IT security teams battle deepfakes, API attacks and burnout
Emerging threats, including deepfakes and API attacks, are compounding security challenges for organizations, while geopolitically motivated attacks and lateral movements within networks are on the rise.
These are some of the findings of VMware’s eighth annual Global Incident Response Threat Report, which found lateral movement in a quarter of all attacks.
Cybercriminals leverage everything from scripting hosts (49%) and file storage (46%), to PowerShell (45%), enterprise communication platforms (41%) and .NET (39%) ) to move on the networks.
Defend against deepfakes
Additionally, malicious actors have turned to deepfakes to evade security checks, with email being the primary delivery method.
Related: A New Twist on a Classic Type of Social Engineering Attack
“Deepfakes present a challenge for security leaders, but defending against them is like defending against other social engineering attacks – it starts with education,” said Rick Holland, CISO and Vice President of strategy at Digital Shadows, a provider of digital risk protection solutions. .
Holland calls it “a game of cat and mouse” between deepfake perpetrators and deepfake detection technology and said humans would be the last line of defense.
“Educate employees about the threat of deepfakes and how to spot them,” he said. “Employees should independently verify communications just as you would a suspicious email.”
According to Mike Parkin, senior technical engineer at Vulcan Cyber, a software-as-a-service (SaaS) provider for enterprise cyber risk remediation.
“How to fight deepfakes depends on how they are deployed, with user training being one part of the puzzle and a process built around verifying sources another,” he said.
Spoofing is a key part of phishing and social engineering in general, said John Bambenek, principal threat hunter at Netenrich, a SaaS security and operations analytics company.
“If I can make a video call as a CFO who looks and sounds like the CFO, I’m capable of initiating fraudulent financial transactions,” he said. “Every sensitive transaction, financial or otherwise, must be verified with an out-of-band method.”
Lateral motion detection
Bambenek also pointed out that lateral movement is present in almost all modern attacks – whether it is detected or not is an open question.
“Attackers rarely achieve their end goal in their rapid fire on an environment,” he explained. “While an organization’s defenses might be hoped to detect lateral movement, there’s a whole spreadsheet of MITER ATT&CK techniques that also can’t be ignored.”
Related: Ransomware Security for IT Pros
Holland agrees that lateral movement isn’t the new battleground — it’s the battleground, with malicious actors “living off the land” using legitimate tools for over a decade.
“Defenders must have full visibility to detect actors moving inside their network using legitimate tools,” he said.
Burnout, a serious problem among IT security professionals
The changing nature of threats and their growing complexity are increasing burnout among IT security professionals, according to the study, with nearly half (47%) of 125 responders surveyed admitting to experiencing burnout or extreme stress during course of the last 12 months.
It’s been “the year of the breach” for more than a decade, and the threat landscape has been particularly overwhelming since the SolarWinds cyberattack in 2020, Holland said.
“Defenders need to get time outs and leaders need to actively work towards that goal,” he said. “Managers need to lead by example and take time for themselves – don’t model the PTO then connect, release and email. Employees need to know that it’s okay to take time and rejuvenate.”
From Bambenek’s point of view, there is simply too much work and not enough people to do it.
“As an industry, we need to create a talent pool and remove any unnecessary barriers to entry,” he said. “We also need to embrace safe automation that allows existing professionals to get more done in less time. Finally, work-life balance needs to be emphasized – force your security staff to take their PTO.”
IT security teams deploying virtual patches
VMware’s report also indicates that responders are using new tactics to combat the onslaught of attacks, with three-quarters of respondents saying they deploy virtual patches as an emergency mechanism.
Virtual patches help fill a gap until a “real” patch can be developed and deployed, according to Parkin.
“It falls under the rubric of ‘compensating controls’ and can be quite effective, although the best defense is to secure applications,” he said.
Virtual patches have been around for a while, dating back to intrusion prevention systems and web application firewalls, Holland said.
“It’s easy to preach from the ivory tower ‘You gotta patch,’ but in the trenches patches aren’t always available, and even when they are, it can take time to test and deploy the patches. patches in production,” he said. said. “Any mitigation that saves more time is worth considering.”
About the AuthorNathan Eddy is a freelance writer for ITPro Today. He has written for Popular Mechanics, Sales & Marketing Management Magazine, FierceMarkets, and CRN, among others. In 2012, he directed his first documentary film, The Absent Column. He currently lives in Berlin.