Top insights for IT pros
From cybersecurity and big data to cloud computing, IT Brew covers the latest trends shaping business tech in our 4x weekly newsletter, virtual events with industry experts, and digital guides.
Omne trium perfectum, but for cybersecurity.
The Latin saying that “everything that comes in threes is perfect” fits the bill for Cisco Talos Intelligence Group’s 2023 Year In Review Report, led by the evolution of ransomware attacks, advanced persistent threats (APTs), and commodity loader deployment.
IT Brew caught up with Nick Biasini, the company’s head of outreach, to discuss the findings.
Big time. Ransomware attacks boomed in 2023 for a simple reason, Biasini told us: “There’s a lot of money to be made.” But it’s a bit deeper than just money. Cumulative leaks and a spike in ransomware development are allowing attackers to put together their own “cobbled together” versions of software.
“They really have been able to leverage the capabilities out there that allow them to launch these attacks,” Biasini said.
Attackers are increasingly using tactics that threaten to leak data rather than encrypting it and holding it for ransom in that way. In part, this is because new actors are looking at data extortion plays only. And “small groups…largely don’t have the expertise or the tooling in place to do the data side of things,” Biasini said.
APT pupil. The danger of APTs in 2023 was their increased sophistication, Biasini told us. Threat actors like these are invested in evading detection to take advantage of the information they can gather in secret. Using telecommunications systems to gain footholds, APTs attempt to gain visibility into the potential for future attacks.
“We see them hiding in network infrastructure, either attacking network infrastructure directly or pivoting once they’re inside the network to reside in this network infrastructure, because it does give them the ability to potentially be there long term,” Biasini said.
Load up. Deploying attacks through commodity loaders is a powerful tactic, and one that increased in the last year. By using malicious code delivery to infect systems, ransomware attackers can ride that attack vector to gain internal access through third party attackers for hire.
“They see an avenue for a huge amount of monetization that doesn’t require them to take active steps, they literally just get the infection handed off to another group; that other group loads what they want to load, and off to the races they run,” Biasini said.
The key is getting in the door in the first place, he continued. From there, the possibilities and opportunities expand—and that’s what commodity loaders are selling to interested buyers in the attack sector.
“They want to be able to log in as a user,” Biasini said. “And in today’s world, where everybody’s mobile and logging in from all over the place, it’s easier than ever to be able to connect to an enterprise.”