The security reports being published this April look back at developments in the previous year and highlight emerging trends. 2023 was a particularly eventful year, and the cyber risk trends are presenting organisations with a string of new challenges.
Three major trends caught our attention as we ploughed through the weighty volumes of these reports.
Whereas traditional ransomware attacks known and internationally referenced vulnerabilities (CVEs), this new trend targets flaws that are unknown to manufacturers and for which there is no "security patch" on hand, ready to be installed.
These kinds of ransomware have two distinctive features:
What is most surprising is that these 0-Day vulnerabilities have been used in the past by states for "cyber espionage" or "nation-state sponsored" cyber attacks. Today, they are being sold to the highest bidder.
The second trend that caught our attention revolved around attacks on the authentication of Cloud services. Despite the unanimous voices clamouring for the need for two-factor authentication (MFA), many organisations and users are yet to adopt this approach.
These days, cybercriminals are increasingly targeting the "tokens" that are issued once authentication has been successfully completed. These tokens are often used to improve the user experience by eliminating the need for repeated MFA authentication. It doesn’t take a rocket scientist to work out that, if this token is reused during its period of validity, it will enable the cyber-attacker to obtain the same access with the same privileges as the user or application using it.
So just imagine the risk when using tokens with extended validity!
Attacks on software repositories make up the third and final trend observed.
Programmers are today in the habit of reusing a huge amount of code from the "community" that is made available in these repositories. Just think of Phyton code, .NET libraries, etc., but that’s not all.
It hasn’t escaped the security companies’ notice that cybercriminals have infiltrated these platforms by making malicious code available inside code offered as legitimate. This paves the way for them to compromise the entire software supply chain and conduct attacks throughout the various layers of an organisation.
MCG has set up a cybersecurity technology watch designed to address these new trends and anticipate potential threats to its customers. This monitoring activity allows them to benefit from personalised advice from our team of experts and tailor-made solutions to ramp up their resilience, while continuing to focus on their core business.