5 Major Turning Points in Cybersecurity From 2023 - And What They May Mean for 2024
As the dust has settled from the transition from 2023 to 2024, here’s a look at five major turning points in the cyber threat landscape from 2023—and what they may mean for 2024.??
3CX and the Return of the Supply Chain Attack
In March, word broke of a major security incident involving 3CX , a popular business phone system, in which the attackers managed to add an installer for the desktop application that downloaded malware.
Further investigation revealed that this was likely a supply chain attack—one of the most notable since SolarWinds. And, according to Chester Wisniewski, director, Field CTO, Sophos, this is more likely just the beginning than a one-off.
“Supply chain attacks have been on the rise, and I suspect will continue to be a preferred method of compromise for a growing number of criminal groups. There are so many ways to approach breaching an organization through trusted third parties, in essence another form of Trojan horse. We have seen software providers have their updating mechanisms used to deploy malicious updates (3cx, SolarWinds, M.E. Doc), MSPs and remote access equipment compromised to gain access to clients (Kaseya, CTS), poisoned packages in popular software development libraries like Python and NodeJS and simple credential theft and vulnerability exploitation in trusted networks like we observed at Target more than 10 years ago. These attacks are difficult to defend against and may be just what the doctor ordered for criminals to gain access to more hardened targets,” said Wisniewski.
MOVEit – and the CL0P takeover
The exploitation of a vulnerability in MOVEit, a highly popular filetransfer software, was arguably the largest attack of the year. The BBC, British Airways, Shell, and the U.S. Department of Energy were just a few of the major victims.
The ransomware gang CL0P took credit for the attack—and tested out an “extortion-only” approach to ransomware, whereby they simply stole the data rather than also encrypting it. Since then, more ransomware groups, such as Akira , have begun test-driving this same approach. Whether or not this proves to be a more lucrative strategy remains to be seen.?
Exploiting network devices without automatic update mechanisms has been increasingly favored by crime groups and nation-states alike. As we saw at the end of January 2024 with the US Government dismantling parts of the Volt Typhoon, it may even reach the threshold of being a national security risk,” Chester Wisniewski, director, Field CTO, Sophos.
Government Takedowns?
In April, the FBI announced a major victory: they had managed to seize Genesis Marketplace —one of the most infamous dark web marketplaces for stolen credentials. Dubbed “Operation Cookie Monster,” the takedown was the result of an international effort and was the largest operation of its kind to date.
In May, the Justice Department announced they had successfully taken down a network of computers infected with “Snake” malware, a powerful rootkit utilized by the Russian-backed APT group Turla for many years.
Then, in August, the FBI shared the news, as the result of international cooperation, they took down 700,000 Qakbot-infected computers, dealing a significant blow to the botnet. Qakbot has been one of the most notorious types of malware since 2008 and has frequently been used in ransomware attacks.?
领英推荐
These takedowns are important disruptions to these cybercriminals’ operations and provide evidence that good things can happen when there’s collaboration with the public sector. However, there is still progress to be made.?
“Law enforcement actions continue to increase, and this is very important as it increases the costs of our adversaries. Cybercrime abhors a vacuum , however, and when criminal infrastructure is disrupted the criminals quickly rebuild to accommodate demand. We’ve made great strides in targeting infrastructure, we must continue that pressure and target more of the people building it,” said Chester Wisniewski, director, Field CTO, Sophos.
MGM Breach—And Ransomware Gangs’ Direct Media Outreach
In September, MGM Resorts International announced they were the victims of a major ransomware attack. And, while the hack itself was news, so too was the ensuing “battle” between two different ransomware threat groups for credit for the attack. The media initially reported that the group “Scattered Spider” was the culprit, only for BlackCat/ALPHV to publicly call out certain media for erroneously attributing the attack to another group, as well as reporting other “inaccuracies.”?
The MGM hack showcased a broader trend among ransomware threat groups of actively trying to control the narrative, as well as proactively courting media attention and interviews with journalists for fame, recruitment, and increased pressure on victims.?
“Ransomware attackers are no longer simply hacking networks and systems—they're attempting to ‘hack’ the public narrative. We saw this with the MGM hack, and even with the MOVEit attacks by CL0P, when the group attempted to ‘set the record straight’ about purported inaccuracies in the media’s coverage of the attacks. For these threat groups, there’s several benefits to engaging with the press. It’s not only an ego boost for them but improves their notoriety—and makes them a more desirable ‘employer’ for criminals. It’s also shown to be an effective method for pressuring victims.?
We’re likely to see ransomware groups more directly engaging with the press in the future. In our research, interestingly enough, we saw some groups like CL0P and Royal utilizing press releases to ‘rebrand’ their activities into ‘security services’,” said Christopher Budd, director, threat research, Sophos.?
Regulation Amps Up
Around the world, governments attempt to address cyber-mayhem extended to not only takedowns and criminal prosecutions, but to regulations touching virtually every industry.?
In the US, the government recently instituted the new Securities and Exchange Commission guidelines for cybersecurity incident disclosures, and the Cyber Incident Reporting for Critical Infrastructure Act of 2022 (CIRCIA) goes into effect this March. The US has also led the way for countries to begin regulating ransomware payments.?
As both geopolitical unrest and the number of attacks increase worldwide, governments look to compliance and reporting to get a handle on protections. From General Data Protection Regulation (GDPR) in Europe, the Notifiable Data Breaches (NDB) scheme in Australia to the new SEC and CISA rules in the US governments, the world over is passing rules and regulations to get a grip on the scope of data breaches and ensure victims and investors are aware of the damages caused by them.
"Governments have recognized that the ongoing impact of cyber attacks on the economy and critical infrastructure present a genuine national security threat. We will likely continue to see stricter regulations and rules to both help measure the scope and scale of the problem, as well as to encourage companies to invest more in defending their digital assets,” said Chester Wisniewski, director, field CTO, Sophos.
I'm helping organizations in cybersecurity and data privacy. I have experience in various data centers, including public, private, multi and hybrid cloud, and on-premises. Ex- Sify, HCL, ANZ, TechM, Wipro, and Religare.
5 个月As you consider your cybersecurity strategy for the coming year, I wanted to share an article I came across on LinkedIn about cybersecurity trends for 2024. I found the article to be really insightful. Some recommended protective measures include implementing Zero Trust Architecture, AI-Powered Security Operations, Cloud Security, Privacy Enhancing Computation, Regulatory Compliance, Internet of Things (IoT), Ransomware attacks, Supply Chain Security, Biometric Security In conclusion, cybersecurity and privacy in 2024 will be shaped by advancements in technology, evolving regulatory landscapes, and the need for proactive measures to combat emerging cyber threats effectively.
| Systems Engineer | Strategic Sales Expert | Sales Manager | Sales Director | Cybersecurity | Telecommunications | Conversational AI Academy - DRUID | Cloud computing (IaaS, PaaS, SaaS | Data Center |
8 个月Excellent article to take into account.
IT Head/CISO/CIO/CTO | Author |Mentor |Speaker |Innovator |Influencer| Coach
9 个月Great product
Experienced Cybersecurity Marketing Strategist at NSS Corporation
9 个月As cyber threats evolve, staying ahead is crucial. Prepare for the new game in cyber attacks by fortifying network defenses, educating teams on the latest tactics, implementing robust cybersecurity protocols, and leveraging advanced threat intelligence. Vigilance, agility, and proactive measures are key in safeguarding against emerging cyber threats.
Managing Director, PM&A Consulting & IT Services
9 个月A concerted effort is the right approach, very interesting article. Well done Sophos team!