Cyber Resilience through Integration Part 2: Resistance to Modern Attacks

It is no secret that the cybersecurity industry is growing by leaps and bounds with new technologies, but with new tools come new attack vectors. This also brings a streamlined approach to tactics already implemented. For example, according to a recent threat report from Acronis, the number of email-based attacks identified through 2023 has jumped 464% compared to the first half of 2022.

While AI is not 100% responsible for this surge, we do know that ChatGPT has made it easier for ransomware gangs to create more convincing phishing emails, making email-based attacks more prevalent and easier to launch. In this sequel to Cyber Resilience Through Integration Part 1: The Easiest Computers to Hack, we discuss the latest advances in AI and other emerging technologies and how best to protect your organization from new threats.

Unprecedented Risks Posed by Artificial Intelligence

With innovation in the technology sector growing rapidly and use cases increasing exponentially, 2023 is shaping up to be the year of AI, as ChatGPT and other models dominate global headlines and ordinary users spend years crawling through human-generated text, mimicking human speech, and learning from sophisticated access to groundbreaking tools that can learn through sophisticated intelligence models.

In time, cybercriminals will also turn to ChatGPT and other similar tools to help them carry out their attacks. These large-scale language models (LLMs) can help hackers accelerate their attacks and easily generate ever-changing phishing emails in multiple languages with little effort.

But AI is not just used to mimic human speech. Attackers can use this technology to automate their attacks and analyze their own malicious programs to make them more effective. They can also use these programs to monitor and modify malware signatures and ultimately evade detection. There are also automated scripts for creating and sending phishing emails and checking user credentials for stolen data.

With the help of efficient automation and machine learning (ML), attackers can expand their operations and hit more targets with more personalized payloads. One of the more interesting attack techniques is when attackers attempt to reverse engineer the actual AI model itself. Such hostile AI attacks help the attacker understand the weaknesses and biases of a particular detection model and create attacks that are undetected by the model. Ultimately, AI is being used to attack AI.

Business email compromise remains a major challenge

AI is not the only thing that is evolving. New email security controls have the ability to scan links to phishing sites, but not QR codes. This has led to a surge in criminals using QR codes to hide malicious links. Similarly, malicious emails are beginning to use more legitimate cloud applications, such as Google Docs, to send fake notifications to users that are not normally blocked. after Microsoft Office made it more difficult to run malicious macros, cybercriminals shifted to linked files and Microsoft OneNote files.

The old paradigm of a castle with a moat is long gone when it comes to cybersecurity. Many companies are beginning to move away from virtual private networks (VPNs) to zero-trust access, which requires that all access requests be dynamically approved without exception. They are also monitoring behavioral patterns to detect anomalies and potential threats. This allows access to authenticated users from anywhere without opening the door to attackers.

Unfortunately, it is true that most businesses are breached through simple mistakes. However, the major difference between companies that are breached and those that are not is how quickly they detect and respond to threats. For example, a system that informs users that their password was stolen last week is helpful, but it would have been better if the system informed users in real time and also automatically changed passwords.

Building the Right Defense through Simplicity and Resilience

The problems that cyberattacks pose to both individuals and businesses are legion, but it is still possible to stay ahead of and outwit cyberattackers. Complexity in cybersecurity is one of the biggest problems: companies of all sizes have installed too many tools in their infrastructure, creating a large surface area for potential cyber attacks to penetrate.

According to a recent survey, 76% of businesses suffered at least one production system outage last year. Of those, 36% were due to typical cyber attacks and 42% were due to human error. Additionally, Microsoft recently revealed that 80% of ransomware attacks are caused by misconfiguration.

By reducing the number of security vendors involved in the infrastructure, companies can also save significant training time on the latest versions of each tool. Costs can also be reduced, allowing resources to be allocated to other more profitable areas of the business. If the integration is successful, the tools will work efficiently across silos.

Understand all applications and data.

Behavior-based analysis, which analyzes and catalogs the behavior of individual applications on the system, is also making effective progress. This includes endpoint detection and response (EDR) and extended detection and response (XDR) tools, which allow technology leaders to collect more data and gain visibility into activity. It is critical to be aware of every application on a system, every piece of data that it touches, and every network connection that it makes.

However, the tool should not be such that administrators have to manually analyze thousands of alerts. This can lead to alert fatigue and missed threats. Instead, administrators should leverage AI and ML to automatically weed out bogus alerts, freeing up security engineers’ time to focus on the important alerts.

Of course, the use of these technologies goes beyond typical security data; in the areas of AIOps and observability, they increase visibility across the infrastructure and use AI and ML to predict where the next problem will occur and automatically take action before it is too late.

AI as a tool, not a replacement

AI and ML behavior-based solutions are also particularly important because signature-based detection alone cannot protect against the many new malware samples being discovered every day. Furthermore, with the right information and data set input from technology leaders, AI can augment cybersecurity systems to assess and detect threats more quickly and accurately than humans can.

While leveraging AI and ML is essential to stay ahead of attackers, it is also important to remember that some processes will always require human involvement; AI and ML are to be used as tools, never replacements. Once fine-tuned, such systems can help save a lot of work and effort, and ultimately resources.

Overall, it is always important to build a comprehensive defense and remain resilient in the fight against cybercriminals. Organizations need to prepare for attacks and prevent them as early as possible. This includes using multi-factor authentication (MFA) to quickly patch software vulnerabilities, as well as having an inventory of software and hardware.

Attacks as well as defenses.

Finally, organizations should test their incident response plans. Regular exercises should be conducted to verify that all critical servers can be recovered in the event of an attack, and a system should be in place to remove malicious emails from all inboxes. Being cybersecurity savvy requires preparation, vigilance, and defense as well as offense. Even if some attacks are becoming more sophisticated, knowledge of how to spot phishing attempts and how to keep credentials unique and secure can dramatically help in the fight against cyber threats. In short, the key to achieving cyber resilience lies in eliminating and integrating the unnecessary over-complexity that plagues all small and large businesses.

Source : https://venturebeat.com/security/cyber-resilience-through-consolidation-part-2-resisting-modern-attacks/