Five Cyberthreats Facing Organisations in 2024

When a cybersecurity incident is detected, there are three questions the incident response (IR) team must answer:

  1. Was the asset or a copy of data exfiltrated?
  2. Was it changed from a trusted or known state?
  3. Do we still have access to the data ourselves?

This trifecta is also known as confidentiality, integrity, and availability. IR teams are tasked with ensuring that no data has been stolen—and if it has, which data sets have been compromised—that the integrity of data has been maintained, and that the business remains operational.

Achieving this is based on the ability to identify the point of compromise (POC) quickly and effectively to stop threat actors moving laterally and gaining more privileged access and to close any vulnerabilities.

According to the Verizon 2023 Data Breach Investigations Report, 93 per cent of confirmed incidents in the Asia Pacific region were achieved through social engineering, system intrusion, and basic web application attacks. The threat actors were predominantly external (92 per cent) and motivated financially (61 per cent). The compromised data was internal (56 per cent), secrets (42 per cent), and credentials (29 per cent).[1]

Here five key themes revealed in the report:

1. Social Engineering is Effective and Lucrative

Threat actors use social engineering to exploit our innate helpful nature, manipulating and victimizing us in the process. A combination of strategies is used to accomplish this, from creating a false sense of urgency to click on a link, to hijacking existing communication threads to convince us to disclose sensitive data or update a legitimate vendor’s banking details to a scammer’s account. This type of action is often the result of business email compromise (BEC) attacks, which account for more than 50 per cent of the social engineering incidents in Verizon’s report. BEC attacks are more complex than phishing attacks and harder to detect, largely because they compromise an internal system or a vendor’s system. The financial rewards of these attacks are perhaps one of the reasons why BEC attacks have almost doubled across Verizon’s incident datasets.

It goes without saying that rapid detection and response is key when dealing with social engineering attacks.

2. Credentials Are Still a Gold Mine

According to Verizon, in one quarter of all breaches, stolen credentials and vulnerabilities are leveraged for threat actors to gain access to an organization’s assets. These credentials are not necessarily stolen from the organisation itself. Poorly picked and protected passwords mean that many people use the same passwords for multiple platforms. Match email addresses and passwords, and inundate a system with credentials, and there’s a strong chance that one will work. Once that happens, the threat actor is in. They can now take their time to increase privileges and move laterally across the system, or they might simply stay inside an email inbox and mine it.

Verizon’s data reveals that 41 per cent of breaches involve mail servers, and that attackers can access internal data (41 per cent), banking details (6 per cent), and medical data (6 per cent). Inboxes are a goldmine for hackers. Good email and server hygiene are critical, as are multi-factor authentication and better password management.

3. Ransomware is (and Always Will Be) Here to Stay

Ransomware is present in 24 per cent of all breaches. The most typical way a ransomware attack succeeds is through email, desktop sharing software, and web applications. Threat actors use social engineering to get a user to click on a link, and the user then essentially runs their attack for them. It’s simple, elegant, and is the biggest way system intrusion attacks succeed. Third-party vendors increase risk factors, as they provide hackers with multiple entry points to move laterally across systems through vulnerabilities, particularly if threat actors have time to gain privileged access into more high-value networks. This is why identifying an intrusion and closing any vulnerabilities is critical.

4. Privilege Misuse is a Key Internal Threat

There are two prevalent internal threats that organizations face: errors (accidents) and misuse, the latter being far more malevolent and involving misuse of privilege or malicious activity. In these cases, employees typically initiate fraudulent transactions—sometimes colluding with external third parties—or abuse the access they have been given to perform their jobs by stealing data instead. Internal threats will always pose a risk, and daily security management, monitoring, and logging are some of the most effective methods to identify suspicious activity and errors.

5. Threat Actors Have a Range of Tools at Their Fingertips

Cybercrimes have become so sophisticated because threat actors do not rely on a single piece of software or tool. A typical breach might include the use of automation to gain a foothold into a network. Once inside an organisation, phishing and stolen credentials could be leveraged to gain more privileged access, adding backdoors to move laterally across a system and to create vulnerabilities that can be exploited down the line. There are three phases: the initial access phase, the breach escalation (which could occur anywhere in the network), and the results.

How Snare Can Help

Snare is your security data engine. With a Snare solution integrated across all your data sources, whether data is collected and housed across various platforms or in a data lake, you will always have full visibility into every action that impacts your data. From a security, auditing and compliance perspective, you will know where data was created, if it was changed or moved, who moved it, when it was moved and where it is now. Snare’s comprehensive set of event monitoring and analysis tools deliver immediate, real-time integration of data, while maintaining the analysis of security threats within all systems. It effectively gathers and filters IT-event data for critical security monitoring, analysis, auditing, and archiving.  Over and above this powerful engine that monitors data and logs all events across your business through one portal, Snare’s key differentiator is its unique pricing model, which excludes ingestion costs, coupled with a bespoke storage layer. This provides between 90 per cent and 97 per cent storage savings compared to alternative solutions, all while ensuring that real-time audit logs can be used to identify any unusual or suspicions activity, tracing it back to the point of compromise.

Interested in reading more about the current threat landscape?

Read the Verizon report: https://www.verizon.com/business/en-au/resources/reports/dbir/

How to Collect Real-time Forensic Data in a Zero Trust Architecture ModelSnare x Carahsoft partnership