Many data breaches today are driven by financially motivated cyber threat actors, and this type of attack prefers targets that have rich personal identifiable information (PII), including financial institutions, hospitals, hotels, airlines, and almost all e-commerce sites.
From an underground economic perspective, PII data can be quickly monetised and resold multiple times. Different data has different buyers, but overall payment information is preferred due to the card-not-present type of fraud. Therefore, sites that process and collect individual payment information typically are more attractive to attackers in this instance.
Threat actors on the hunt for such data and other methods to monetise cyberattacks are keeping pace with how digital transformation is creating new opportunities.
For example, they are continuing their exploration into new methods to monetise compromised IoT devices, beyond IoT botnets and IoT-based VPNs, due to the uncapped profit potential. IoT devices remain a popular target among hackers, mostly because IoT security awareness and education is not as prevalent as it should be, and the number of IoT devices will continue to grow at an exponential rate as 5G develops and becomes mainstream.
Even more significant is how the migration to new cloud architectures opens up new vulnerabilities that are being inadvertently left open to potential abuse. Misconfigurations, such as using default container names and leaving default service ports exposed to the public, make organisations vulnerable to targeted reconnaissance and breaches.
The key to preventing these types of attacks is to never expose a Docker daemon to the internet without a proper authentication mechanism. There is a check list of other measures that need to be followed. For example, never pull Docker images from unknown registries or unknown user namespaces and frequently check for any unknown containers or images in your system.
Cloud workflows also create security challenges. Developers have a lot of power in the cloud, and cybersecurity needs to be able to keep up. The natural trend is to integrate security into the Dev/Ops workflow but in ways that don’t inhibit agility and innovation.
It’s important to not exaggerate new threats – for example, while there’s some cyber-offensive behavior using AI, such as identity impersonation by using deep faking, we are still in the very early stages of seeing the full potential of AI-enabled attacks. On the flipside, there is an increase in cyber defenders using AI to detect and mitigate threats.
Established methods of making money from cyber-attacks are prevalent and proliferating. For example, the rise in ransomware attacks is partly fueled by an increasing number of threat actors selling ransomware, ransomware-as-a-service, and ransomware tutorials.
And finally, perhaps one of the major security challenges is the fact that there are too many devices and security policies in place, making it difficult to monitor and maintain an effective security posture. Prioritising highly automated security solutions that cover multiple environments will increase visibility and control over the entire operational environment by simplifying the management process, reducing costs and freeing up more time to identify the existing pain points and future roadmaps.
For more information on the latest threats and vulnerabilities, head to Unit 42’s blog.