Keeping Up with the Evolution of Threat Actors

“The Dark Web continues to evolve and is less of an unknown nowadays, with the number of active users increasing. It’s the perfect place for cybercriminals to share illegal content and will only continue to grow with active users over time,” says Jason Wagner is VP of Identity & Digital Intelligence at Constella Intelligence, in an exclusive interview with ITSecurity Wire.

ITSW bureau: With the advancement of digitization in businesses worldwide, how are cyber threats becoming more sophisticated?

Jason Wagner: Digital transformation has not only changed the way organizations do business but has also opened up doors for a multitude of sophisticated threat actors to unleash new attacks.

The new era of Digital Risk – the protection of business assets vs. technical assets – transcends classic cybersecurity. Organizations now find themselves protecting executives, employees, customers, or brands rather than the traditional technical assets such as IP addresses or TCP ports. The identity is the new security perimeter – the classic security perimeter provided by network segmentation has disappeared. The biggest attack vectors have now become identities themselves, with account takeover and personalization attacks such as Business Email Compromise taking center stage. This attack exploits the user rather than technical flaws and is mixed with classic cybersquatting and phishing.

Another area on the rise is disinformation campaigns that can lead to cyber threats. While not a traditional attack vector, disinformation campaigns have proven to be a new vulnerability to organizations. Playing upon public sentiment and fears, these attacks are used to target organizations or their executives to influence public opinion, damage reputation, or commit fraud.

The CISO’s job has never been harder. With threats coming from all directions, CISOs need to ensure they work closely with their peers and that their objectives take into account the needs of other departments such as physical security, fraud, communications, or marketing.

ITSW bureau: What are your insights on the evolving dark web?

Jason Wagner: The Dark Web continues to evolve and is less of an unknown nowadays, with the number of active users increasing. It’s the perfect place for cybercriminals to share illegal content and will only continue to grow with active users over time. On a daily basis, I see how cybercriminals use the Dark Web as a window shop to increase exposure and then opt to move to more private, encrypted channels to communicate.

Identity theft continues to evolve and grow, leveraging the black market. Stolen credentials are bought and sold rampantly and are being leveraged for ransomware and account takeover attacks. Threat actors are also increasingly deploying credential stuffing attacks as a result of these stolen credentials.

Analysts have noticed an uptick in Asian and CIS threat actors, with these groups targeting big corporations using creative methods like phishing attacks, brute-forcing code repositories, and paying employees to do inside jobs. Other cyber threats in the Dark Web at this time include targeted malware, Enterprise-specific DDoS services, corporate data for sale, brand-spoofing phishing tools, and disinformation campaigns.

The bottom line is that cybercriminals continue to evolve and are not just using the Dark Web. We need to evolve with them and follow them to remain vigilant.

Also Read: Questions Security Chief Must Ask Their Managed Security Providers  

ITSW bureau: What strategies would you recommend for companies to stay ahead of cyber threats?

Jason Wagner: Organizations need to make sure their security teams are keeping up to date with trends in the threat landscape, especially those affecting their industry. They need to make sure they have the right tools in place, which includes monitoring and predictive tools to help prevent a security incident before it happens.

In addition to being proactive, organizations need to understand their security posture and attack surface in the way an attacker sees it. This is accomplished by keeping systems up to date, plugging holes, understanding their own digital footprint, continuously monitoring their digital assets, and having a plan to effectively respond.

ITSW bureau: In terms of security intelligence, what should cyber companies do to protect customer identity information?

Jason Wagner: Protecting customer information should be the focus for all organizations, not just “cyber” companies. In addition to deploying traditional security measures to protect customer data, organizations need to understand where that data is stored and who has access to it, both internally and externally.

In addition to classic data leak protection, companies need to assume that information will get stolen and need to implement Data Leak Detection capabilities to monitor the Dark Web and underground communities so they are alerted whenever data is compromised and can react accordingly. Organizations also need to extend their security policies and processes to promote zero-trust into their third-party and supply chain relationships and partnerships.

Finally, human error is still the predominant cause of all data breaches. Ensuring the right security controls are in place along with limiting access to customer data is paramount to keep customer identity data secure.

ITSW bureau: Can Artificial Intelligence (AI) and Machine Learning’s (ML) predictive characteristics jumpstart security intelligence with regards to the Dark Web?

Jason Wagner: AI and ML are keys to fully understanding the threat landscape and a critical part of any security and intelligence company. The amount of data accessible to both users and customers is daunting; the threat landscape is constantly changing; and the cyber skills shortage continues to grow. As social engineering and phishing attacks become more sophisticated, AI and ML need to be used to help decipher potential risk, as users are becoming “numb” to threats.

Simply put, deploying AI and ML in ways to ingest and correlate data, cut through the noise to understand it, and surface the most salient findings helps to eliminate false positives and have analysts focus on the threats that matter.

Also Read: Microsoft Study: How COVID-19 has altered the Future of Cyber-security

ITSW bureau: Talking about predictive technologies, what are your viewpoints on the ethics of using them?

Jason Wagner: Monitoring for keywords, sentiment, using AI to understand those conversations, and trying to help uncover potential cyber-attacks is more about prevention. Transparency is key and trust is paramount or that core mission will be endangered. Predictive technologies should not fully take the place of human judgment. While they help to simplify data and make things more digestible, there still needs to be validation or review by experts to ensure the data is being collected equitably and interpreted correctly.