Over the last decade, there has been a significant surge in cyber threats, facilitated by the opportunities presented in the digital age. While technological advancements, including artificial intelligence, offer innovation and growth, they have also empowered cybercriminals with more sophisticated methods. This blog examines the evolution of cyber threats during the past decade and covers strategies businesses can use to provide protection.
Increase of Cyber Threats
In the past decade, there has been a notable increase in diverse cyber threats, ranging from ransomware attacks to social engineering tactics. A prominent threat is ransomware, wherein attackers encrypt a victim’s files and demand a ransom for restoring access.
In 2020, ransomware attacks surged by 150 percent compared to the previous year, as reported by The Harvard Business Review. Another prevalent threat is phishing, a tactic involving social engineering to deceive victims into disclosing sensitive information. Phishing is particularly hazardous as it capitalizes on people’s inherent trust of the internet. The concept that criminals could manipulate individuals into divulging private information is often difficult for people to fathom, making even well-intentioned individuals susceptible to phishing attacks.
Impact on Businesses
The impact of cyber threats on businesses is profound, with substantial financial losses, reputational harm, and potential legal repercussions. In 2020, the average cost of a data breach, as reported by IBM, was $3.86 million. Forbes emphasizes that small and medium-sized businesses are particularly susceptible to cyber-attacks. The ramifications extend beyond monetary losses, encompassing reputational damage and the erosion of customer trust as major concerns for businesses affected by cyber incidents.
2009-2012: Advanced Persistent Threat
Between 2009 and 2012, there was an increase in advanced persistent threats (APTs). APTs are prolonged and sophisticated attacks aimed at extracting data from specific targets. Attackers dedicated months or even years to gather information about their target before executing the attack, with the primary objective of stealing sensitive information without detection.
In 2010, a significant example of an advanced persistent threat emerged with Operation Aurora, targeting Google and several other companies. During this series of APT attacks, attackers exploited vulnerabilities in company software systems to gain access to sensitive data and intellectual property. The incident underscored the potency of APTs in breaching even well-established and technologically advanced organizations.
Protecting against advanced persistent threats (APTs) involves implementing various cybersecurity measures. Some effective strategies include:
- Secure VPN (Virtual Private Network): Utilize a secure VPN that encrypts all data transmitted between users and the internet. This ensures the confidentiality of sensitive information, safeguarding it from potential cyber threats.
- Next-generation firewall: Implement a next-generation firewall capable of detecting and blocking malicious traffic, including APTs. This technology provides granular control over network traffic, allowing administrators to restrict access to critical resources.
- Intrusion Prevention System (IPS): Deploy an Intrusion Prevention System that employs advanced techniques to detect and prevent APTs from infiltrating the network. This includes identifying and blocking attempts to exploit network and software vulnerabilities.
- Threat intelligence: Incorporate a threat intelligence platform that continuously monitors global threat activity. This platform should automatically update security policies and rules to protect against new and emerging threats, enhancing the organization’s overall security posture.
- User behavior analytics (UBA): Implement a UBA solution to identify and flag abnormal user behavior indicative of a security threat, such as an APT. This enables administrators to quickly detect and respond to potential attacks, minimizing the impact of security incidents.
2013-2016: Business Email Compromise (BEC) and Ransomware
Between 2013 and 2016, there was a notable increase in ransomware and Business Email Compromise (BEC) attacks. Ransomware, a form of malware, encrypts a victim’s files and demands payment for the decryption key. In contrast, BEC attacks involve impersonating a senior executive or known individual to deceive employees into transferring money to a fraudulent account. Both types of attacks became prevalent during this period, posing significant threats to individuals and businesses alike. They are highly lucrative for cybercriminals, with annual ransomware payments reaching billions of dollars. The FBI reported losses exceeding $1.7 billion from BEC attacks in 2019 alone.
The WannaCry ransomware attack, affecting hundreds of thousands of computers in over 150 countries, demanded ransom payments for unlocking affected systems. In 2015, Ubiquiti Networks fell victim to a BEC attack costing $46.7 million, where attackers posed as company executives and convinced employees to transfer funds to overseas accounts.
Protective measures against ransomware and BEC attacks include:
- Email filtering: Blocks suspicious emails containing phishing or malware links, preventing employees from falling victim to social engineering tactics.
- Anti-malware: Detects and blocks ransomware before it encrypts files on a company’s network, minimizing data loss and the impact of an attack.
- Backup and recovery: Automated services restore data and systems during a ransomware attack, reducing damage and the likelihood of paying a ransom.
- User awareness training: Educates employees on recognizing and reporting security threats, enhancing their ability to protect against attacks like BEC.
- Access control: Restricts access to sensitive data and systems, preventing unauthorized access and reducing the risk of successful ransomware attacks.
2017-2020: Internet of Things (IoT) and Artificial Intelligence (AI) Threats
Between 2017 and 2020, the emergence of Internet of Things (IoT) and Artificial Intelligence (AI) threats marked a significant shift in the cybersecurity landscape. IoT devices, increasingly popular for both on-site and remote businesses, became prime targets due to their often-insufficient security measures.
AI played a dual role in this evolution. While businesses employed AI to enhance security measures, cybercriminals leveraged AI to craft more sophisticated attacks. For instance, AI was used to generate realistic phishing emails, deep fake videos, and audio for social engineering attacks.
In 2017, the Mirai Botnet compromised hundreds of thousands of vulnerable IoT devices, turning them into a network of bots for launching massive Distributed Denial of Service (DDoS) attacks. In 2018, DeepLocker, an AI-powered malware, demonstrated the ability to remain undetected until reaching a specific target.
Protective measures against AI attacks include:
- Network segmentation: Segregate IoT devices from other systems to prevent attackers from exploiting them as backdoors to sensitive data.
- Device management: Ensure proper security settings, regular updates, and the latest firmware for IoT devices to prevent vulnerabilities.
- Behavioral analysis: Detect abnormal activity in the network, monitoring the behavior of IoT devices for anomalies indicative of potential AI-based attacks.
- Machine learning: Use algorithms to analyze network traffic, identifying potential threats and anomalies in the behavior of IoT devices.
- Threat intelligence: Employ a threat intelligence platform for continuous monitoring of global threat activity and automatic updates to security policies, addressing new and emerging threats targeting IoT and AI systems.
2021-2022: Supply Chain Attacks and Ransomware-as-a-Service
In 2021 and 2022, there has been a notable rise in supply chain attacks and Ransomware-as-a-Service (RaaS) attacks. Supply chain attacks involve targeting third-party vendors to gain access to their customers’ networks, proving highly successful as cybercriminals focus on software providers, IT companies, and cloud service providers.
RaaS attacks entail renting out ransomware to other cybercriminals in exchange for a percentage of the profits. This business model has facilitated the proliferation of ransomware attacks worldwide. According to a SonicWall report, the first half of 2021 witnessed over 304.7 million ransomware attacks, marking a 151% increase from the corresponding period in 2020.
In 2020, one of the most significant incidents related to supply chain attacks was the SolarWinds attack, which impacted various U.S. government agencies and corporations. Cyber attackers compromised SolarWinds’ software updates, distributing malware to their customers through this channel. Another notable case is the 2021 Colonial Pipeline ransomware attack, causing a major disruption to a key fuel pipeline in the United States, with attackers demanding a ransom for system restoration.
Protective measures against Supply Chain Attacks and Ransomware-as-a-Service attacks include:
- Vulnerability scanning: Detects vulnerabilities in software and systems that could be exploited in a supply chain attack. This includes identifying outdated software and unpatched systems.
- Access control: Restricts access to sensitive data and systems, preventing unauthorized access and reducing the risk of a supply chain attack.
- User awareness training: Educates employees on recognizing and reporting security threats, including those associated with supply chain attacks and ransomware-as-a-service, enhancing overall cyber threat protection.
- Anti-malware: Detects and blocks ransomware before it encrypts files on a company’s network, preventing data loss and minimizing the impact of a ransomware attack, even if delivered as a service.
- Backup and recovery: Automated services for backup and recovery help restore data and systems during a ransomware attack, minimizing damage and reducing the likelihood of paying a ransom to recover data.
2022-Present: Deepfake and Synthetic Identity Fraud
In 2022, deep fake and synthetic identity fraud attacks gained prominence in the cybersecurity landscape. Deepfake technology, creating realistic videos or audio recordings for misinformation and social engineering, was used to impersonate high-level executives or political leaders. Synthetic identity fraud, involving the creation of fake identities using a mix of real and false information, resulted in estimated losses of $1 billion according to the FBI’s 2022 Internet Crime Report. These attacks are notable for their effectiveness in spreading false information and causing financial harm.
2022-Present: Deepfake and Synthetic Identity Fraud
How CatchMark Technologies Can Help
Cybercriminals continually update their tactics, and it’s essential for businesses to maintain awareness of the latest threats. Businesses need to adapt to evolving cybersecurity challenges. Over the past decade, cyber threats have grown more sophisticated, and it’s become more important for businesses to implement a functioning cybersecurity program to protect themselves and their data. CatchMark Technologies specializes in providing cybersecurity services to include consulting, assessments, program establishment, and operations. Contact us to learn more about how we can assist with securing your business.