What’s happening in cybersecurity in 2023
It’s proving to be a year where companies truly can’t afford to relax their security posture. If anything, threat actors are becoming more innovative and more persistent in their forms of attack. This means companies need to have more advanced and specialized skills to prevent vulnerabilities from being exploited. The reality is that the tiniest gaps can create an access point to systems for threat actors to exploit in multiple ways.
A perfect example of this is the Coinbase data breach that occurred earlier this year despite the company having a relatively robust security posture. Threat actors launched an SMS Phishing (smishing) attack targeting several employees. One employee fell for this, logging into a fake web page which had been created to capture credentials. The employee was then sent follow up messages thanking them for logging in and instructing them to ignore further messages as an attempt to get around multi-factor authentication.
Fortunately, this made the employee suspicious and when the authentication messages came through, the employee declined them, hindering the threat actor’s ability to gain deeper access into the company system. Frustrated the threat actor then attempted a more direct approach by calling the employee, pretending to be from the company IT department, and asking them to log into the workstation and follow specific instructions. This had the employee second guessing themselves. Maybe it was a genuine request from the IT department? Would an attacker really be bold enough to call?
Meanwhile an alert was issued 10 minutes into the attack and when the genuine company security team reached out to the employee asking about the suspicious activity originating from their account, the employee, realizing they were being manipulated, immediately shut off contact with the threat actor.
The lesson to be learned here is that while the attacker had been able to dupe the employee into providing initial access, the additional security mechanisms in place had thwarted a potentially much larger breach. The damage to Coinbase was limited to a small amount of employee information being compromised from its database. Additionally, the rapid response prevented loss of funds or customer information.
It was a near miss showing how determined threat actors are becoming. Especially when targeting crypto currencies. Worst case scenario is that it could have been a repeat of the $620 million theft that resulted from the Axie Infinity Ronin Bridge hack back in March 2022. Even though some of those funds were recovered by the US treasury and more recently by the Norwegian police agency, it’s not slowing down cyber-criminal activity in the least.
What’s the best defense for companies?
It’s clear that the methods being used to try to breach systems are becoming more targeted and more persistent. For companies to stay ahead of threats and avoid being an easy target, they need access to specialized cybersecurity expertise and technology that can help them develop and maintain a robust security posture.
The examples above highlight how complex and persistent attacks have become. Companies need to consider a multi-faceted approach that involves protecting company data, protecting networks and systems, and protecting individuals. This helps limit risk so that if a threat actor successfully manages to unlock one door, it doesn’t grant them access to everything. There are still other safety mechanisms they can try to circumnavigate. It may not be enough to deter them entirely, but at the very least it buys the company time to identify, quarantine, and respond to the threat.
Another critical element is having access to the right expertise – this is where a managed solution with a security partner is extremely valuable. A security specialist such as Logically works across multiple industries, seeing various different methodologies that threat actors use. Companies may believe they have a robust security posture, but won’t really know until it’s put to the test. Having insight into different types of attacks and how they’re evolving helps build a knowledge base to stay steps ahead of threats. This is primarily achieved through security experts continually learning from monitoring systems and responding to attacks. Do you have a topic you want to discuss, or just want to learn more, you can reach us here.
Buddy Pitt, Virtual Chief Security Officer (vCSO)