What will prove to be the biggest challenges that organisations face throughout this year? Where will the most devastating attacks come from? And how do they keep sufficiently well informed, in order to defend themselves? With threats rising year on year, keeping up with general risk mitigation eats away at time and budget, leaving little capacity to devote a single resource, let alone a whole team, to conduct independent threat intelligence research, according to Emily McMeeking, BSS.

"With targeted ransomware-related data leaks at an all-time high (an 82%1 increase from last year) and interactive intrusion campaigns rearing their ugly head at every turn, organisations must deploy strong defences, including a layered security strategy," she argues. "This includes up-to-date malware and vulnerability protection, employee training and security awareness, and a robust incident response plan. Keeping informed around the latest threat intelligence and regularly reviewing your security posture is pertinent to ensure organisations are prepared for the worst possible outcomes."

For smaller organisations especially, seeking out threat intelligence can seem like an overwhelming task, adds McMeeking. There are, however, steps that all organisations can take to ensure they are well equipped:

1. Monitor the dark web: Monitoring the dark web can provide valuable insight into emerging threats, malware, and other malicious activities
2. Utilise threat intelligence platforms: Companies should use threat intelligence platforms to collect and analyse data from multiple sources, including blogs, news sites, and social media
3. Purchase intelligence feeds: Companies can purchase intelligence feeds from vendors to get up-to-date information on threats and vulnerabilities specific to their sector
4. Develop partnerships with other organisations: Developing partnerships with other organisations can provide access to more intelligence resources, as well as information-sharing networks
5. Monitor the open-source community: Businesses should monitor the open-source community to stay informed on emerging cyber threats and vulnerabilities
6. Invest in a security operations centre (SOC): Security operations centres provide real-time monitoring and analysis of external threats and can be used to detect, investigate, and respond to threats.

"There is no centralised source of threat intelligence and the quest for the best intelligence starts with your information security team," McMeeking further comments. "It's about being proactive and involved in the wider cyber community, and collating information from a myriad of accessible resources and making informed decisions as best we can."

HACKING TECHNIQUES COMMODITISED
"What threat lessons learnt from 2022 can help us in 2023?" asks Dr Basil Philipsz, CEO, Distributed Management Systems.

"At first sight, a depressing expectation is that the inevitable human frailties will persist, allowing social-engineered phishing attacks. SlashNext's analysis during six months of 2022 in the US found over 255 million attacks."

"76% of threats were targeted credential harvesting attacks - data breaches on Twilio, Cisco and Uber all started with credential theft. Armorblox described the Instagram attack that bypassed native Microsoft email security controls and both SPF and DMARC checks.

"It is noteworthy that hacking techniques are increasingly becoming commoditised. Netscout remarked that outsourced DDoS attacks were available for $7,000, with guarantees of 100 concurrent attacks at one million packets per second. Such DDoS attacks present a great prelude to a phishing attack," he states.

"Adding multi-factor authentication (MFA) is the recommended way to strengthen credentials, but there is still vulnerability exposure from 'Man-in-the-Middle' attacks. The most difficult technical part - having a Reverse Proxy Server to exactly shadow the Target - is now available at Github. Moreover, there are YouTube guides to instruct you to install and operate such software as Modlishka, Muraena/ Necrobrowser and Evilginx2. All you need to do is buy a domain and a certificate," advises Philipsz.

In 2022, Microsoft fully released WebView2, which enables full web technologies into native apps. "As often in the case of a new powerful technology being available, a new powerful exploit-ation followed. 'Man-in-the-Browser' malware on the client utilising WebView2 functions could exfiltrate authenticated cookies after the user pressed their Yubikey!"

Revenue growth in companies offering Privileged Access Management was a welcomed happening in 2022, he adds. "Most use a vault containing the privileged credentials, so the choice of MFA for vault access should be carefully considered - MFA software-only solutions should be deprecated."

TALENT QUEST
Finding and retaining talent, and staying mission focused, will be a major challenge, says Alistair Thomson, innovation lead at Adarma. "However, Cyber Extortion, Initial Access Resale and Business Email Compromise are the top three most prevalent attacks now facing the UK business community across all sectors. They are so lucrative that criminals keep upping their game to increase profits. On top of these well-known attacks, security curve balls get thrown every year. 2023 will be no different and, if you are well prepared, your team will be able to work through it calmly and efficiently."

While these adversary tactics are not new, cyber criminals continue to refine and evolve their attack strategies to become more targeted and increase their success rate, he adds. "In addition, the increased professionalism of cyber gangs and the emergence of 'X-as-a-service' has made it easier to launch an attack, which has contributed to the uptick in these types of attacks and an escalation in ransom demands. A key trend we've observed is that attackers are moving from targeting online services to targeting the data and backend services that support critical business functions.

"Now, there's a much greater focus on compromising third-party service providers, professional services, and insurance providers to better inform targeting or gain access to victims with hardened systems. We have also seen an increased focus in tampering with Endpoint Detection and Response processes and configuration."

There has been a real market boom in Initial Access Resale, points out Thomson, driven by a combination of elevated demand and an abundant supply of access. "This increase in demand can be linked to structural changes in the ransomware ecosystem, while the increase in supply can be largely attributed to the continued exploitation of infrastructure and services deployed during the pandemic. It is clear that the IT security controls of many organisations are still catching up with the rapid tactical changes made during the Covid pandemic. Initial Access Brokers quickly adapted to exploit such weaknesses, most noticeably in the cloud, where poorly defended Office365 and Google Workspace services provided rich pickings.

"Cyber criminals are always fine-tuning their tactics and malware, so it's key that your threat intelligence is as equally dynamic, so your defenders can stay one step ahead. Start by being very clear about your needs. There's a lot of fascinating, but ultimately irrelevant, threat intelligence reporting out there. My advice would be to seek out sources that give you pragmatic, relevant and timely information that you can actually use to defend your business."

US-EU STRIKE KEY DEAL
Meanwhile, a first-of-its-kind artificial intelligence agreement has been sealed between the US and European Union. The announcement was made by the White House National Security Advisor Jake Sullivan:

"This collaborative effort will drive responsible advancements in AI to address major global challenges with a joint development model and integrated research to deliver benefits to our societies through five key areas of focus: Extreme Weather and Climate Forecasting, Emergency Response Management, Health and Medicine Improvements, Electric Grid Optimization and Agriculture Optimization.

"Together, we are confident the results of our research will extend beyond our partnership to benefit additional international partners and the global science community. Today's announcement also builds on the vision set forth in the Declaration for the Future of the Internet (DFI) for an open, free, reliable, and secure Internet and digital technologies around the world. We look forward to deepening our cooperation with the EU through this initiative."

WINDOW TO THE FUTURE
Comments Robin Röhm, CEO and co-founder of Apheris: "This agreement is a window into the future for collaboration between governments on artificial intelligence. Moving data across geographical boundaries is often impossible - in particular when it comes to highly sensitive or security critical data - and is frequently prohibitively expensive with large datasets.

"However, with significant questions around trust and ethics, this announcement is likely to see growing calls for AI to become regulated. Effectively measuring and reducing the risk of AI development and deployment is starting to become a key priority of governments and large enterprises."

Röhm welcomes how the US and EU are laying the foundations for a federated infrastructure that "leaves data where it resides and doesn't rely on sharing, which paves the way for accelerated AI adoption in a cost-effective manner. What we are seeing here at a governmental level is what the most advanced organisations have started to work on over the past few years.

"Many global corporations find they cannot move their own data or the data of their partners across boundaries and turn to federated machine learning and analytics as the solution."

1 Crowdstrike. (2022, December). 2022 Global Threat Report. https://go.crowdstrike.com/rs/281-OBQ-266/images/Report2022GTR.pdf