Cybercriminals are transitioning from a “smash ‘n grab” approach to a stealthier strategy, spending more time comprehending victim environments, extracting a greater amount of data, and aiming to maximize their profits per attack.
This shift indicates that cybercrime has become increasingly sophisticated and potentially more harmful. The past cybercrime to a quick street theft states that today’s attackers are more like robbers who not only snatch your bag but also take your car, address, and house keys.
Attackers have adapted because organizations have improved their data backups, so attackers turned to extortion and stealthy lateral movement to access more of the environment. The longer attackers remain inside an organization, the higher the cost to remediate, which could lead to scrapping and rebuilding the entire environment.
To hide in plain sight, attackers are increasingly “living off the land,” using legitimate business software to blend in. They rely on embedded applications like PowerShell and DLL files for lateral movement, making detection more challenging. De Kok recommends a layered risk mitigation approach, including comprehensive visibility of the environment, threat intelligence vendors, external system security, network segmentation, multi-factor authentication, and a journey towards Zero Trust Network Access (ZTNA).
Using deception technologies like FortiDeceptor to deter attackers and centralizing logging is a “quick win” to improve security posture.
Implementing the right security measures and leveraging deception technologies can significantly enhance an organization’s defense against cyber threats.
By Dale de Kok, Systems Engineer at Fortinet Southern Africa