Fortinet
Fortinet

Current events change daily and shift with the times—what is hot in the media one day is old news the next. Lately, ransomware has been the hot topic of the day. A quick search of “ ransomware ” will get about 32 million results. Organizations, as well as supply chains, have been blind-sided with new, sophisticated, and frequent tactics, causing CXOs and IT teams to scramble for protection and remediation. It may seem that cyber adversaries are running with the ball unobstructed toward the end zone, but it’s time to block and tackle them before they get yet another touchdown.

Looking at the big picture, we are seeing an increase in effective and destructive cyberattacks that affect thousands of organizations in a single incident. FortiGuard Labs data shows the average weekly ransomware activity in June 2021 was more than tenfold higher than June 2020. This reveals a consistent and overall steady increase over a one-year period. Attacks have crippled supply chains, impacted daily life, and hurt commerce more than ever before. This has created a crucial inflection point for our continued war on cybercrime.

Now more than ever, everyone in an organization has an important position to play in strengthening the cyber kill chain. With attacks coming from all angles, there are a lot of things in play to focus on. But not to panic—there are steps you can take—huddle to strategize a predictive game plan, and get a more granular strategy to take control of cyberattacks.

It’s Not Enough Anymore to Just Hold the Line

Being in a constant reactive and responsive state of remediation can help to halt breaches and attacks from pervasive damage, but it’s not enough to be on defense all of the time. Being better prepared with a preventive stance to stave off potential attacks can bolster an effective offensive strategy. There is an obvious focus on defense evasion and privilege escalation tactics; and although these techniques are not novel, with more timely knowledge, defenders will be better positioned to secure against future attacks.

Time Out

We are at a true inflection point when it comes to who is going to carry the ball in cybersecurity. We’re at a point of no return; there is certainly no ignoring cyberwarfare anymore. This is your time to do what you can to uncover what you need to solve against to then be able to fortify against it. Look at your risk assessment and measure things granularly—attackers are concentrating on places you’re not even looking at.

A Predictive Game Plan

Being one step ahead of cybercriminals means getting into their minds and looking at the big picture from their eyes. What is it they are after? Where is their easy entry point? Where will they go and what will they do if (once) they get in? Think of ransomware as a way they do something to you, but you also need to know what they’re doing to you once they get in.

Studying threat actor techniques in real-time can provide valuable guidance on where to focus your efforts. FortiGuard Labs analyzed specific functionalities inherent to detected malware by detonating the samples to see what the intended outcomes were for cyber adversaries. The result was a list of negative outcomes malware would have accomplished if the attack payloads had been executed in their target environments. Cyber adversaries sought to escalate privileges, evade defenses, move laterally across internal systems, and exfiltrate compromised data. Studying this higher resolution threat intelligence gives us incredibly valuable takeaways about how attack techniques are currently evolving. For example, 55% of observed privilege escalation functionality leveraged hooking, and 40% utilized process injection.

If we focus on what is important to cyber adversaries, we can hone in to predict what and where they might attack next. An offensive strategy gets the ball across the line more often than a defensive one does.

Automated threat detection and artificial intelligence (AI) remain critical tools in enabling organizations to address attacks in real-time and to mitigate them at speed and scale. SD-WAN will also play a major role in both evolving and securing networks as the edge expands along with a zero-trust access approach. In addition, cybersecurity user-awareness training is as important as ever, with home workers and students, not just organizations, being targets of cyberattacks. Everyone could use some instruction and education on best practices to keep individuals and organizations secure.

Move the Goal Posts

There are steps you can take to control your own situation, take control of the ball as well as the game. From the information we gather through threat intelligence, collaboration with law enforcement, and our own research, we know that some main adversarial aims are to escalate privileges while evading defenses and detection, then to move laterally across internal systems and exfiltrate compromised data. Knowing vulnerable infiltration points and the direction of progress and the steps they take from there will help us to prevent attacks before they gain entry.

We are at a point in history when we need to come together and decide as a society if we going to run the cybersecurity game on defense or offense—are we going to let it be handled by the experts, or as a country, as a nation, as a public good? Beating cyber adversaries at their own game takes strategy and determination, and with those and the right equipment, you can be the one dancing in the end zone.

Find out more about how Fortinet’s Training Advancement Agenda (TAA) and NSE Training Institute programs, including the Certification Program , Security Academy Program and Veterans Program , are helping to solve the cyber skills gap and prepare the cybersecurity workforce of tomorrow.