CS Jan-Feb 2024

More documents

Recommendations

Info

attack… attack Amit Sinha, DigiCert: post quantum cryptography (PQC) is a seismic event that will require IT leaders to begin preparation now. François Normand, head of cyber threat intelligence at Gatewatcher: passwordless alternatives should be developed as part of an 'Identity Intelligence' strategy. (605), EMEA (428) and Asia-Pacific (393) that are knowledgeable about their organisations' approach to PQC. Key findings from the study, sponsored by DigiCert, include: 61% of respondents say their organisations are not and will not be prepared to address the security implications of PQC Almost half of respondents (49%) say their organisations' leadership is only somewhat aware (26%) or not aware (23%) about the security implications of quantum computing Only 30% of respondents say their organisations are allocating budget for PQC readiness 525 of those surveyed say their organisations are currently taking an inventory of the types of cryptography keys used and their characteristics. FALSE DELIVERY Equally concerning is a complex new attack tactic that combines credible phone and email communications, in an attempt to take control of corporate networks and exfiltrate data. During an investigation at a Swiss company, Sophos X-Ops discovered that the attack had begun with a telephone call that may have seemed harmless. The targeted employee was contacted directly by a man who told the employee he had an urgent delivery to make to one of the company's sites and asked if the employee would accept the delivery. To validate the new delivery - allegedly for security reasons - the employee had to read out a code sent by email during the call. The email, which was reported to have been written in perfect French, contained no text in the body of the message and featured only a static image that appeared to be a PDF attachment. Directed by the scammer on the phone, the employee clicked on the image, which then led to the malware being downloaded. After verbally prompting the employee to open the file, the attackers began taking over the network. "This attack was highly, highly targeted," says Andrew Brandt, principal researcher at Sophos. "There was only one person in the office that Friday and the attackers likely knew who it was. The use of an image masquerading as an email is also something we haven't seen before. However, it's smart. Attaching an actual PDF often triggers alarm on systems, since they are so frequently used to deliver malware, and emails with PDFs often end up in spam filters." NASTIEST MALWARE NAMED Finally, OpenText has announced the Nastiest Malware of 2023, an annual ranking of the year's biggest malware threats. For six consecutive years, OpenText Cybersecurity threat intelligence experts have analysed the threat landscape to determine the most notorious malware trends. Ransomware has been rapidly ascending the ranks, with ransomware-as-a-service (RaaS) now the weapon of choice for cybercriminals. This year, four new ransomware gangs, believed to be the next generation of previous big players, topped the list. Newcomer Cl0p took the prize for 2023's nastiest malware after commanding exorbitant ransom demands with its MOVEit campaign. Cl0p's efforts helped skyrocket the average ransom payment, which is rapidly approaching three quarters of a million dollars, according to OpenText. Black Cat, Akira, Royal and Black Basta also made their debuts, joined by the always-present Lockbit. "A key finding this year is the RaaS business model is another win for the bad guys," says Muhi Majzoub, EVP and chief product officer, OpenText. "Profit sharing and risk mitigation are top contributors to RaaS success, along with the ability to easily evade authorities. There is a silver lining, as research shows only 29% of businesses pay ransom, an alltime low. These numbers indicate people are taking threats seriously and investing in security to be in a position where they do not need to pay ransom," he concludes. 30 computing security Jan/Feb 2024 @CSMagAndAwards www.computingsecurity.co.uk
artificial intelligence WHY AI IS ON ALL OUR MINDS WE OFFER MORE REFLECTIONS ON ARTIFICIAL INTELLIGENCE, FOLLOWING ON FROM OUR MAIN FEATURE ON PAGE 18 Tom McVey, the senior solutions architect EMEA at Menlo Security, believes that AI can be used in a multitude of ways to detect and mitigate threats, including "some that we haven't even conceived yet, as it's still early days. If we use the example of detecting malicious websites, a product that verifies whether any page was human or AI will be very powerful. Without this, the internet may become a bit like the Wild West - similar to its early days. Using AI to homologate and structure it again will help us to defend against the types of threats that leverage language models". He also points to how Security Incident and Event Management (SIEM) software is used by security analysts to determine how a breach took place by collecting logs, messages and events from every piece of technology within an organisation. "That's a huge wealth of data and an incident response team member only has traditional filtering tools to sort through it - ie, by user name or category. Once they have filtered down the events that they think are relevant, they've ultimately got to start making human judgement calls on how an attacker got in. It's a case of slowly drilling down like a detective. "Whilst I don't think that there is any way that AI in its current state could replace this function entirely," states McVey, "it can certainly be used to augment it in a certain way. In theory, the incident response team could give the huge amount of log data to an AI language model and, as long as it was trained with incident response in mind, it should be able to correlate that data and draw out the things that are noteworthy. At the very least, the incident response team member could compare this to what their filtering came up with. It must be said, however, that AI is not always more correct than a human, but it's a cheap and quick way to get a second opinion. which may correlate with what the team member believes is correct." THREATS AT LARGE According to Brad Freeman, director of technology at SenseOn, the biggest risk from AI in 2024 is how LLMs (Large Language Models) will allow highly specific and tailored phishing messages. "These messages will be sent both via traditional email, instant message and social networking, but increasingly via real-time communications such as voice and potentially via video. This will bring a new edge to social engineering and is likely to convince even the most vigilant targets. The stakes are high, as many whaling attacks generate millions of dollars from stolen corporate funds. "It makes sense that criminal groups will invest their time to ensure the next generation of attacks will be as convincing as possible" he points out. "Many of us would be persuaded, if we got a phone call which sounded like somebody we knew. Even if they were making an unusual request, these types of communications will be received by many accounts departments in 2024, requesting or amending payments." Tom McVey, Menlo Security: AI can be used in a multitude of ways to detect and mitigate threats. Brad Freeman, SenseOn: biggest risk from AI is how Large Language Models will allow highly specific and tailored phishing messages. www.computingsecurity.co.uk @CSMagAndAwards Jan/Feb 2024 computing security 31
Page 1: Computing Security Secure systems,
Page 4 and 5: Secure systems, secure data, secure
Page 6 and 7: news Bernard Montell. HORNETSECURIT
Page 8 and 9: news Sukru Ilker Birakoglu. SUPPORT
Page 10 and 11: 2024 predictions THROUGH THE ‘LUR
Page 12 and 13: 2024 predictions Aaron Kiemele, Jam
Page 14 and 15: training SAFEGUARDING HR IN THE AGE
Page 16 and 17: cybersecurity THE TOP-LEVEL FIBRE B
Page 18 and 19: artificial intelligence AI - WHERE
Page 20 and 21: artificial intelligence Gareth Lock
Page 22 and 23: phishing PHISHING FOR THE ANSWERS D
Page 24 and 25: ansomware WE SHALL NOT BE MOVED! SE
Page 26 and 27: ansomware Raja Patel - Sophos: cybe
Page 28 and 29: attack… attack POINT OF IMPACT IN
Page 32 and 33: cybercrime STAYING ABOVE THE WATER
Page 34 and 35: cybercrime crisis is behind us, the
Page 36: Computing Security Secure systems,

CS Jan-Feb 2024

Create successful ePaper yourself

Delete template?

Save as template?