In the ever-evolving geopolitical landscape and cyberattacks increasing exponentially in the recent years as organizations, businesses, and nation-states not only migrate their operations online, but also shift to remote workplace environment, the importance of cybersecurity is coming to the forefront. As digital assets, data, and information become the new currency, the need to protect them and implement appropriate and adequate security measures is paramount.
Each year, VerSprite’s dedicated team of cybersecurity experts monitors new threats, hacker activities, and developments in the geopolitical and cyber world to evaluate and analyze the risks and help organizations to better prepare and protect their assets from digital threats. The team’s findings and recommendations are published in VerSprite’s annual critical cyberthreat report Envisions.
Tony UcedaVelez, CEO and Founder of VerSprite Evolved Security Consulting and author of the threat modeling methodology PASTA, shares his insights into the key issues covered in Envisions 2022.
Many cyberthreat reports focus on specific parts of information security, such as ransomware or privacy. At VerSprite, we felt there was one area not addressed – and that is the geopolitical risk. Geopolitics encompasses governments, government leaders, and political parties that are governing business and daily life for citizens, their protection, welfare, and societal views. All these elements affect individual and collective perceptions of political and social views, and loyalty to the governments. They influence the operations of businesses and organizations.
So, the Envisions report focuses on world events from a geopolitical landscape and relates them to cybercrime. It covers everything from ransomware to insider threats, to evolutionary technology, and emerging patterns in the internet of things. What opportunities do those provide for nation-states, individual hackers, hacker groups, and hacker syndicates to commit a crime? In Envisions 2022, our expert cybersecurity team analyzes those key issues and provides solutions.
Information is the new currency businesses, governments and cybercriminals are seeking. It became very valuable in the modern world. The greater and more detailed the data is, the more opportunities it provides for the sources. It allows businesses to attract and retain consumers, target advertising, and sell better, for example. That’s a constructive reason. Data misuse poses a greater concern.
We see information being used and manipulated to distort perceptions and beliefs, influence voting, political loyalties, and contributions. Data is harvested to benefit those in power and those who employ groups to change the narrative.
So, information use and abuse are going to be one of the major trends affecting business and government.
This is a very complex question. There are many parallel threats. Extortion will continue to thrive, misinformation and misinterpretation will escalate, and persistence in computing environments is another threat with a myriad of threat motives. There are threats that are going to be the breadwinners of either hacker syndicates, individual hackers, or nation-states. These are information compromise, persistence, and account takeover.
As mentioned prior, information is the new currency. Hacker syndicates collect personal, financial, healthcare, business information, etc. There is a market for everybody. Imagine a flea market of information exchange, where hackers sell records for a fraction of a price. So, the more detailed the record is, the richer the data set, and the more value it represents. Collected data goes beyond basic now. It is not only names, addresses, and phone numbers. The data being harvested gets more specific: anything from hobbies, blood types, children’s information, to types of cars people drive, their finances, and affiliations. The list goes on. There is a lot at stake in terms of protecting data for organizations and businesses.
Persistence is another major cyberthreat trend of 2022. There are threat actors that specialize in gaining unauthorized access, or persistence, to the infrastructure of a business or an organization. Once they are in the network, the threat actors can leverage power, defense mechanisms, they can hide their operations and wait to sell the access to the clientele. Organizations may not even be aware of the breaches into their systems until client actors start carrying out their operations.
Another way cybercriminals operate is by having a foothold in platforms that lease out logical space to businesses, such as GoDaddy. These platforms are a perfect playground for hiding illicit activity, sending spam or phishing emails, and running malware that is a part of a bonnet.
Persistence requires minimum effort, but it pays well. So, it has become a constant threat in everyone’s threat model.
Extortion remains a high-level threat. We will see extortion expand its focus onto new industries. Governments, healthcare organizations, utilities, and telecommunications will continue to be prime targets, and only the level of cyberattack sophistication will continue to rise. However, we are expecting critical infrastructure, and even organizations like law firms and data analytics, to emerge as new targets for extortion threats. Cybercriminals will be looking at new industries, which operations they can suppress to get easy money. Organizations need to assess their threat risks and make sure their networks are prepared.
Along with the changes in cyberthreats, we are starting to see the evolution of the threat actor. For example, a nation-state or a government entity may have motives around the information compromise, so that citizens can be tracked against political affiliations, possible terrorist collusions, ideologies counter to a political party that may influence social stability, etc. Furthermore, the interest in intellectual property theft by nation-states is a growing concern in the current geopolitical landscape.
I strongly believe that organizations and businesses must adopt a non-technical and non-negotiable mindset to be better prepared for current and emerging cyberthreats. In the 16 years of VerSprite’s existence, one issue remains constant – the disregard for basic security hygiene as it relates to products, services, and corporate IT. Unfortunately, many executives and leaders still see security as simply a roadblock or a hurdle to get over to appease lawyers, customers, or auditors. However, it’s a wrong perspective, which can easily lead to losing an entire business.
One of the first steps should be changing such perspective and mentality. It begins with board members and C-suite managers understanding that the bare minimum cannot be an adequate defense from hacker syndicates and nation-states, which might be well-funded, or even individual loan wolf hackers. The reality is cybercrime is a crime that pays, so cybersecurity and data protection must be taken seriously.
Improving your company’s baseline security should start with remediating the still prevalent flaws, such as weak passwords and poor password management, implicit trust in data and application architecture, accessible information due to poor design, or no encryption between API calls. Cybersecurity is necessary for successful business continuity, as well as for making sure your company spends more time engineering better services and products, and less time dealing with lawyers and auditors.
VerSprite’s team of cybersecurity experts monitors events and incidents throughout the year. Their comprehensive analysis is then compiled into our annual Envisions threat report.
The goal is always to inform businesses and organizations and provide them with the latest information on current cyberthreats, as well as the best strategies to structure their operations to minimize the threats.
Our company aims to educate both clients and peers in the industry. Since VerSprite’s inception 16 years ago, we have done adversarial exercises and security program management. Today, we have six different lines of business. VerSprite’s teams specialize in offensive security efforts, security research for hire on 0-day and N-day exploits, and conduct threat intel analysis. Our DevSecOps provide security automation for clients, and governance risk and compliance team (GRC) focuses on building, managing, and optimizing security programs for our clients’ organizations.
Our combined experience allows us to conduct such extensive critical cyberthreat research every year. We hope, this Envisions report helps not only to inform on current trends fueled by the evolving geopolitical risks, but to factor in some key items that need to be addressed in any security programs playbook.