Inside the Briefcase

Augmented Reality Analytics: Transforming Data Visualization

Augmented Reality Analytics: Transforming Data Visualization

Tweet Augmented reality is transforming how data is visualized...

ITBriefcase.net Membership!

ITBriefcase.net Membership!

Tweet Register as an ITBriefcase.net member to unlock exclusive...

Women in Tech Boston

Women in Tech Boston

Hear from an industry analyst and a Fortinet customer...

IT Briefcase Interview: Simplicity, Security, and Scale – The Future for MSPs

IT Briefcase Interview: Simplicity, Security, and Scale – The Future for MSPs

In this interview, JumpCloud’s Antoine Jebara, co-founder and GM...

Tips And Tricks On Getting The Most Out of VPN Services

Tips And Tricks On Getting The Most Out of VPN Services

In the wake of restrictions in access to certain...

How to Start Combating Cyberattacks in 2024 NOW

December 8, 2023 No Comments

by Andy Syrewicze, Security Evangelist at Hornetsecurity

Cyberattacks continue to rise, and so organizations must prioritize proper cybersecurity measures now, rather than wait until they become victim to implement them. Hornetsecurity’s 2024 Cyber Security Report highlights what organizations need to be aware of in the year ahead to protect themselves and their employees from falling victim to cyberattacks.

MFA bypass attacks will become more widespread

Attackers are finding ways to bypass or defeat multi-factor authentication (MFA) and two-factor authentication (2FA) via techniques such as fatigue attacks (also known as “MFA bombing” or “MFA spamming”) and “Attacker-in-the-Middle” kits (also known as a “Man-in-the-Middle” attack). These can take the form of phishing attacks through kits like EvilProxy that can break through MFA while avoiding many content-based phishing detection engines through social engineering.

In a fatigue attack, the attacker gains access to the victim’s login details, then relentlessly sends MFA notifications to the user, hoping they eventually approve the login attempt, thus unknowingly giving access to the attacker.

Attacker-in-the-Middle hacks trick the victim into clicking a link that loads a fake but convincing sign-in page for Microsoft 365 or other providers. As the user enters their details, they are passed on to the legitimate sign-in page, and complete the MFA login if it is activated. This results in not only the user being signed in to the legitimate service, but also the attacker, who has grabbed copies of the tokens during this process.

Our findings show that these types of attacks are expected to increase in 2024, so basic MFA implementation will no longer suffice. Phishing-resistant technologies — such as Windows Hello for Business or FIDO 2 hardware keys for all your administrators — are a recommended addition to your cybersecurity arsenal.

Attacks are evolving quicker than ever

Attacks are becoming bolder, more sophisticated and moving faster as threat actors now need less time to initiate their attempts. Cybercriminals have historically had to invest considerable effort to cover spear-phishing attack chains, requiring “experts” to scour the Internet for information about potential victims. Others, meanwhile, were focused on creating and sending out the bait messages or on technically infiltrating the targeted companies and organizations. This is no longer the case.

AI is playing an important role in making these manual efforts obsolete, especially with the rise of generative AI (gen AI). Cybercriminals can use gen AI tools to automate or simplify spear-phishing attack chains. A few pieces of data, such as the email address of a potential victim, are enough for the AI system to search the Internet for further information. Attacks can then be generated much more quickly, and sent to many different target victims.

Organizations must not only install robust security systems,  but must also ensure that employees receive proper, ongoing security awareness training to recognize attempted cyberattacks such as these. It’s every employee’s responsibility — no matter what part of the business they work in — to protect sensitive information as well as themselves.

The importance of the CISO

Falling victim to a cyberattack can be not only a financial detriment but can also compromise a company’s integrity and reputation. This is why a chief information and security officer (CISO) is becoming increasingly key in combating these ever-advancing cyberattacks. According to ZDNet, it’s the CISO’s role to create a strategy that deals with the increasing regulatory complexity, and creating policies, security architecture, and processes and systems that help reduce cyber threats and keep data secure. Compliance is a key element of the role, as is understanding risk management.

The human factor is the greatest security risk for any cybersecurity strategy, and therein often lies a CISO’s biggest challenge. CISOs must set up an efficient company protection strategy by ensuring that every employee understands how to mitigate cybersecurity risks. Ongoing training is required to maintain the attention of the workforce — even a small break of only a few weeks can lead to a significant drop in a safety mindset.

What can you do?

Strategies to combat cyberattacks that might be simple for a company’s CISO and their IT and security team to identify may appear complex to other employees. To that end, it is necessary to keep all procedures as simple as possible so that everyone can follow the strategy and help ensure an organization’s protection is comprehensive.

Identifying security gaps is crucial when planning the overall cybersecurity strategy. This can include:

– Employees’ remote-working environments that may not be secure

– The most frequently used tools, as these sometimes provide the greatest points of attack

– File-sharing settings that anyone may have access to, and can be a gateway for cyber-criminals.

Providing a solution to these security gaps could include additional control tools as well as implementing effective authorization management. These minimal-effort measures help to ensure that only authorized users have access to sensitive data and information, and that, in the event an employee leaves, orphaned data and unneeded user permissions can be quickly eliminated.

Conclusion

Threat actors are expected to continue devising new ways to execute cyberattacks alongside technology advances. It’s on both the CISOs as well as employees to stay ahead of the curve. Companies must invest time, effort and proper care into their cybersecurity setup and procedures to protect their sensitive data and infrastructure.

About the author

Andy Syrewicze, Security Evangelist at Hornetsecurity

Andy is a 20+ year IT Pro specializing in M365, cloud technologies, security, and infrastructure. By day, he’s a Security Evangelist for Hornetsecurity, leading technical content. By night, he shares his IT knowledge online or over a cold beer. He holds the Microsoft MVP award in Cloud and Datacenter Management.

Sorry, the comment form is closed at this time.

ADVERTISEMENT

EASEUS

Gartner

WomeninTech