Skip to content
Tiatra, LLCTiatra, LLC
Tiatra, LLC
Information Technology Solutions for Washington, DC Government Agencies
  • Home
  • About Us
  • Services
    • IT Engineering and Support
    • Software Development
    • Information Assurance and Testing
    • Project and Program Management
  • Clients & Partners
  • Careers
  • News
  • Contact
 
  • Home
  • About Us
  • Services
    • IT Engineering and Support
    • Software Development
    • Information Assurance and Testing
    • Project and Program Management
  • Clients & Partners
  • Careers
  • News
  • Contact

The changing face of cybersecurity threats in 2023

Over the last eighteen months or so, a motley group of teenagers under the banner of Lapsus$ managed to hack into “unbreachable” fortresses at tech giants such as Okta, T-Mobile, Nvidia, Microsoft, and Globant using unsophisticated but creative and persistent techniques.

While the group’s goals were unclear and differing – fluctuating between amusement, monetary gain, and notoriety – at various times, it again brought to the fore the persistent gaps in security at even the biggest and most informed companies.

“Organizations must act now to protect themselves, and the Board identified tangible ways to do so, with the help of the U.S. government and the companies that are best prepared to provide safe-by-default solutions to uplift the whole ecosystem,” says a report published by the Homeland Security Department’s Cyber Safety Review Board.

The lesson here for companies is that attackers don’t need to discover new threats or sophisticated methods of penetrating your networks. Using the “same old” low-skill tactics, common tools, and a bit of social engineering, hackers can get around complex security policies such as multi-factor authentication (MFA) and identity and access management (IAM) systems.

Let’s revisit the most prevalent security threats and see how they’re evolving in 2023.

Initial access

Initial access consists of various techniques attackers use to gain access to your network. The process starts with identifying compromised hardware, software, and human assets – both internal and external – by way of scanning and reconnaissance methods. The attacker then chooses the target and method of invasion and leverages the compromised assets to gain a foothold in the victim’s servers or network.

The MITRE ATT&CK framework – a knowledgebase of cyberattack techniques – maintains an updated list of initial access techniques. In 2023, these include:

  • Drive-by compromise – using compromised websites or taking over the user’s browser
  • Exploit public-facing applications – exploiting a weakness in the user’s system such as a bug or misconfiguration
  • External remote services – using a VPN or other access mechanism to connect to the network
  • Hardware additions – connecting new networking, computing, or storage devices to the host network
  • Phishing – sending messages with malicious links or attachments that enable the attacker to gain control of the host
  • Replication through removable media – copying malware to removable media, inserting it into the system, and executing it via autorun features
  • Supply chain compromise – manipulating software product delivery mechanisms to insert malware into the network
  • Trusted relationship – leveraging third-party individuals or organizations that have access to the victim’s systems
  • Valid accounts – using existing user and system accounts to gain access to the network, bypass access controls, and staying undetected

Detection:

Patterns and changes to them are key to detecting fraudulent access. Smart admins will constantly monitor the success and failure of logins, multi-factor notifications, input validations in code, file access, creation and deletion, as well as plugging and removal of media. Every out-of-place event needs to be investigated.

Prevention:

As we’ve seen, there are a multitude of paths attackers can take to enter into your network. User awareness training, strong login credentials with multifactor authentication, updated software that patches and reduces the likelihood of vulnerabilities, and regular testing will help companies prevent adversaries from getting that all-important initial access to their systems.

Website spoofing

Spoofing is a practice similar in principle to phishing but deserves special mention due to the scale on which it is carried out and its continued impact on individuals as well as organizations.

In website spoofing, the attacker imitates a legitimate website or domain name, targets its audience to visit it using different methods, and lies in wait until an unsuspecting user lands on it. Once the victim is on the site, the possibilities are endless.

Imitating popular websites – or domain spoofing, to be precise – is more common than similar attacks such as IP spoofing, email spoofing, MAC spoofing, DNS spoofing, and ARP spoofing because the user experiences visual similarity to a recognized entity.

“Website spoofing takes advantage of naïveté, fooling everyday users who think they are interacting with brands they know and trust. Because of this trust, users are less likely to take a second look at the website’s URL,” says Israel Mazin, CEO of Memcyco, a real-time website spoofing protection platform.

The most recent data available indicates that 62% of all identity attacks leveraged display name deception to impersonate a trusted organization, individual, or brand, typically a vendor or partner. Brands and businesses need to monitor and take proactive steps to prevent domain spoofing.

Detection:

One of the first signs of a website spoofing attack is an unusual or too-good-to-be-true request – such as a special Amazon sale offering 25% discount on the latest model of the iPhone. You know very well it’s not going to happen. However, scammers might add a sense of urgency saying the offer expires in 2 hours, for example. On closer look, you’ll always find that it’s a shortened URL or a URL with a spelling slightly different than the company’s primary domain. A quick Google search should settle it.

Website spoofing puts a bigger onus on the user or individual than the organization for detection.

Prevention:

Nearly 75% of Forbes Global 2000 companies haven’t implemented vital domain security measures, indicating continued widespread susceptibility to domain and website spoofing.

It’s a common misconception that only enterprise domains are spoofed. SMBs and startups are equally at risk. You need to use a reputable registrar and hosting provider. Further, regularly monitor your domain and DNS settings, as well as your website logs for signs of abnormal traffic with unusual referrers or URL modifiers. Implement a Web Application Firewall (WAF) on your web server and Domain-based Message Authentication, Reporting & Conformance (DMARC) for emails.

Data exfiltration

Exfiltration is an umbrella term for the methods attackers use to steal data from the victim’s systems. Once they’ve identified and copied the data they want, adversaries use packaging, compression, encryption and hiding techniques to avoid detection at the time of stealing (transferring) it.

One of the most prevalent and damaging types of attacks – ransomware – relies on data exfiltration. The goal of the attacker is to identify file servers on which sensitive information is stored and then lock it or transfer it out of the network using email or by uploading to external servers. Some shocking ransomware stats:

  • Ransomware accounts for 10% of all breaches.
  • The average cost of a ransomware attack is close to $2 million.
  • A significant ransomware attack will occur once every 2 seconds by 2031.

Detection:

Intrusion Detection Systems (IDS) that actively monitor network for suspicious traffic are the first line of defense against data exfiltration techniques. Traffic to and from unseen IP address ranges, file access at unusual times, major spikes in outbound traffic and outbound connections to external servers via a generic or non-secure protocol are typical indications of exfiltration threats.

Prevention:

In the age of Bring Your Own Device (BYOD) and remote work, preventing data exfiltration needs a comprehensive, well-rounded data security and governance strategy. Using a Security Information and Event Management (SIEM) system lets you collect and converge data from disparate IT environments and touchpoints for real-time monitoring and analysis.

Further, a next-generation firewall (NGFW) will provide an additional layer of defense against newer, advanced attacks by allowing you to monitor all network protocols at all times and blocking unauthorized channels. Finally, use Zero Trust Architecture (ZTA) policies to validate any and all data transfer, compression and encryption activities.

Proactive detection and prevention

In 2023, it is impossible for you to know of all the threats and vulnerabilities out there. It is impossible to know your adversaries. It is impossible to know their approaches. “With the increasing availability of sophisticated technological and social engineering tools, attackers have a higher chance of succeeding – and gaining big – with little risk,” Mazin warns.

A proactive threat detection and response program with user behavior analytics (UBA), regular threat hunting and penetration testing, and pre-emptive honeypot traps will soon be generic components of a typical security strategy, if not the norm.

Cybercrime, Security
Read More from This Article: The changing face of cybersecurity threats in 2023
Source: News

Category: NewsSeptember 29, 2023
Tags: art

Post navigation

PreviousPrevious post:What is a project management office (PMO)? The key to standardizing project successNextNext post:Should finance organizations bank on Generative AI?

Related posts

SAS supercharges Viya platform with AI agents, copilots, and synthetic data tools
May 8, 2025
IBM aims to set industry standard for enterprise AI with ITBench SaaS launch
May 8, 2025
Consejos para abordar la deuda técnica
May 8, 2025
Training data: The key to successful AI models
May 8, 2025
Bankinter acelera la integración de la IA en sus operaciones
May 8, 2025
The gen AI at Siemens Mobility making IT more accessible
May 8, 2025
Recent Posts
  • SAS supercharges Viya platform with AI agents, copilots, and synthetic data tools
  • IBM aims to set industry standard for enterprise AI with ITBench SaaS launch
  • Consejos para abordar la deuda técnica
  • Training data: The key to successful AI models
  • Bankinter acelera la integración de la IA en sus operaciones
Recent Comments
    Archives
    • May 2025
    • April 2025
    • March 2025
    • February 2025
    • January 2025
    • December 2024
    • November 2024
    • October 2024
    • September 2024
    • August 2024
    • July 2024
    • June 2024
    • May 2024
    • April 2024
    • March 2024
    • February 2024
    • January 2024
    • December 2023
    • November 2023
    • October 2023
    • September 2023
    • August 2023
    • July 2023
    • June 2023
    • May 2023
    • April 2023
    • March 2023
    • February 2023
    • January 2023
    • December 2022
    • November 2022
    • October 2022
    • September 2022
    • August 2022
    • July 2022
    • June 2022
    • May 2022
    • April 2022
    • March 2022
    • February 2022
    • January 2022
    • December 2021
    • November 2021
    • October 2021
    • September 2021
    • August 2021
    • July 2021
    • June 2021
    • May 2021
    • April 2021
    • March 2021
    • February 2021
    • January 2021
    • December 2020
    • November 2020
    • October 2020
    • September 2020
    • August 2020
    • July 2020
    • June 2020
    • May 2020
    • April 2020
    • January 2020
    • December 2019
    • November 2019
    • October 2019
    • September 2019
    • August 2019
    • July 2019
    • June 2019
    • May 2019
    • April 2019
    • March 2019
    • February 2019
    • January 2019
    • December 2018
    • November 2018
    • October 2018
    • September 2018
    • August 2018
    • July 2018
    • June 2018
    • May 2018
    • April 2018
    • March 2018
    • February 2018
    • January 2018
    • December 2017
    • November 2017
    • October 2017
    • September 2017
    • August 2017
    • July 2017
    • June 2017
    • May 2017
    • April 2017
    • March 2017
    • February 2017
    • January 2017
    Categories
    • News
    Meta
    • Log in
    • Entries feed
    • Comments feed
    • WordPress.org
    Tiatra LLC.

    Tiatra, LLC, based in the Washington, DC metropolitan area, proudly serves federal government agencies, organizations that work with the government and other commercial businesses and organizations. Tiatra specializes in a broad range of information technology (IT) development and management services incorporating solid engineering, attention to client needs, and meeting or exceeding any security parameters required. Our small yet innovative company is structured with a full complement of the necessary technical experts, working with hands-on management, to provide a high level of service and competitive pricing for your systems and engineering requirements.

    Find us on:

    FacebookTwitterLinkedin

    Submitclear

    Tiatra, LLC
    Copyright 2016. All rights reserved.