Businesses are under constant pressure to manage risk against cybersecurity threats. Many of these threats pose a low to moderate risk to the business. Some are high-risk or even critical threats. The most dangerous of threats, and one that has been seen increasingly in the first half of 2021, is the ‘Emerging Threat’. A prime example of an emerging threat is the recent Kaseya attack — a supply chain ransomware attack by leveraging a vulnerability in Kaseya's VSA software against multiple managed service providers (MSP), and their customers. And there are many more, like the HAFNIUM Exchange attack, and SolarWinds. Check out this article on more emerging threats to watch out for in 2021.
Characteristics of an Emerging Threat
While there is no specific checklist for classifying an emerging threat, these do generally share one or more of the following criteria:
- Widespread news coverage of the vulnerability or exploit. However, not all emerging threats are news headlines. Often accompanied by urgent warnings from the operating system, hardware, or software vendor.
- Novel critical risk vulnerability - Indicators of Attack (IOAs), Indicators of Compromise (IOC), or patches may not yet be known or available
- Vulnerability is currently being exploited, or there exist clear, publicized steps for doing so
- Older vulnerabilities are being targeted by new ransomware
Declaring the ‘Emerging Threat’
ActZero has a dedicated process for handling emerging threats. We first stand up a ‘Tiger Team’. This team is made up of representatives from many departments across the company including, but not limited to the Security Operations Centre, Data Science and Security Engineering, Product Management, Customer Experience and Marketing. Each team member plays a critical role in ensuring that we investigate, contain, manage and communicate all information as quickly and with the greatest amount of transparency to not only internal stakeholders, but to our customers and partners.
For ways on how to tackle emerging threats, check out our Threat Insight report.