A Dynamic Battle Against Evolving Threats, Exploiting Fresh Vulnerabilities, and The Rise of Supply Chain Attacks: Sophos

A Dynamic Battle Against Evolving Threats, Exploiting Fresh Vulnerabilities, and The Rise of Supply Chain Attacks: Sophos

The cybersecurity sector is experiencing robust growth driven by the escalating threat landscape and increased digitization. Organizations globally are intensifying efforts to safeguard their digital assets, resulting in a surge in demand for innovative cybersecurity solutions. The growing awareness of cybersecurity's critical role in protecting sensitive information positions the sector for continued growth.

Putting across his views about cybersecurity market in 2024, Chester Wisniewski, Global Field CTO, Sophos said, “If history has taught us anything the 2024 threat landscape will look a lot like the 2023 threat landscape, but more efficient and with opportunistic twists and turns. Criminals are out for only one thing, money. They will continue to ransom and extort their way to infamy and wealth. Where we see variances are around what most easily enables this criminal activity. Year over year we see shifts back and forth between exploiting zero-day vulnerabilities and using stolen credentials to gain access to victims’ networks.”

When there is a fresh vulnerability available and it is somewhat easy to exploit, as we have recently observed with Citrix Bleed (CVE-2023-4966 flaw being exploited by ransomware crews in Citrix NetScaler), they will take advantage. Once all the victims are patched or already compromised, they will fall back to the slightly less efficient method of credential theft. As organizations have increasingly adopted multifactor authentication criminals have begun to develop more sophisticated bypasses and have turned to stealing cookies and session cookies instead.  

2023 showed a lot of advancement in abusing supply chains to compromise victims as well. Whether through the compromise of managed service providers (MSPs), file sharing appliances, or through authentication providers, sometimes the easiest way to break-in is through the back door. As we continue to harden our own networks and adopt more “as-a-service" models we can expect attacks like this to increase throughout 2024.  

As multifactor authentication becomes more ubiquitous, we will continue to see the use of malicious proxies like evilginx and social engineering to convince end-users and IT support staff to grant attackers access. Groups like LAPSU$ and Scattered Spider have captured everyone’s attention with their success in gaining access to major brand names throughout 2022 and 2023 and this will likely inspire more to borrow pages from their playbook.  

I think we will see major governments around the world take more substantiative action to thwart ransomware groups as people’s day to day lives are increasingly impacted when hospitals, schools, law offices, and banks are unable to operate due to cyberattack-related downtime. It’s hard to say whether this will be effective, but we are reaching a point where people will begin to demand something be done,” he concluded.

Related Stories

No stories found.