Attack Techniques of Cyber Threat Actors in Recent Times

Nowadays cyber threat actors use techniques to hide from detection and protection systems while causing harm to an organization. They use multiple techniques comprising simple masquerading tactics or complex procedures of unclearness and confusion to mislead security solutions.

The present world’s cyber threat actors are no longer concentrating on doing the maximum possible damage; they are trying their best to remain undetected. They have adopted new techniques including defense evasion, triple extortion, wiper malware, supply chain attack etc.

Let’s look at each of them in detail and see why they are so difficult to defend against as well as what organizations can do to improve their odds.

Defense Evasion

The present-day cyber threat actors leave no stone unturned to keep their attacks as hidden as possible. One of the tactics they use to prevent getting caught is through a method called defense evasion. As per recent research, in 2020, defense evasion emerged as the most harmful security threat, registering over 57% of all IoC (Indication of Compromise) alerts. The rise of defense evasion among cyber threat actors is majorly because of better detection and protection technologies. The detection and protection technologies are so rigid that threat actors are in a situation to find some way of overcoming security controls.

Techniques employed for defense invasion comprise uninstalling/disabling security software or obfuscating/encrypting data and scripts. Adversaries may also deploy and abuse trusted processes to hide their malware.

Triple Extortion

Ransomware is not a new concept. However, the tactics, techniques, and procedures (TTPs) implemented by threat actors have become highly sophisticated over the past few years. With the rise in sophistication, there is the concern of safeguarding networks against expensive attacks such as triple extortion.

Traditionally, ransomware attacks comprised a single point: a victim encountered a ransom demand in return for the decryption key to unlock their systems and data. This scenario has changed since 2019 wherein there emerged a capability to lock down systems and exfiltrate data simultaneously. This is called double extortion, and there was the threat of stolen data being published online that became the advantage of criminals who looked for more ransom payments. Developing on double extortion, cyber attackers have added another layer to ransomware attacks. The crux is reansoware attack doesn’t just stop at the initial target. Triple extortion means that the ransom demands may also be targeted at a victim’s clients or suppliers.

Wiper Malware

The goal of the malware in wiper malware is to wipe the hard disk of the victim’s system. Wiper malware’s main purpose is to destroy data. The information is made unavailable after erasing the data from any storage device. The major difference between wipers and ransomware is that it is impossible to retrieve the impacted information once a wiper attack happens. Attackers deploying wipers do not generally look out for financial reward but attempt to disrupt the victim’s operations as much as possible. However, with both these types of attacks the victim relies on the backup system to recover after an attack. The essence in such types of attacks is that the victim appropriately identifies the attack they have encountered. If not, they may pay the ransom without any chance of retrieving the lost data.

The wiping techniques engaged by the attacker are overwriting files, encrypting files, overwriting Master Boot Record (MBR) of the disk, overwriting Master File Table (MFT) etc.

Supply Chain Attack

A supply chain attack is a form of cyberattack where an organization is breached by means of vulnerabilities in its supply chain. These vulnerabilities are generally connected to vendors with poor security postures. Vendors need access to private data to connect with their users. Hence if a vendor is breached, the user could also be considered to be breached thanks to the shared pool of data.

Digital attack surfaces are quickly evolving with an increase in cyberattack attempts. Threat techniques and tools are advancing constantly. Organizations should follow best practices to combat the above-mentioned threats. These can include keeping patches up-to-date, using anti-ransomware tools, securing privileged access management, executing a zero trust architecture, identifying all potential insider threats, minimizing access to sensitive data, monitoring the IoCs associated with the attacks, etc.

The threat posed by threat actors shows that organizations should evaluate what steps they can take to make themselves combat such attacks. For example, in case of supply chain attacks, they should gauge how to safeguard themselves when one of their suppliers unknowingly becomes victim to a harmful cyber campaign.

Though threat actors are not only becoming more sophisticated but also rising in numbers, cloud-based security solutions including endpoint detection and response have made a great transformation with regard to fighting the odds. The key is organizations should maintain up-to-date threat intelligence and build and establish an effective cybersecurity strategy.