Current and likely future cyber-attack trends were highlighted by Sarah Armstrong-Smith, chief security advisor, Microsoft Cybersecurity Solutions Group (UK) during the BankSec 2020 virtual conference.
Through its analysis, Microsoft found that phishing and business email compromise (BEC) attacks remain the most common tactic employed, but are becoming increasingly sophisticated in nature. “The ultimate aim is credential theft,” noted Armstrong-Smith, revealing that in the last year, Microsoft have processed six trillion different messages, blocking 13 billion malicious emails.
One trend observed in regard to BEC attacks is the rise of CEO impersonation, while brands commonly spoofed include large tech companies like Microsoft and Amazon.
There has also been a substantial growth in high impact ransomware incidents in recent times, with a notable feature being that they are “driven by human ransomware and active reconnaissance,” according to Armstrong-Smith. She added: “Cyber-criminals really do take their time to learn about your company and how and when they are going to launch an attack.” This targeted approach means that attacks can be launched in as little as 45 minutes from accessing an organizations’ system.
Armstrong-Smith additionally highlighted how cyber-criminals are rapidly responding to the changing news cycle, which has been especially evident during the COVID-19 pandemic this year. This enables attacks to be timed to be most impactful. For instance, once a global pandemic was declared from the beginning of March, and governments began taking action to stop the spread of the virus, “there was a massive peak in COVID-related attacks,” including phishing lures and fake domains.
At the same point this year, Microsoft detected a huge rise in DDoS attacks, designed to exploit businesses while they were distracted in a number of areas, such as shifting to remote working. Another method employed by malicious actors is to combine DDoS attacks and ransomware. Armstrong-Smith noted: “Cyber-criminals are really evolving in terms of what they’re doing and how they do it.”
This means organizations must be ready for further changes in the methods used by cyber-criminals going forward. One of these could be in response to improved cybersecurity technologies, and in particular, the growing use of machine learning to detect threats. According to Armstrong-Smith, there are signs that threat actors are looking at disrupting and “poisoning” the algorithms of machine learning tools, skewing the results they give, and therefore security decisions made.
A further major security threat that is expected to surge in the coming years relates to the increasing use of IoT devices by employees and organizations. This issue has been exacerbated this year by the shift to home working, where staff have “multiply different devices that are potentially sat on the same network.” Armstrong-Smith noted that we are likely to see moves to smart buildings and even smart cities in the future, which will mean “everything is actually interconnected in one way or another, across the internet.”
In response to this evolving threat landscape, she said it is vital that organizations improve their resilience. This requires a mindset shift, moving “away from trying to stop everything to actually assuming compromise,” and the ability “to recover as quickly as possible.”
Through its analysis, Microsoft found that phishing and business email compromise (BEC) attacks remain the most common tactic employed, but are becoming increasingly sophisticated in nature. “The ultimate aim is credential theft,” noted Armstrong-Smith, revealing that in the last year, Microsoft have processed six trillion different messages, blocking 13 billion malicious emails.
One trend observed in regard to BEC attacks is the rise of CEO impersonation, while brands commonly spoofed include large tech companies like Microsoft and Amazon.
There has also been a substantial growth in high impact ransomware incidents in recent times, with a notable feature being that they are “driven by human ransomware and active reconnaissance,” according to Armstrong-Smith. She added: “Cyber-criminals really do take their time to learn about your company and how and when they are going to launch an attack.” This targeted approach means that attacks can be launched in as little as 45 minutes from accessing an organizations’ system.
Armstrong-Smith additionally highlighted how cyber-criminals are rapidly responding to the changing news cycle, which has been especially evident during the COVID-19 pandemic this year. This enables attacks to be timed to be most impactful. For instance, once a global pandemic was declared from the beginning of March, and governments began taking action to stop the spread of the virus, “there was a massive peak in COVID-related attacks,” including phishing lures and fake domains.
At the same point this year, Microsoft detected a huge rise in DDoS attacks, designed to exploit businesses while they were distracted in a number of areas, such as shifting to remote working. Another method employed by malicious actors is to combine DDoS attacks and ransomware. Armstrong-Smith noted: “Cyber-criminals are really evolving in terms of what they’re doing and how they do it.”
This means organizations must be ready for further changes in the methods used by cyber-criminals going forward. One of these could be in response to improved cybersecurity technologies, and in particular, the growing use of machine learning to detect threats. According to Armstrong-Smith, there are signs that threat actors are looking at disrupting and “poisoning” the algorithms of machine learning tools, skewing the results they give, and therefore security decisions made.
A further major security threat that is expected to surge in the coming years relates to the increasing use of IoT devices by employees and organizations. This issue has been exacerbated this year by the shift to home working, where staff have “multiply different devices that are potentially sat on the same network.” Armstrong-Smith noted that we are likely to see moves to smart buildings and even smart cities in the future, which will mean “everything is actually interconnected in one way or another, across the internet.”
In response to this evolving threat landscape, she said it is vital that organizations improve their resilience. This requires a mindset shift, moving “away from trying to stop everything to actually assuming compromise,” and the ability “to recover as quickly as possible.”