, as<br />
seen by Gatewatcher CTI, the cybersecurity<br />
software vendor's Threat Intelligence platform<br />
and the active intelligence of its Purple Team<br />
analysts.<br />
The report is based around five key trends:<br />
Identifying the malware most frequently used<br />
by cyber attackers<br />
Exposing the file types used<br />
Revealing new threat actors<br />
Alerting the main sectors targeted<br />
Regions and sectors most affected<br />
by ID leaks.<br />
"In this third report, we have taken a close<br />
look at ID leaks, as they remain an extremely<br />
simple and effective means of intrusion,"<br />
explains François Normand, who is head of<br />
cyber threat intelligence at Gatewatcher.<br />
"The risks associated with identification being<br />
based on just a log in and password are<br />
well documented and we encourage the<br />
development of passwordless alternatives<br />
as part of an 'Identity Intelligence' strategy,<br />
to combat the risks of this attack surface<br />
being exploited.<br />
He adds: "More generally, this report serves<br />
as a reminder, if one were really needed,<br />
that monitoring trends in new threats and<br />
ensuring they are visible are the most effective<br />
methods for reducing cyber risks and mitigating<br />
the impact of security incidents."<br />
SEISMIC EVENT<br />
At its annual Trust Summit conference,<br />
DigiCert released the results of a global study<br />
exploring how organisations are addressing<br />
the post-quantum computing threat and<br />
preparing for a safe post-quantum computing<br />
future. Prominent findings reveal that,<br />
while IT leaders are concerned about their<br />
ability to prepare in the timeframes needed,<br />
they are hampered by many obstacles, which<br />
include lack of clear ownership, budget and<br />
executive support.<br />
Quantum computing harnesses the laws<br />
of quantum mechanics to solve problems<br />
too complex for classical computers. With<br />
quantum computing, however, cracking<br />
encryption becomes much easier, which<br />
poses an enormous threat to data and user<br />
security. "PQC [post quantum cryptography]<br />
is a seismic event in cryptography that will<br />
require IT leaders to begin preparation now,"<br />
says Amit Sinha, CEO of DigiCert. "Forwardthinking<br />
organisations that have invested<br />
in crypto agility will be better positioned<br />
to manage the transition to quantum-safe<br />
algorithms when the final standards are<br />
released in <strong>2024</strong>."<br />
Ponemon Institute surveyed 1,426 IT and IT<br />
security practitioners in the United States<br />
William Hutchison, SimSpace: data stolen<br />
from Boeing, including missiles and the<br />
next iteration of Air Force One, could<br />
result in catastrophic consequences, if<br />
it falls into the wrong hands.<br />
Paulo Rodriguez, Vanta: organisations want<br />
to improve their security and compliance, yet<br />
they have blind spots getting in their way.<br />
www.computingsecurity.co.uk @<strong>CS</strong>MagAndAwards <strong>Jan</strong>/<strong>Feb</strong> <strong>2024</strong> computing security<br />
29
attack… attack<br />
Amit Sinha, DigiCert: post quantum<br />
cryptography (PQC) is a seismic event<br />
that will require IT leaders to begin<br />
preparation now.<br />
François Normand, head of cyber threat<br />
intelligence at Gatewatcher: passwordless<br />
alternatives should be developed as part<br />
of an 'Identity Intelligence' strategy.<br />
(605), EMEA (428) and Asia-Pacific (393) that<br />
are knowledgeable about their organisations'<br />
approach to PQC. Key findings from the<br />
study, sponsored by DigiCert, include:<br />
61% of respondents say their<br />
organisations are not and will not<br />
be prepared to address the security<br />
implications of PQC<br />
Almost half of respondents (49%) say<br />
their organisations' leadership is only<br />
somewhat aware (26%) or not aware<br />
(23%) about the security implications<br />
of quantum computing<br />
Only 30% of respondents say their<br />
organisations are allocating budget<br />
for PQC readiness<br />
525 of those surveyed say their<br />
organisations are currently taking an<br />
inventory of the types of cryptography<br />
keys used and their characteristics.<br />
FALSE DELIVERY<br />
Equally concerning is a complex new attack<br />
tactic that combines credible phone and<br />
email communications, in an attempt to take<br />
control of corporate networks and exfiltrate<br />
data. During an investigation at a Swiss<br />
company, Sophos X-Ops discovered that the<br />
attack had begun with a telephone call that<br />
may have seemed harmless. The targeted<br />
employee was contacted directly by a man<br />
who told the employee he had an urgent<br />
delivery to make to one of the company's<br />
sites and asked if the employee would accept<br />
the delivery. To validate the new delivery -<br />
allegedly for security reasons - the employee<br />
had to read out a code sent by email during<br />
the call.<br />
The email, which was reported to have been<br />
written in perfect French, contained no text<br />
in the body of the message and featured<br />
only a static image that appeared to be a<br />
PDF attachment. Directed by the scammer<br />
on the phone, the employee clicked on the<br />
image, which then led to the malware being<br />
downloaded. After verbally prompting the<br />
employee to open the file, the attackers<br />
began taking over the network.<br />
"This attack was highly, highly targeted,"<br />
says Andrew Brandt, principal researcher at<br />
Sophos. "There was only one person in the<br />
office that Friday and the attackers likely<br />
knew who it was. The use of an image<br />
masquerading as an email is also something<br />
we haven't seen before. However, it's smart.<br />
Attaching an actual PDF often triggers alarm<br />
on systems, since they are so frequently used<br />
to deliver malware, and emails with PDFs<br />
often end up in spam filters."<br />
NASTIEST MALWARE NAMED<br />
Finally, OpenText has announced the Nastiest<br />
Malware of 2023, an annual ranking of the<br />
year's biggest malware threats. For six<br />
consecutive years, OpenText Cybersecurity<br />
threat intelligence experts have analysed the<br />
threat landscape to determine the most<br />
notorious malware trends. Ransomware<br />
has been rapidly ascending the ranks, with<br />
ransomware-as-a-service (RaaS) now the<br />
weapon of choice for cybercriminals.<br />
This year, four new ransomware gangs,<br />
believed to be the next generation of previous<br />
big players, topped the list. Newcomer Cl0p<br />
took the prize for 2023's nastiest malware<br />
after commanding exorbitant ransom<br />
demands with its MOVEit campaign. Cl0p's<br />
efforts helped skyrocket the average ransom<br />
payment, which is rapidly approaching three<br />
quarters of a million dollars, according to<br />
OpenText. Black Cat, Akira, Royal and Black<br />
Basta also made their debuts, joined by the<br />
always-present Lockbit.<br />
"A key finding this year is the RaaS business<br />
model is another win for the bad guys," says<br />
Muhi Majzoub, EVP and chief product officer,<br />
OpenText. "Profit sharing and risk mitigation<br />
are top contributors to RaaS success, along<br />
with the ability to easily evade authorities.<br />
There is a silver lining, as research shows<br />
only 29% of businesses pay ransom, an alltime<br />
low. These numbers indicate people are<br />
taking threats seriously and investing in security<br />
to be in a position where they do not need<br />
to pay ransom," he concludes.<br />
30<br />
computing security <strong>Jan</strong>/<strong>Feb</strong> <strong>2024</strong> @<strong>CS</strong>MagAndAwards www.computingsecurity.co.uk
artificial intelligence<br />
WHY AI IS ON ALL OUR MINDS<br />
WE OFFER MORE REFLECTIONS ON ARTIFICIAL INTELLIGENCE,<br />
FOLLOWING ON FROM OUR MAIN FEATURE ON PAGE 18<br />
Tom McVey, the senior solutions<br />
architect EMEA at Menlo Security,<br />
believes that AI can be used in a<br />
multitude of ways to detect and mitigate<br />
threats, including "some that we haven't<br />
even conceived yet, as it's still early days.<br />
If we use the example of detecting<br />
malicious websites, a product that<br />
verifies whether any page was human or<br />
AI will be very powerful. Without this,<br />
the internet may become a bit like<br />
the Wild West - similar to its early days.<br />
Using AI to homologate and structure it<br />
again will help us to defend against the<br />
types of threats that leverage language<br />
models".<br />
He also points to how Security Incident<br />
and Event Management (SIEM) software<br />
is used by security analysts to determine<br />
how a breach took place by collecting<br />
logs, messages and events from every<br />
piece of technology within an organisation.<br />
"That's a huge wealth of data<br />
and an incident response team member<br />
only has traditional filtering tools to<br />
sort through it - ie, by user name or<br />
category. Once they have filtered down<br />
the events that they think are relevant,<br />
they've ultimately got to start making<br />
human judgement calls on how an<br />
attacker got in. It's a case of slowly<br />
drilling down like a detective.<br />
"Whilst I don't think that there is any<br />
way that AI in its current state could<br />
replace this function entirely," states<br />
McVey, "it can certainly be used to<br />
augment it in a certain way. In theory,<br />
the incident response team could give<br />
the huge amount of log data to an AI<br />
language model and, as long as it was<br />
trained with incident response in mind,<br />
it should be able to correlate that data<br />
and draw out the things that are<br />
noteworthy. At the very least, the incident<br />
response team member could compare<br />
this to what their filtering came up with.<br />
It must be said, however, that AI is not<br />
always more correct than a human, but<br />
it's a cheap and quick way to get a<br />
second opinion. which may correlate<br />
with what the team member believes<br />
is correct."<br />
THREATS AT LARGE<br />
According to Brad Freeman, director<br />
of technology at SenseOn, the biggest<br />
risk from AI in <strong>2024</strong> is how LLMs (Large<br />
Language Models) will allow highly<br />
specific and tailored phishing messages.<br />
"These messages will be sent both via<br />
traditional email, instant message and<br />
social networking, but increasingly via<br />
real-time communications such as voice<br />
and potentially via video. This will bring<br />
a new edge to social engineering and is<br />
likely to convince even the most vigilant<br />
targets. The stakes are high, as many<br />
whaling attacks generate millions of<br />
dollars from stolen corporate funds.<br />
"It makes sense that criminal groups<br />
will invest their time to ensure the next<br />
generation of attacks will be as convincing<br />
as possible" he points out. "Many of<br />
us would be persuaded, if we got a phone<br />
call which sounded like somebody we<br />
knew. Even if they were making an<br />
unusual request, these types of<br />
communications will be received by<br />
many accounts departments in <strong>2024</strong>,<br />
requesting or amending payments."<br />
Tom McVey, Menlo Security: AI can be<br />
used in a multitude of ways to detect<br />
and mitigate threats.<br />
Brad Freeman, SenseOn: biggest risk from<br />
AI is how Large Language Models will<br />
allow highly specific and tailored phishing<br />
messages.<br />
www.computingsecurity.co.uk @<strong>CS</strong>MagAndAwards <strong>Jan</strong>/<strong>Feb</strong> <strong>2024</strong> computing security<br />
31
cybercrime<br />
STAYING ABOVE THE WATER LINE<br />
STEALERS, LOADERS, ZERO-DAY EXPLOITS, RANSOMWARE, BRUTE FORCE ATTACKS - THE LIST<br />
OF VULNERABILITIES IS OVERWHELMING. HOW CAN ORGANISATIONS EVER HOPE TO COPE?<br />
Lindy Cameron, N<strong>CS</strong>C: attacks can hit<br />
finances, compromise customer data,<br />
disrupt operational delivery, erode trust<br />
and damage reputations.<br />
As the ransomware threat has evolved,<br />
victims now have the constant worry<br />
of their sensitive data being exposed<br />
to the world and with it face the risks of<br />
reputational damage. "There will also be<br />
additional considerations of the impact of<br />
enforcement by a data protection authority<br />
[such as the Information Commissioner's<br />
Office in the UK] for not sufficiently protecting<br />
customer data," adds the National Cyber<br />
Security Centre (N<strong>CS</strong>C), as it releases its 2023<br />
white paper addressing the impact that<br />
cybercrime is now having on organisations<br />
of all sizes, in all sectors, across all disciplines.<br />
"More recently, some groups conduct data<br />
theft and extortion only, without deploying<br />
ransomware. Accordingly, cybercriminals will<br />
now use whichever approach they believe<br />
most likely to yield payment, deploying<br />
ransomware attacks to disrupt logistics<br />
companies that need the data to function,<br />
but favouring extortion-only attacks against<br />
healthcare services (where patient privacy<br />
is paramount). And while some criminal<br />
groups purport to follow a 'moral code'<br />
and avoid attacks against critical national<br />
infrastructure (CNI) and healthcare services,<br />
"the reality of complex modern supply chains<br />
means criminals cannot know if their attack<br />
will impact such services," points out the<br />
report, 'State of Cybersecurity Automation<br />
Adoption.'<br />
Lindy Cameron, CEO and head of the N<strong>CS</strong>C,<br />
says that, as IT systems are now ubiquitous,<br />
ransomware attacks can be truly devastating<br />
for victims and their customers, which is why<br />
it remains the most acute cyber threat for<br />
most UK businesses and organisations.<br />
"Attacks can affect every aspect of an<br />
organisation's operation, hitting finances,<br />
compromising customer data, disrupting<br />
operational delivery, eroding trust and<br />
damaging reputations. The impact will be felt<br />
in the short and long term, particularly when<br />
organisations are unprepared. Recovery is<br />
often lengthy and costly."<br />
OPPORTUNISTIC ATTACKS<br />
The majority of the initial accesses to victims<br />
are gained opportunistically, it seems, and are<br />
not targeted against a particular organisation<br />
or business sector, states the N<strong>CS</strong>C research.<br />
"Cybercriminals are primarily concerned with<br />
financial benefit and, while occasionally<br />
a group will specifically target sectors they<br />
have had previous success with [such as Vice<br />
Society and the education sector], the<br />
majority do not. Headlines such as 'company<br />
X targeted in a ransomware attack' do not<br />
reflect the reality. Most criminals take the<br />
opportunities presented to them, either<br />
through buying accesses that they deem<br />
likely profitable, or by scanning for a<br />
vulnerability in a product likely used in<br />
enterprise networks.<br />
32<br />
computing security <strong>Jan</strong>/<strong>Feb</strong> <strong>2024</strong> @<strong>CS</strong>MagAndAwards www.computingsecurity.co.uk
cybercrime<br />
"Moreover, most ransomware incidents are<br />
not due to sophisticated attack techniques,<br />
but usually the result of poor cyber hygiene.<br />
"That's not to say that victims did not take<br />
cyber security seriously; modern IT estates<br />
are exceptionally complex, particularly for<br />
organisations that have undergone acquisitions<br />
and mergers, and security controls<br />
can be difficult to implement effectively<br />
across complex environments. Poor cyber<br />
hygiene can include unpatched devices, poor<br />
password protection or lack of multi-factor<br />
authentication (MFA)."<br />
Remedying these are not "silver bullets", but<br />
implementing such measures would interrupt<br />
the majority of ransomware attacks. MFA, in<br />
particular, is often not in place, which enables<br />
many ransomware attacks to be successful.<br />
"Criminal use of exploits often surges shortly<br />
after certain critical patches are released,<br />
indicating they are being reverse-engineered<br />
from the patches. In most cases, an exploit is<br />
widely available in the criminal forums in less<br />
than one week from the patch being<br />
released."<br />
ZERO-DAY TACTI<strong>CS</strong><br />
As for zero-day exploits, cybercriminals don't<br />
need to develop their own zero-day exploits,<br />
as doing so is expensive and there are many<br />
devices 'in the wild' that are not patched<br />
regularly. "However, some actors have been<br />
known to use zero-day exploits, most notably<br />
there are public reports of Cl0p's use of<br />
the Accellion, GoAnywhere and MOVEit<br />
vulnerabilities." This would account for the<br />
large spike in Cl0p victims in 2023, says<br />
N<strong>CS</strong>C. "Actors conducting ransomware will<br />
buy exploit code from other criminals or<br />
modify exploit code from GitHub."<br />
The N<strong>CS</strong>C strongly recommends creating a<br />
vulnerability management plan that prioritises<br />
vulnerabilities accessible from the internet.<br />
The list of exploits being used changes<br />
rapidly, based on the availability of vulnerable<br />
systems and the introduction of new exploits<br />
to the market, so it is not enough to just<br />
patch those known to be currently in use.<br />
Poor password practice is another common<br />
access vector for enabling ransomware.<br />
"In the same way actors can scan for known<br />
vulnerable devices, it is equally straightforward<br />
to scan for a device type and test<br />
common passwords in brute force attacks.<br />
In some cases, default passwords [that are<br />
widely known and shared] have not been<br />
changed. Tools like Crowbar, Hydra and<br />
NLBrute, specifically designed for conducting<br />
brute force attacks, make it easy for malicious<br />
actors [who can also use the same approach<br />
with certain network perimeter devices and<br />
common services such as RDP or SSH] to<br />
gain access."<br />
STEALERS AND LOADERS<br />
'Stealers' are a type of malware available<br />
on criminal forums that are used to harvest<br />
a variety of useful information (including<br />
credentials), which other criminals can use in<br />
fraud and/or ransomware attacks. In some<br />
cases, versions of the stealers have been<br />
leaked onto GitHub, making them widely<br />
available for anyone to use. Prices range<br />
from hundreds to thousands of US dollars<br />
per month. Common features of stealers are:<br />
Stealing passwords stored<br />
in web browsers<br />
Stealing cookies, browser version<br />
and other configuration details<br />
Stealing form entry data<br />
from web browsers<br />
Stealing stored credit card details<br />
Taking screenshots<br />
Capturing antivirus details<br />
Logging keyboard presses from users.<br />
This malware can evade detection by<br />
antivirus software, due to the availability<br />
of criminal services that specialise in 'crypting'<br />
or modifying malware to ensure it's not<br />
detected. It should be noted that, although<br />
the credential-stealing malware described<br />
above is used to access passwords stored in<br />
web browsers, the N<strong>CS</strong>C's advice for general<br />
members of the public remains to store<br />
credentials in web browsers. "This prevents<br />
the majority of users from using easily<br />
guessed passwords [or re-using the same<br />
passwords across multiple accounts], both<br />
of which put people at risk following largescale<br />
data leaks when online services are<br />
compromised."<br />
'Loaders' are another type of malware used<br />
to gather basic system information, which is<br />
then used to deploy other malware. Loaders<br />
can be used to determine if a system is viable<br />
for ransomware before deploying more<br />
capable malware - and spending the time<br />
necessary to take over the whole network.<br />
"The shifts in the ecosystem around<br />
ransomware and extortion demonstrate how<br />
cyber criminals will adopt whichever technology<br />
[or business model] allows them to best<br />
exploit their victims. This means the threat<br />
will continue to adapt and evolve as threat<br />
actors seek to maximise profits. While on the<br />
surface an attack can be attributed to a piece<br />
of ransomware [such as Lockbit], the reality<br />
is more nuanced, with a number of cybercriminal<br />
actors involved throughout the<br />
process.<br />
"Tackling individual ransomware variants -<br />
something which the N<strong>CS</strong>C and NCA<br />
(National Crime Agency) are frequently<br />
challenged on - is akin to treating the<br />
symptoms of an illness and is of limited use,<br />
unless the underlying disease is addressed.<br />
Taking a more holistic view by understanding<br />
the elements of the wider ecosystem allows<br />
us to better target the threat actors further<br />
upstream, in addition to playing 'whack-amole'<br />
with the ransomware groups."<br />
UNRELENTING PRESSURE<br />
Threat Quotient's 2023 'State of Cybersecurity<br />
Automation Adoption' report, which explores<br />
cybersecurity automation adoption amongst<br />
senior cybersecurity professionals, says that<br />
the pressure on cybersecurity teams shows<br />
no signs of abating. "While the global health<br />
www.computingsecurity.co.uk @<strong>CS</strong>MagAndAwards <strong>Jan</strong>/<strong>Feb</strong> <strong>2024</strong> computing security<br />
33
cybercrime<br />
crisis is behind us, the past 18 months<br />
have brought a worldwide economic<br />
uncertainty and geopolitical tension at<br />
a level not seen for decades," says Threat<br />
Quotient. "The resulting energy crisis,<br />
supply chain impacts and effects on<br />
employment are sending shockwaves<br />
throughout the physical and digital<br />
world, and, wherever there is disruption,<br />
cybercriminals and nation-state actors<br />
are always on hand to capitalise on the<br />
situation.<br />
"Right now, they are leveraging<br />
new tools, such as automation and<br />
generative artificial intelligence [AI], to<br />
make attacks more sophisticated and<br />
deceptive. As the volume and variety of<br />
cyber threats increase exponentially, and<br />
skilled cybersecurity workers remain in<br />
short supply, senior cybersecurity leaders<br />
face a relentless resource challenge:<br />
how to protect the organisation in<br />
an environment where budgets and<br />
personnel are under pressure."<br />
Over the three years that it has undertaken<br />
this survey, Threat Quotient has tracked the<br />
adoption of cybersecurity automation as a<br />
solution to this problem. "Our 2023 State<br />
of Cybersecurity Automation Adoption<br />
research finds that organisations are leaning<br />
on automation to handle a growing percentage<br />
of cybersecurity use cases, with the goal<br />
of increasing efficiency, responding to regulation<br />
and compliance requirements and<br />
increasing productivity. Overall, they consider<br />
automation to be important in their organisation<br />
and they are continuing to commit<br />
budget to automation programmes - even<br />
though they are having to cut back in other<br />
areas to do so.<br />
"However, our study also shows that the<br />
problems highlighted in previous years remain<br />
- in fact, they have grown. Every respondent<br />
said they had experienced difficulties of some<br />
kind when implementing cybersecurity automation.<br />
These range from a lack of trust in<br />
the outcomes of automated processes, slow<br />
adoption by users, bad decisions resulting<br />
from automation and a lack of skill among<br />
users."<br />
The company points to the progress that has<br />
been made over the past year. "Organisations<br />
have been actively using automation to<br />
streamline routine tasks and improve their<br />
cybersecurity posture." However, even with<br />
this progress, significant challenges remain,<br />
it adds. "Complex technological landscapes,<br />
skill shortages and difficulties in securing<br />
management support remain as roadblocks."<br />
Threat Quotient offers several actionable<br />
recommendations, tailored for security<br />
professionals responsible for automation<br />
efforts, to help them enhance the effectiveness<br />
and efficiency of their cybersecurity<br />
automation initiatives:<br />
1. Invest in Smart Tools and Flexibility for<br />
Wellbeing: To improve threat intelligence<br />
analyst wellbeing and employee retention,<br />
invest in smarter tools that simplify work<br />
processes. Smart tools equipped with AI<br />
capabilities empower analysts to make<br />
faster and more accurate decisions<br />
2. Choose Proven Use Cases for<br />
Automation: Select cybersecurity<br />
automation use cases that have<br />
demonstrated value by saving time and<br />
improving security procedures. Popular<br />
choices, such as threat intelligence<br />
management, incident response,<br />
phishing analysis and vulnerability<br />
management, offer tangible benefits in<br />
terms of efficiency and effectiveness<br />
3. Integrate Data Sources for Contextual<br />
Insights: Emphasise the importance of<br />
integration with multiple data sources<br />
when selecting cybersecurity automation<br />
solutions. This integration<br />
enhances context for decision-making,<br />
enabling automation to focus on<br />
relevant and high-priority events<br />
4. Address Implementation Challenges<br />
through Training: Recognise that implementing<br />
cybersecurity automation is not<br />
without challenges. Combat issues like<br />
"lack of trust in outcomes" and "slow user<br />
adoption" by investing in comprehensive<br />
training programmes<br />
5. Align Automation Metrics with<br />
Organisational Goals: Secure management<br />
support for automation initiatives by defining<br />
clear metrics for success and aligning them<br />
with organisational goals. Balance quantitative<br />
metrics - improved efficiency and<br />
resource management - with qualitative<br />
factors, like employee satisfaction and<br />
retention.<br />
By following these recommendations,<br />
concludes Threat Quotient, "organisations can<br />
navigate the complexities of cybersecurity<br />
automation adoption, harness its potential<br />
benefits, and effectively address challenges<br />
to enhance overall security posture and<br />
operational efficiency".<br />
34<br />
computing security <strong>Jan</strong>/<strong>Feb</strong> <strong>2024</strong> @<strong>CS</strong>MagAndAwards www.computingsecurity.co.uk
SAVE THE DATE<br />
RDS, Dublin: 22-23 Nov 2023<br />
Infrastructure • Services • Solutions<br />
DataCentres Ireland combines a dedicated exhibition and<br />
multi-streamed conference to address every aspect of planning,<br />
designing and operating your Datacentre, Server/Comms room and<br />
Digital storage solution – Whether internally, outsourced or in the Cloud.<br />
DataCentres Ireland is the largest and most complete event in the country.<br />
It is where you will meet the key decision makers as well as those directly<br />
involved in the day to day operations.<br />
EVENT HIGHLIGHTS INCLUDE:<br />
Multi Stream Conference<br />
25 Hours of Conference Content<br />
International & Local Experts<br />
60+ Speakers & Panellists<br />
100+ Exhibitors<br />
Networking Reception<br />
Entry to ALL aspects of<br />
DataCentres Ireland is FREE<br />
• Market Overview<br />
• Power Sessions<br />
• Connectivity<br />
• Regional Developments<br />
• Open Compute Project<br />
• Heat Networks and the Data Centre<br />
• Renewable Energy<br />
• Standby Generation<br />
• Updating Legacy Data Centres<br />
Meet your market<br />
Lead Conference Sponsor Platinum Sponsor Lanyard Sponsor<br />
Session Sponsors<br />
For the latest information & to register online visit<br />
www.datacentres-ireland.com
Computing<br />
Security<br />
Secure systems, secure data, secure people, secure business<br />
e-newsletter<br />
Are you receiving the Computing Security<br />
monthly e-newsletter?<br />
Computing Security always aims to help its readers as much as possible to do<br />
their increasingly demanding jobs. With this in mind, we've now launched a<br />
Computing Security e-newsletter which is produced every month and is available<br />
free of charge. This will enable us to provide you with more content, more<br />
frequently than ever before.<br />
If you are not already receiving this please send your request to<br />
christina.willis@btc.co.uk and advise her of the best email address for the<br />
newsletter to be sent to.