There are the threats you know of. Then, there are the threats you should actually be defending against.
Right now, some people think that these are the big cybersecurity monsters:
- Distributed denial-of-service (DDoS): your website, server, or network is overwhelmed by a flood of malicious Internet traffic.
- Brute force: an oldie, but a goodie. These attacks try combinations of usernames and passwords over and over until they find something that works, gaining access to your system.
- ‘Man in the Middle:’ a malicious actor secretly relays and/or alters communications between parties who think they are communicating directly with the other.
- Worms, trojans, and other command-and-control attacks: all the various kinds of malware that can damage, disrupt, or steal data from your networks.
Are these dangerous? Sure. They’re not to be taken lightly. Yet, these are just the old veterans of cyber threats. New, stronger soldiers have taken to the field that are more adaptable to your defenses.
Prevention technology was architected to fight these older kinds of attacks, not the new ones. Just as the threat has evolved so must our cybersecurity postures. No longer is anti-virus and firewall sufficient. To combat these new Big Bads, cyber defenders have pivoted to a strategy predicated on detection and response.
What Are These New Threats?
First, let’s talk about the cloud. While moving to the cloud might protect you from the “old guard” threats, you’re ignoring the new ones you open yourself up to.
You can’t rely on merely constraining your active directory users and assuming that protects your systems. We all know that most people reuse passwords across multiple apps and that few have bothered with two-factor or other multi-factor authentication. And let’s not even talk about all the password scribbled on sticky notes hanging off people’s monitors… But, those are still old attack vectors. These days many organizations rely on a variety of cloud-based services (like SaaS apps) that have inadvertently expanded the attack surface for malicious actors to exploit.
Today’s hackers will use APIs to get at you through the cloud. And they won’t even have to decrypt anything to gain access. This is the new man-in-the-middle attack. Cloud APIs are designed to facilitate the data access and integration that makes the cloud such an attractive, affordable option for many businesses. Unfortunately, these APIs also present vulnerabilities that can be exploited by bad actors. The most common weaknesses include broken authorization and authentication functions, security misconfiguration, and excessive data exposure, amongst others. Defending against attacks via API requires strong authentication and access control, alongside encrypted transmission.
Another new attack vector to consider is fileless malware. Forget Emotet malware or Ryuk ransomware that enter your system via spam email—fileless malware is their nastier cousin. Fileless attacks use legitimate programs to infect a computer and spread throughout your system. Because these attacks don’t rely on files and are only in memory for a moment, they are like a ghost in the system, leaving no footprint and being difficult to detect and remove through traditional endpoint detection and response (EDR).
Perhaps the biggest new Big Bad out there is the new generation of ransomware attacks. These pose as legitimate functions, rendering them invisible to your standard anti-virus. PowerShell hacks, command prompt hacks, trojans that steal passwords without guessing - There’s a whole swath of scarier, more sophisticated trojans bearing down on you (not to mention the ambitious hackers behind them) that old school tools like anti-virus won’t detect. To these older tools, these attacks look like legitimate system business, such as an admin performing functions.
How ActZero Can Help
So forget what you think you know about cyberattacks, because threats are evolving continuously and will outpace your old school defences every time. You need to keep pace with the new generation of threats. We think the surest way to do that is with the ActZero Managed Detection and Response (MDR) service. We ingest logs from your prevention technology to catch indicators of compromise they missed, and respond to them. We also look to the latest threat intelligence feeds to detect the newest documented threats. Finally, our sensors operate at the kernel level on your endpoints; so we can see the outcomes of processes, assess whether they’re malicious, and respond appropriately - that’s how we can stop zero-day threats. Scaled to small-and-medium-sized businesses, our MDR’s single-minded purpose is to keep your business ahead of the bad guys. Find out more here.