Search This Blog

Powered by Blogger.

Blog Archive

Labels

Showing posts with label SOCs. Show all posts

Cybersecurity Teams Tackle AI, Automation, and Cybercrime-as-a-Service Challenges

 




In the digital society, defenders are grappling with the transformative impact of artificial intelligence (AI), automation, and the rise of Cybercrime-as-a-Service. Recent research commissioned by Darktrace reveals that 89% of global IT security teams believe AI-augmented cyber threats will significantly impact their organisations within the next two years, yet 60% feel unprepared to defend against these evolving attacks.

One notable effect of AI in cybersecurity is its influence on phishing attempts. Darktrace's observations show a 135% increase in 'novel social engineering attacks' in early 2023, coinciding with the widespread adoption of ChatGPT2. These attacks, with linguistic deviations from typical phishing emails, indicate that generative AI is enabling threat actors to craft sophisticated and targeted attacks at an unprecedented speed and scale.

Moreover, the situation is further complicated by the rise of Cybercrime-as-a-Service. Darktrace's 2023 End of Year Threat Report highlights the dominance of cybercrime-as-a-service, with tools like malware-as-a-Service and ransomware-as-a-service making up the majority of harrowing tools used by attackers. This as-a-Service ecosystem provides attackers with pre-made malware, phishing email templates, payment processing systems, and even helplines, reducing the technical knowledge required to execute attacks.

As cyber threats become more automated and AI-augmented, the World Economic Forum's Global Cybersecurity Outlook 2024 warns that organisations maintaining minimum viable cyber resilience have decreased by 30% compared to 2023. Small and medium-sized companies, in particular, show a significant decline in cyber resilience. The need for proactive cyber readiness becomes pivotal in the face of an increasingly automated and AI-driven threat environment.

Traditionally, organisations relied on reactive measures, waiting for incidents to happen and using known attack data for threat detection and response. However, this approach is no longer sufficient. The shift to proactive cyber readiness involves identifying vulnerabilities, addressing security policy gaps, breaking down silos for comprehensive threat investigation, and leveraging AI to augment human analysts.

AI plays a crucial role in breaking down silos within Security Operations Centers (SOCs) by providing a proactive approach to scale up defenders. By correlating information from various systems, datasets, and tools, AI can offer real-time behavioural insights that human analysts alone cannot achieve. Darktrace's experience in applying AI to cybersecurity over the past decade emphasises the importance of a balanced mix of people, processes, and technology for effective cyber defence.

A successful human-AI partnership can alleviate the burden on security teams by automating time-intensive and error-prone tasks, allowing human analysts to focus on higher-value activities. This collaboration not only enhances incident response and continuous monitoring but also reduces burnout, supports data-driven decision-making, and addresses the skills shortage in cybersecurity.

As AI continues to advance, defenders must stay ahead, embracing a proactive approach to cyber resilience. Prioritising cybersecurity will not only protect institutions but also foster innovation and progress as AI development continues. The key takeaway is clear: the escalation in threats demands a collaborative effort between human expertise and AI capabilities to navigate the complex challenges posed by AI, automation, and Cybercrime-as-a-Service.

SOCs Face Stern Test in 2023 as Hackers Target Governments and the Media

 

The number of incidents in the government and mass media segments will increase this year, according to Kaspersky research experts' predictions for challenges in Security Operation Centers (SOCs) in 2023. SOCs in these and other industries, as well as supply chain attacks via telecommunications providers, are likely to face more recurring targeted attacks. More initial compromises through public-facing applications will be another threat to SOCs. Data destruction may occur in organisations that are threatened by ransomware attacks. 

Repeated targeted attacks by state-sponsored hackers 

The average number of incidents in the mass media sector doubled from 263 in 2021 to 561 in 2022, according to Kaspersky experts. Numerous high-profile incidents occurred over the course of the past year, one of which was when Iranian state TV broadcasting was halted due to hacker activity while the nation was in the midst of protests. Similar DDoS attacks to those that occurred in the Czech Republic also targeted media outlets. Among the 13 other analysed segments, such as industrial, food, development, financial, and others, mass media emerged as the top target for cybercriminals, following the government sector, where the average number of incidents increased by 36% in 2022. 

2023 will see a continuation of this growth along with routine targeted attacks by state-sponsored actors. While this is typically relevant for governmental organisations, the mass media sector has come under increased attack during global conflicts that are frequently accompanied by information warfare and in which the media invariably play a significant role. 

“Large businesses and government agencies have always been targets of cybercriminals and state-sponsored actors, but geopolitical turbulence increased attackers’ motivations and enlivened hacktivism, which cybersecurity specialists have not regularly encountered until 2022,” stated Sergey Soldatov, head of security operation center (SOC) at Kaspersky. “The new wave of politically-motivated attacks is especially relevant for the government and mass media sectors. To effectively protect a company, it’s necessary to implement a comprehensive threat detection and remediation provided through Managed Detection and Response services.” 

Supply chain assault 

Attacks on telecommunications firms by perpetrators could lead to an increase in supply chain strikes in 2023. The telecom sector experienced a disproportionate number of high severity incidents in 2021 for the first time. Although the average proportion of high severity incidents decreased in 2022 (from 79 per 10,000 systems monitored in 2021 to about 12 in 2022), these businesses continue to be prime targets for cybercriminals. 

Ransomware destroyers 

In 2022, Kasperksy noticed a new ransomware trend that will persist in 2023: ransomware actors will both encrypt and destroy corporate data. This is pertinent to organisations that experience politically motivated attacks. More initial compromises through applications with a public facing pose a threat to SOCs. Compared to phishing, penetration from the perimeter requires less preparation, and outdated vulnerabilities are still available. 

Mitigation tips

Kaspersky researchers advise taking the following precautions to guard against the pertinent threats: 

  • Keep all of your devices' software updated to stop hackers from breaking into your network by taking advantage of flaws. Patches for fresh vulnerabilities should be applied as soon as possible. Threat actors are no longer able to exploit the vulnerability once it has been downloaded. 
  • High-profile attacks can be defended against with dedicated services. Before the intruders succeed in their objectives, the Kaspersky Managed Detection and Response service can assist in locating and stopping intrusions in their early stages. If an incident occurs, Kaspersky Incident Response service will assist you in responding and reducing the effects. In particular, locate the compromised nodes and safeguard the infrastructure from future intrusions. 
  • Utilize the most recent Threat Intelligence data to keep abreast of the TTPs that threat actors are actually employing. 
  • Select a trustworthy endpoint security product with behavior-based detection and anomaly control features, like Kaspersky Endpoint Security for Business, for efficient defence against known and unknowable threats.