The past year left its share of dark entries in the annals of cybersecurity. Extrapolating on cybersecurity trends from 2023, it looks as if 2024 could be another challenging year for security professionals.
Attacks and attackers are increasingly sophisticated, the business consequences of a breach continue to rise, an increasingly broad range of industries is affected, and the time available to implement effective and proactive defenses is growing shorter. On top of it all, cyber was a key theater in escalating global conflict.
Consider the targets chosen by attackers these days. In recent years, we’ve seen targets expand from relatively wealthy enterprises to unfortunately vulnerable entities like schools and hospitals. But 2023 again saw name-brand casinos breached in information age Ocean’s Eleven style. Attackers have also realized that obtaining sensitive customer information is as valuable as — or perhaps even more valuable than — holding production operations hostage. Casinos, constantly moving large sums from point A to point B, are motherlodes of such information and not always as well protected from security threats as (for instance) banks.
Attackers are also now increasingly well organized, well funded, and in some cases, diversified and capable of forming strategic alliances. While forensic evidence is never a matter of perfect confidence, we believe that UNC3944, an “affiliate” of the BlackCat ransomware group, probably executed a spate of casino attacks in the middle of 2023. It follows that just as cybersecurity solution providers can and do work cohesively together to achieve common goals, criminal organizations are capable of doing the same. They create shifting alliances to maximize the technical efficacy of any given attack and the profit derived thereby.
Even when law enforcement complicates or interrupts common vehicles of an initial breach, such as spam e-mail, attackers inevitably find another vehicle, like jumping from one car to another in an action movie.
This year Zscaler tracked a measurable decline in email-sourced breaches due to the shutdown of Qakbot, for instance. But attackers responded by shifting to social engineering delivered via phone calls to key employees at a targeted organization. The attack pattern has remained consistent: compromise a target’s defenses, establish an initial foothold, explore lateral opportunities and resources, obtain admin privileges, and leverage them to obtain sensitive data and/or install ransomware.
Supply chains may not be supplying what you think
There were also new attacks based on supply-chain breaches, in which trusted software ends up enabling cyber incidents. That scenario played out in the MOVIEit breaches of May 2023, in which attackers leveraged a discovered weakness to get access to key databases at the U.S. Department of Energy, British Airways, and many other organizations.
This worldwide cluster of attacks, like the casino attacks, was orchestrated largely by a particular criminal organization, Cl0p, which leveraged ransomware to steal a tremendous amount of sensitive data. A consortium of cybersecurity solution providers working in conjunction with government entities including the Cybersecurity and Infrastructure Security Agency (CISA) responded quickly, but not before considerable damage was done. As mass attacks go, it was daunting, and the full future effects of the stolen data, concerning tens or hundreds of millions of people, remain unknown.
Another, similar attack involved the identity management solution provider Okta – specifically, attackers accessed Okta’s source code by compromising its GitHub repositories. Such repositories represent a single point of possible failure not just for security solution providers, but for organizations who have deployed their solutions, and are thus another issue for already-stressed security teams to consider and plan for. How best do you secure your network, your assets, and your information when the top-tier security tools you rely on might already be compromised the day they’re deployed?
AI sometimes stands for 'Augmented Intrusion'
Evolving AI-enabled tools of various types continued to make headlines in 2023 for their potential to transform the way people live, spur business operations, and to accelerate the accurate detection and response to security events among professionals.
Unfortunately, the other side of the AI coin is that it can also accelerate the creation of security vulnerabilities.
What happens, for instance, if software engineers trust AI to generate new code, and yet that code is not actually trustworthy because it wasn’t generated from scratch, but simply adapted from popular but faulty code sourced from the web?
What if security managers assume that an AI’s pattern recognition capabilities mean a breach is not happening, when in fact a breach has been happening for the last week because the AI wasn’t originally trained on the kind of data needed to recognize such a breach?
These seem pertinent questions in the AI-intrigued business environments and boardrooms today.
Criminal organizations are even going the extra AI mile by leveraging AIs to generate increasingly plausible text that lures people into donating their credentials, credit card numbers, or other sensitive data. And in the near future, we can expect AI to become exceptionally fast and accurate at recognizing and specifying which services, networks, and organizations are most easily compromised — quite a convenience for malicious actors who’d rather not have to do it themselves.
Adopting zero trust is the surest, smartest security move you can make
Perhaps the most salient silver lining from 2023 was how, in recognition of a deteriorating security situation, enterprises and governments alike have continued to endorse zero trust as their best hope for a robust defense.
Zero trust best practices and architectures can play a key role in mitigating these and other emerging threats. Via zero trust, it becomes much easier to:
- Reduce the odds of an initial breach, spanning every point in the service chain from initial code development to end-user authentication
- Confine access solely to the assets and information required for particular job roles or responsibilities (never an entire network), via microtunnelling
- Recognize and reduce/eliminate lateral movement within or across a network, if a breach does occur
- Minimize the odds of an attacker gaining administrative credentials and leveraging them to implement a malicious agenda
- Prevent the IP addresses of network assets or company sites from becoming accessible to the general public over the Internet
- Perform security audits to verify the strategy is working as comprehensively and effectively as intended, and fulfill the requirements of government regulations (notice that the SEC adopted new rules, effective this month, that require compromised public companies to disclose cybersecurity breaches within four business days)
No security strategy is impenetrable. Even so, zero trust solutions and strategies offer the best, most comprehensive protection available today to help mitigate the complete range of threats emerging from malware, hackers, criminal organizations, and even insiders who abuse special privileges for personal gain.
So as we approach 2024, Zscaler and the CXO REvolutionaries would like to raise a toast to zero trust will go from being an operational goal (“we should really…”) to an up-and-running reality at organizations worldwide.
What to read next
16 cybersecurity leaders predict how gen AI will improve cybersecurity in 2024