As cybercriminals evolve their “business models” – leveraging today’s adoption of digital transformation strategies and advances in machine learning and artificial intelligence – organizations must return fire and continue to bolster their security controls to protect their business assets.
During a recent live webinar, Rick Mutzel, Security & Compliance Officer at Omega Systems, shared his insight and perspective on the current cybersecurity threat landscape, reviewing the latest developments in phishing, ransomware and AI-driven emerging threats – such as ChatGPT – and sharing recommendations for how to stay on top of these evolving risks.
Phishing, Social Engineering and CEO Fraud
Although not new to the threat scene, phishing and social engineering scams remain widely used given their continued effectiveness. Brand impersonation is one of the top techniques that trick users, with hackers posing as major online services like Google, Microsoft and LinkedIn to capture credentials. CEO fraud is also gaining notoriety. This type of email scam typically impersonates a company’s CEO or other executive and attempts to coerce employees and third parties into making wire transfers or divulging financial information, passwords and other valuable data.
Now more than ever, it is crucial for all users to stay vigilant against these types of sophisticated phishing attacks. Keeping cyber hygiene high year-round within your organization through automated security awareness training alongside realistic simulated phishing exercises continues to be the most effective method of prevention. But beyond training and awareness, there are other organizational controls, policies and tools that can be used to help prevent hackers from gaining access to networks or sensitive information.
One of the best forms of prevention is multi-factor authentication, which provides an extra layer of security to verify identity and enable access – even if an attacker is able to harvest user credentials via a phishing scam. Reliable alerting and monitoring tools, such as security information and event management (SIEM) and Security Operations Center (SOC) services can detect failed authentications and track trends over time to temporarily block logins or disable accounts with suspicious activity. Conditional access policies, which can restrict authentication sources to specific locations or apply geo-restriction policies in local firewalls, can act as another effective intrusion prevention measure.
The Evolution of Malware and Ransomware
While the number of ransomware attacks remained relatively steady from 2021 to 2022, there was a significant decline of 38% in ransomware attack payouts last year. This could be attributed to the increasing number of organizations refining their disaster recovery and business continuity plans as well as improved backup and recovery solutions available in the market.
This decrease in payouts, however, has seemingly caused a shift in threat actors’ approaches. Once content to merely restrict access to stolen data, now some hackers have advanced to stealing data and threatening to release it publicly unless the victim pays the ransom. Some threat actors are going beyond this, indexing and making data searchable on public websites and then sending emails to customers and regulatory bodies – hoping to further influence the ransomware payout. Perhaps the most desperate and sophisticated threat actors have been known to launch DDoS attacks against organizations that refuse to meet their demands as a last resort.
Overall, this shows that ransomware attack techniques are evolving and that organizations need to stay vigilant and proactive to protect themselves from such threats – by implementing strong perimeter security and shoring up disaster recovery and incident response plans.
Potential AI Emerging Threats, Including ChatGPT
While more primitive versions of large language models (LLMs) have been around for years, ChatGPT has proven thus far to be its most advanced iteration. These AI-based technologies generally have a wide range of potential applications, from summarizing lengthy emails to generating code to answering customer service inquiries in a human-like fashion.
With millions of users adopting the use of ChatGPT and other similar LLMs, their potential for abuse is raising some security concerns. Consider the wealth of information that’s been submitted to these tools – and the ways threat actors could access and weaponize such information.
One possible way bad actors can exploit ChatGPT is through organizing text and creating more convincing phishing emails, making it harder for people to discern them from legitimate ones. Compared to earlier phishing emails with awkward phrasing, poor punctuation marks and grammatical errors, newer phishing emails can be much more difficult to detect. There’s also the potential for hackers to write malicious code in a much quicker fashion with advanced AI tools like these.
Certainly, some businesses may consider blocking applications like ChatGPT on their networks to thwart any potential AI threats. However, as integrations between software like Office 365 and Bing increase in complexity, it may not be possible to simply block specific tools without causing disruptions in your operations. To address concerns about data exfiltration, better solutions are necessary to curtail what information leaves the network, such as deep packet inspection with data loss prevention parameters.
Rely on the Expertise of a Managed Service Provider
To adequately defend against modern cyber threats (and successfully compete in the digital transformation era), it is essential to implement a multi-layered approach that involves a combination of traditional security controls and next-generation security measures.
Consider bringing in the help of cybersecurity professionals to streamline this intricate process and make it reliable, accessible 24x7x365, cost-effective and scalable over the long term. A trusted managed service provider (MSP) like The TNS Group offers flexible security solutions to not only help you combat these evolving threats but also adhere to changing compliance requirements and meet growing expectations for cyber liability insurance and investor due diligence.
Contact our security experts at TNS to get started.
EDITOR’S NOTE: This article was originally posted by Omega Systems. The TNS Group joined the Omega Systems family in December 2022.
Categories: Business Continuity Service, Cloud Managed Services, Managed Security Services, Solution Blogs
