Enhancing Security With Strategic Threat Intelligence
As we reflect on the transformative year of 2023 in the cybersecurity domain, we gather invaluable insights from industry experts who have been at the forefront of this landscape.
The expert commentary is not just about reflection but also about preparation. Their insights provide a clearer understanding of the cyber space, offering valuable guidance for companies to strategize and reinforce their defenses for future challenges.
From zero-day vulnerabilities to the nuances of threat intelligence, these experts delve into the strategic maneuvers that defined 2023. The discussion extends beyond technicalities, revealing the human side of cybersecurity, where resilience intertwines with innovation.
This is more than just a retrospective glance; it’s an in-depth exploration of the pivotal moments and strategic decisions that shaped 2023. We have gathered the thoughts of those who architect the cybersecurity defenses to extract the essential lessons that have left an indelible mark on the field.
So, let’s dive through the cyber trenches and explore the candid, conversational perspectives of industry trailblazers.
Vijayant Gaur (Cyber Security Consultant and currently supporting Uttar Pradesh Power Corporation Limited (UPPCL))
In the ever-evolving landscape of cybersecurity, the acceleration of digital transformation has brought forth diverse attack vectors. With the adoption of Zero Trust Architecture, organizations prioritize a holistic approach to security, mitigating risks from insider threats and zero-day exploits. The critical infrastructure protection paradigm extends to cloud security challenges, emphasizing the need to fortify against supply chain vulnerabilities. As IoT and connected devices expand the attack surface, the importance of threat intelligence becomes paramount. Addressing exploitation of software vulnerabilities, businesses navigate a complex terrain, implementing robust measures to ensure resilience in the face of emerging threats.
Amitabh Bhardwaj (Joint Director (IT and Cyber Security))
As per my opinion, one of the most important lessons learned in 2023 is that cybersecurity is a shared responsibility. It is no longer enough for Info security professionals but for all of the organizations to simply implement security measures. Everyone, from individuals to businesses to governments, has a role to play in protecting the digital world. Next key lesson learned is that cybersecurity is not a one-time fix. It is an ongoing process that requires constant vigilance and adaptation.
As attackers become more sophisticated, likewise organizations need to be constantly evolving their security strategies and threat intelligence to stay ahead of the curve. Besides this, the cybersecurity industry has also learned a number of specific things in 2023. For example, we have learned more about the dangers of supply chain attacks, and we have developed new techniques for defending against them. We have also learned more about the importance of data security, and we have developed new tools and techniques for protecting sensitive data.
Neal Quinn (Head of Cloud Security Services, Radware)
First, Burst Attacks ramp up faster than the polling intervals outlined above, causing an outage before the attack is even visible to an operator. These Burst Attacks contrast with years past where the attack took more time to ramp up.
Attackers now have instant access to large attack networks, utilizing a combination of public cloud computing and purpose-built infrastructures to create instant volumes approaching 1Tbps.
Mitigation solutions that rely on human intervention to profile the attack and activate the right countermeasure are no longer fast enough to mitigate the attack before it causes an outage. Automated protection solutions that use algorithms to spot events quicker are necessary to address this type of problem.
The second and more important shift in the threat intelligence landscape is the migration of attacks up the stack to the application layer. While HTTP Floods have been common for many years, they relied on easier to spot patterns that could be mitigated with a static signature. A new breed of HTTPS Floods, called Web DDoS Tsunamis, however, now uses encryption to defeat traditional packet sniffing approaches to attack profiling.
These attacks also use numerous evasion techniques tailored to sneak past most DDoS mitigation clouds and rely on much faster modulation through application headers that mimic real users. With these advancements, we now see attack signatures that look like legitimate traffic come from a larger pool of IP addresses with low per-bot request rates. The combination of rapid signature change and low per-bot rates makes existing approaches like rate limiting and IP blacklisting ineffective.
In 2023, there were numerous examples of large internet properties being crippled by these attacks. The only effective protection solution is to field advanced algorithms that use machine learning to continuously develop and deploy accurate signatures in real-time as they fight the attack.
The combination of Burst Attacks with Web DDoS Tsunamis has seen many purpose-built defenses struggle to adapt to the scale and complexity of the contemporary attack landscape. New methods are being deployed by the best providers to stay ahead of the curve. We can expect to see this trend continue into 2024.
Satnam Narang (Senior Staff Research Engineer, Tenable)
Mass exploitation of CVE-2023-4966, a critical sensitive information disclosure vulnerability in Citrix’s NetScaler ADC and Gateway products, has been ongoing since October 30. Dubbed “CitrixBleed” by researchers, at the time, there were estimates of 30,000 internet-facing assets that were vulnerable to this flaw. Recent analysis suggests that the number has decreased to over 10,000 assets with the majority located in the United States.
With publicly available proof-of-concept exploit code, a variety of threat actors have been leveraging this flaw as part of their attacks over the last few weeks, including affiliates of the infamous LockBit ransomware group and Medusa. Ransomware groups are mostly indiscriminate in their attacks, motivated by profits over anything else.
Organizations that use Netscaler ADC and Gateway products must prioritize patching these systems immediately as the threat of exploitation is extremely high, especially by ransomware groups.
Aaron Bugal, Field CTO (Asia Pacific and Japan, Sophos)
With the help of advanced AI, deepfake videos and images are being increasingly created by taking advantage of content posted on public social media profiles. While setting social profiles to private and limiting them to only known friends or contacts can help limit overt exposure, it isn’t a guarantee that someone among them won’t repost it or use it for nefarious purposes.
It is reassuring to see the Indian Ministry of Electronics and Information Technology (MeitY) sent an advisory to social media companies urging them to tackle deep-fake content. In the advisory, the government also warned social media intermediaries that failing to remove deepfake information from their platforms might result in penalties such as losing safe harbour rights, among other things. Such stringent advice from the government can help to flatten the curve of data being exploited to create deepfake content.
As a protective measure, digitally signed videos can be a way to verify that content can be trusted. Much like how certificates are used to validate website security and email communications, the same could be used for validating digital media.
As technology evolves and deepfake production times shrink and quality vastly improves, a point may come where it’s impossible to distinguish a deepfake from real recorded content; therefore, validating content as true using a signing or verification process is needed.
Jane Teh (SEA Cybersecurity Director, Deloitte)
In year 2023, the FSI, production and heavy industries has been toeing the line of battling with increase of threat landscape, breaches, firefighting with limited key skilled resources whilst tightening their belts; consolidating security technology stacks, combating the increase of platform licenses; this in turns increases security cost exponentially & not sustainable from a business perspective.
This trend and efforts will spill over till year 2025, therefore, CISOs or security heads are tasked to balance the scale of increasing organization’s cybersecurity resiliency, optimising security operations in line with business objectives and be more cost effective, as a result of it.
Sachin Kawalkar (Global CISO and Cyber head Neeyamo)
Since world is moving toward more digitalisation there is big rise and need for sustainability (connecting multiple devices for a longer duration) among consumers and modern digital applications. There is a mandatory need of implementing Secure by Design in the modernization process and identifying current and future threats among stakeholders while designing the architecture.
It is extremely necessary to robustly secure enterprises in this digitally evolving world as the complexity of cyber security risk and challenges is going to increase. We need to well-equipped technology solutions and training and nurturing talent and making them understand cybersecurity fundamentals, techniques and solutions to safeguard Information and Organization.
Insights, Shifts, and What Lies Ahead
The cybersecurity exploration in 2023 reveals itself as an engaging storyline, where experts fearlessly navigate unfamiliar territories. From the accelerated adoption of Zero Trust Architecture to the escalating threat of Burst Attacks and Web DDoS Tsunamis, the industry witnessed a dynamic shift, demanding continuous adaptation.
A key takeaway resonates — cybersecurity is a shared responsibility, transcending traditional boundaries. As the digital landscape evolves, the need for constant vigilance and adaptation becomes evident. The landscape is no longer confined to technicalities; it’s a human story where resilience intertwines with innovation.
The lessons aren’t just about defense but also about fortifying critical infrastructure against supply chain vulnerabilities, addressing the dangers of mass exploitation, and confronting the rise of deepfake content. As we peer into the future, the only certainty is the need for advanced algorithms, continuous learning, and a collective effort to stay ahead of the ever-evolving threat landscape.
2023 leaves us with a cliffhanger, anticipating how the industry will rise to the challenges and what new narratives will unfold in the ever-shifting landscape of cybersecurity. The stage is set for 2024, promising innovation, adaptation, and the resilience of those dedicated to safeguarding the digital realm.
Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.
