A curious parallel can be drawn between cybercriminals and the intriguing phenomenon of Cicadas. Akin to the periodic insects that emerge from the ground after years of dormancy, cybercriminals often resurface with renewed vigor, unleashing their disruptive activities on unsuspecting organizations.
Periods of apparent dormancy may be followed by sudden bursts of attack activity, catching organizations off guard. These digital malefactors lay low during these dormant phases, adapting to evolving security measures and refining their techniques in the shadows.
Cybercriminals search for application, server, and network vulnerabilities to infiltrate organizations. They exploit flaws in software code to access systems and conduct illicit operations, pretending to be legitimate users. They will readily use an exposure path as an entry point to penetrate a system. They use many other tactics, including social engineering, such as business email compromise (BEC), DNS spoofing, phishing, spear phishing, and other traps, to lure employees or customers into revealing sensitive information or installing malware. They also use web scraping bots to extract content and data from websites and replicate the website content elsewhere for their nefarious purposes.
HIDING IN PLAIN SIGHT
Cybercriminals can remain hidden inside an organization’s digital infrastructure for months and even years. Their goals vary from conducting reconnaissance for future attacks, exfiltrating data, and extorting money from their victims.
One of the ways that cybercriminals hide in plain sight is by concealing malicious data within legitimate files. They embed data inside images, text, and audio files, making them look normal to avoid detection. To find these anomalies, corporate defenders use specialized security products and tools that look for file size changes. They can analyze hidden data within text files, shroud information inside images and videos, and modify audio signals within audio files to discern abnormalities.
Cybercriminals also use stolen or legitimate cloud services to host malicious or deceptive websites and malware downloads, coordinate botnet traffic, and temporarily store stolen data. They employ encryption, obfuscation, and proxy services to hide their identities and locations. For example, bad actors secretly exploit vulnerabilities or exposures in healthcare information systems and medical devices. They also target critical infrastructure, such as energy plants, transportation systems, or water treatment plants, to cause disruption, damage, or ransom demands. No industry is immune to their scourge.
Timing can be very strategic to unleash their malicious payloads at a time that meets their objectives. They monitor their targets’ security posture, network activity, and response capabilities to find the optimal moment to strike. They may wait for a specific event, such as a holiday, a natural disaster, or during a crisis or political tension, to maximize the impact or the likelihood of payment.
Cybercriminals continuously evolve their tactics, techniques, and procedures (TTPs), shedding old methods and adopting new ones to stay ahead of cybersecurity defenses. Much like the changing life stages of Cicadas that undergo metamorphosis during their underground existence, the adaptability of cybercriminals allows them to remain a persistent threat.
Cicadas create a disturbingly loud hum to herald their emergence. Similarly, cybercriminals generate disruption and chaos within an organization’s digital ecosystem when the attack is discovered. Whether it’s a ransomware attack crippling a healthcare facility or a phishing campaign exploiting human vulnerabilities, the impact echoes across the interconnected web of our digital lives.
Cybercriminals often operate collectively, sharing tactics and tools on the dark web. This coordination allows them to amplify their impact, creating waves of cyberattacks, such as distributed denial of service (DDoS), that can overwhelm even the most robust cybersecurity measures.
BEING PREPARED FOR THE INEVITABLE
Organizations can adopt a proactive and adaptive approach to their cybersecurity strategy to be prepared for the inevitable resurgence of cyber threats. This means:
- Continuously monitor and analyze the threat landscape, using threat intelligence feeds, security platforms, and service providers to gather information about emerging vulnerabilities, trends, and indicators of compromise.
- Identifying and prioritizing the most critical assets, systems, and data that must be protected based on the organization’s business objectives, risk appetite, and compliance requirements.
- Implementing and updating security controls and solutions aligned with the organization’s security goals, policies, and standards. These include diverse preventive, detective, and responsive measures, such as firewalls, penetration testing, encryption, data backup, EDR, SOAR, and deception technology.
- Automating and optimizing security processes and workflows using tools and platforms that enable security orchestration, automation, and response. This can reduce human error, improve efficiency and scalability, and enhance incident detection and response capabilities.
- Training and empowering the security teams and staff, providing them with the necessary skills, knowledge, and tools to embrace and adopt the proactive and adaptive approach. This can improve their security awareness, capabilities, and roles and foster a security culture within the organization.
A holistic approach to security is continuous threat management, which integrates threat awareness, event handling, and ongoing assessment and verification to enhance an organization’s security level.
By implementing vigorous and consistent cybersecurity technology, processes, and best practices, organizations can create a formidable security posture against cyberattacks. They can develop a strong defense by staying informed about current and emerging vulnerabilities and exposures and developing a culture of digital awareness and resistance.
Interesting parallels can be drawn from the cyclical nature of Cicadas and cybercriminals in their adaptability and emergence tactics. Recognizing and learning from these patterns will enable security teams to build a more resilient defense against the persistent threats of their digital foes.