Cyberattacks Are Changing: Here’s How
Cyberattacks are changing. Exponential increases in how businesses and consumers engage with technology on a daily basis has unleashed an ever-expanding array of attack surfaces and vectors. And we’re feeling the heat. The “we” in this case, are the industry and government experts in charge of keeping assets—including consumer data, business applications, power grids—secure.
What’s fueling changes to cyberattacks is largely rooted in what’s changing for cyberattackers. The image of lone-wolf operators or teens-in-a-hoodie is the cliché image presented in film and television programs of yore. But that’s not what we’re looking at anymore. We’re now staring down the barrel of entire nation-states or sophisticated organized entities with lucrative profit motives.
Alongside that shift, the cybersecurity industry is no longer merely blocking against pranks, low-budget phishing schemes or hackers’ attempts to prove how brilliant they are. We are instead encountering mission-critical threats with serious outcomes, heightened costs and cyberattacks that allow malicious actors to go completely undetected within a network. These attacks can ultimately spark serious financial consequences and massive reputation blemishes as well.
The Changing Face of Cyberattacks
Organizations are faced with the challenge of protecting their web layer assets every day—that being the complexity and diversity of technologies that power web applications. And that complexity is diverging now with the adoption of trends such as service mesh and serverless technology. Attackers are also becoming more clever in how they attack an enterprise. Here are a few examples:
API Abuse
APIs are the backbone of modern web, cloud and mobile applications. Just as attackers utilize bots to copycat legitimate users, they can also deploy bots to enable high-speed abuse and misuse of APIs to perpetrate various malicious activities including account takeover. Financial services companies expose APIs to serve both customers and third-parties who need access to customer-specific data. But detecting malicious requests is key to preventing attackers from abusing those same APIs and causing service disruption, data leakage or account lockouts.
Defeating API abuse requires the same visibility that shows you where and how attackers are attempting to manipulate your application’s business logic, including authentication events. This requires instrumenting your application to monitor key application events to surface those real-time insights.
Application DDoS
Applications are the lifeblood of every organization now. It used to be just a marketing website, but now we’re talking about apps for everything from banking and shopping to travel. The implications of keeping modern applications secure have therefore never been more important. Attackers have jumped on the opportunity to exploit even the smallest vulnerabilities in applications and deny access to swathes of users, to pull data and remain undetected within a network.
Ransomware Resurgence
Ransomware has made a strong comeback in 2019, with incident reports more than doubling this year. Despite the proliferation of cyber insurance policies, companies continue to deal with ransomware attacks: threat actors are incentivized to leverage this tactic due to the large potential payouts when organizations capitulate to ransom demands.
Platform Misuse
The definition of a “hack” is changing, or rather, broadening. Added to the traditional notion of a hack lies a subtler but equally dangerous threat: misuse of a platform’s intended functionality. Not only is this type of threat difficult to detect, it’s even more difficult to deter. We see this daily, mainly by way of fake news propagated through social media influencing readers on topics from politics to vaccines.
The Way Forward Against Cyberattacks
Ultimately, it takes foresight and the proper investment in secure infrastructure to combat these expanding cyberattack methods and surfaces. To early-stage businesses: You do not need to compromise security for speed. Modern security tooling allows all teams to be more security self-sufficient, by injecting security workflows into the development environment. Don’t silo the security of your venture; effective security is a shared, collaborative responsibility between all development, security and operations teams.
The four attack surfaces and methods I mentioned above could easily be replaced with a new set in six months. The point is that you invest in modern security solutions to ensure that whatever method rears its ugly head, your team is prepared to deal with it—not left scrambling in the dark for a quick fix.
What do you think will be the biggest threats to emerge in the next five years? How will security teams evolve to keep up with those surfaces?