Cybercrime campaigns and high-profile advanced persistent threat groups are shifting how they target victims and focusing more on intricate relationships with “secure syndicate” partnerships to disguise activity, according to the latest 2019 Cyber Threatscape Report from Accenture.
The report has discovered five factors that are influencing the cyberthreat landscape:
- Compromising geopolitics: New threats emerge from disinformation and technology evolution Global businesses may find themselves in the crosshairs as geopolitical tensions persist. As cyberthreat actors take advantage of high-profile global events and seek to influence mass opinion, these actors will not only sustain current levels of activity but also to take advantage of new capabilities as new technologies enable more-sophisticated threat TTPs.
- Cybercriminals adapt, hustle, diversify and are looking more like states. Despite high-profile law enforcement actions against criminal communities and syndicates in 2018, the ability of threat actors to remain operational highlights the significant increase in the maturity and resilience of criminal networks in 2019. Analysis indicates conventional cybercrime and financially-motivated, targeted attacks will continue to pose a significant threat for individual Internet users and businesses. However, criminal operations will likely continue to shift their tactics to reduce risks of detection and disruptions. They could also attempt to maximize the return on effort in several ways such as: shifting away from partnerships to operating within close-knit syndicates; taking advantage of familiarity with the local environment; increasing the precision of targeting by using legitimate documents to identify likely victims before delivering malware; or selling and buying direct access to networks for ransomware delivery rather than carrying out advanced intrusions.
- Hybrid motives pose new dangers in ransomware defense and response. The ransomware threat will be exacerbated further by the sale of access to corporate networks—through which an attacker can deploy ransomware on a corporate-wide scale—and the potential of ransomware with self-propagating abilities (such as WannaCry) to reemerge could pose a significant threat to businesses, particularly those with time-critical operations. While the motives behind such an attack may appear to be financial, targeted ransomware attacks may at times serve hybrid motives, whether financial, ideological, or political. Regardless of motive, while the ransomware threat remains, organizations must ensure they take adequate measures to prepare, prevent, detect, respond, and contain a corporation-wide ransomware attack.
- Improved ecosystem hygiene is pushing threats to the supply chain, turning friends into frenemies. The global interconnectedness of business, the wider adoption of traditional industry cyberthreat countermeasures and improvements to basic cybersecurity hygiene appear to be pushing cyberthreat actors to seek new avenues to compromise organizations, such as targeting their supply chains—including those for software, hardware and the cloud.
- Life after meltdown: Vulnerabilities in compute cloud infrastructure demand costly solutions. The discovery of multiple side-channel vulnerabilities in modern CPUs over the last two years could pose a high risk to organizations running their compute infrastructure in the public cloud. Adversaries can use this class of side-channel vulnerabilities to read sensitive data from other hosts on the same physical server. Mitigations are available for most platforms, cloud deployments, and software. However, most of the mitigations come at a cost of reduced performance, leading to a potential increase of compute costs for enterprises.