In our recent live event, FBI Tips on Breach Prevention and Response in 2024, FBI Special Agent and Special Assistant U.S. Attorney Donovan McKendrick provided an overview of the current cyber threat landscape, shedding light on the evolving tactics used by threat actors including those leveraged in recent breaches like Microsoft. He also shared several strategies businesses can employ to mitigate risks while collaborating with the government to stop security incidents early, recuperate costs and limit damage. Here are our key takeaways from the discussion:
Ransomware evolution and tactics
Ransomware has become a pervasive and lucrative form of cybercrime, reaching an estimated global damage of $59 billion in 2022. Threat actors are continuously evolving their tactics to maximize profits and the global estimated damage for 2023 is expected to be significantly higher than previous years. Several emerging aspects of modern ransomware attacks include:
- Sophisticated collaboration: Gone are the days of lone hackers conducting ransomware attacks. Modern ransomware groups operate as sophisticated businesses, with distinct roles such as breaching, deploying ransomware, and negotiating payments. This collaboration among multiple groups increases the complexity of these attacks and their potential impact on organizations.
- Cryptocurrency payments: The preference for cryptocurrency payments, particularly Bitcoin, has made it easier for ransomware operators to receive and launder ransom payments. The anonymity provided by cryptocurrencies complicates efforts to trace and recover funds, contributing to the profitability of ransomware operations.
- Government response: Government agencies advise against paying ransoms. That said, organizations can face difficult decisions in the face of real-life ransomware scenarios, so if a ransom is paid it’s important to notify the government as it can help disrupt ransomware networks and prevent further victimization.
Certain industries are more susceptible to cybercrime — healthcare, for example, can be prime targets for cyberattacks due to the sensitive nature of patient data and the critical role that plays in daily operations. Hospitals and healthcare providers are often willing to pay ransoms to regain access to encrypted data, making them lucrative targets for ransomware operators.
To combat the rising threat of ransomware, organizations must prioritize cybersecurity measures such as regular backups, robust endpoint security, and employee training on phishing awareness, all while implementing a zero-trust security model and company culture.
Government collaboration and reporting
The collaboration between organizations and government authorities is crucial in addressing cyber threats effectively. Security incidents should be reported to sites like IC3.gov as quickly as possible after detection. IC3.gov, the Internet Crime Complaint Center, serves as a central hub for reporting cybercrime incidents to federal law enforcement and intelligence agencies. Reporting incidents to IC3.gov not only facilitates investigations, but also helps in aggregating threat intelligence to identify patterns and trends in cyberattacks.
Government agencies may also possess decryption keys for certain ransomware variants, enabling them to assist organizations in recovering encrypted data without paying ransoms. Reporting security incidents to IC3.gov or other similar sites may aid in recovering data without cost or risk of negotiating with ransomware groups.
Top cyber threats for 2024
McKendrick identified several top cyber threats that organizations need to be vigilant about, including:
- Ransomware: Continues to be a prominent threat, with ransomware groups employing increasingly sophisticated techniques and collaboration strategies.
- Financial fraud: Cybercriminals are exploiting personal data to access financial systems through schemes like “Pig Butchering” (“Sha Zhu Pan”), where victims are lured into fraudulent cryptocurrency exchanges that result in severe financial losses, both at the personal and enterprise level.
- Supply chain attacks: Recent incidents like SolarWinds have highlighted the vulnerability of supply chains to sophisticated cyberattacks, emphasizing the need for supply chain risk management strategies.
AI in cybersecurity
Artificial Intelligence (AI) is playing an increasingly prominent role in cybersecurity, both for defenders and attackers. Cybercriminals are leveraging AI tools to automate and enhance their attack techniques, such as AI-generated phishing emails and voice cloning for social engineering.
On a positive note, AI can also lead to increased security posture. Organizations have begun deploying AI-driven security solutions for threat detection, anomaly detection, and behavioral analysis to bolster their cybersecurity posture.
The five C’s of cybersecurity
The following can be used as a framework for implementing and maintaining comprehensive security measures as organizations navigate the complex and evolving landscape of cyber threats.
- Connectivity: Secure network connections and data transmission protocols to prevent unauthorized access.
- Collection: Proper data collection practices, data encryption, and secure backups to protect sensitive information.
- Configuration: Secure configuration of systems, applications, and devices to minimize vulnerabilities.
- Compliance: Adherence to regulatory requirements and industry standards, coupled with a culture of security awareness and compliance.
- Culture: Fostering a cybersecurity-aware culture within organizations, including employee training, incident response protocols, and continuous improvement of security practices.
By building security posture around the “Five C’s,” understanding the tactics employed by threat actors, collaborating with government authorities, and fostering a zero-trust culture geared toward implementing least privilege, businesses can defend against cyberattacks and safeguard their sensitive data.
Resources
Bookmark the following key resources to help prevent against or respond effectively to security incidents:
- Internet Crime Complaint Center: ic3.gov
- FBI internet best practices: https://www.fbi.gov/scams-and-safety/on-the-internet
- National Cyber Security Alliance: staysafeonline.org
- DHS: dhs.gov/topic/cybersecurity
- FTC: identitytheft.gov
- Infragard, SF Chapter: sfbay-infragard.org
As cyber threats continue to evolve, staying informed, proactive, and adaptable is key to maintaining a resilient cybersecurity posture in an increasingly complex digital world. This webinar was hosted by Veza, the Identity Security Company. Learn more about how Veza helps organizations see the reality of access, putting least privilege within reach.