Source – Shutterstock

Everyone’s falling for the shape-shifting threat – so how to overcome this recent cyber-attack?

  • APAC region experienced 23.5% of the total cyber issues reported in 2021, resulting in a long-term impact on organizations and individuals
  • In the age of fake news, deepfake technology has risen in popularity as a way for cybercriminals to deceive individuals and compromise businesses

The size and nature of the cyber-attack surfaces have changed dramatically from earlier times. Organizational cybersecurity used to be similar to building defense in that it was a fairly simple, one-dimensional activity. However, the modern era has demonstrated that recent cyber-attacks are capable of wreaking havoc on a variety of businesses, including the media, financial institutions, governments, the oil and gas industry, and others.

These hacks occur at the same time as a worrying rise in ransomware as part of an array of increasingly sophisticated attacks. As corporations began to expose their networks, data, and procedures in an effort to change to a new digital era, these incidents increased in numbers.

There is simply more available for threat actors to target in today’s enterprise cyber-attack surface than ever before. Additionally, an organization’s ability to respond quickly to attacks may be hampered by its lack of understanding of its cyber-attack surface.

Tech Wire Asia had the opportunity of speaking with Rick McElroy, Principal Cybersecurity Strategist at VMware, about how deepfake technology is being leveraged to carry out a cyber-attack.

What is the current threat landscape looking like in the APAC region?

Rick McElroy, Principal Cybersecurity Strategist at VMware, discusses on the recent cyber-attack surfacing the APAC region.

Rick McElroy, Principal Cybersecurity Strategist at VMware, discusses on the recent cyber-attack surfacing the APAC region.

Overall, the picture for cybersecurity currently remains a bumpy ride for the foreseeable future. APAC region experienced 23.5% of the total cyber issues reported in 2021, resulting in a long-term impact on organizations and individuals. New capabilities are being seen from threat actors like North Korea which should cause concern for the region. Additionally, organizations in APAC are also struggling to find and retain the right cyber talent, putting businesses at greater risk amid the surge in security breaches and attacks.

Why is a cyber-attack being launched using deepfake technology? Is it due to how simple it is to launch?

Simply put, it is working. Two out of three respondents surveyed this year in our Global Incident Response Threat Report saw malicious deepfakes used as part of an attack, a 13 percent increase from last year, with email as the top delivery method. Cybercriminals use deepfake technology to compromise and gain access to organizations and in the era of fake news, deepfake have become more popular to manipulate people.

Attackers do what works and invest time in techniques that generate high ROI. In this case, using deepfakes allows for targeted attacks that yield fruit. I think this also speaks to email-based phishing attacks probably being disrupted by organizations, which causes a change to how the criminal elements are operating.

What kinds of threats may a deepfake attack cause to a company?

Deepfakes pose grave threats to individuals, companies, and institutions as cybercriminals gain access to sensitive data, spread false information, and damage a company’s reputation. Studies show that majority of reputational damage often occurs within 24 hours after the incident. It might be too late before the company responds and the damage might be irreversible.

Deepfakes are often used to scam companies to either demand money or gain access to sensitive/classified data. This is done through various means such as wire scams, fraud, and certainly, the targeting of individuals to get them to do things like password resets or add a criminal into multi-factor authentication (MFA) mechanisms. They are also using deepfakes in an attempt to gain employment and receive a paycheck. The FBI in the US warned about this in July of this year.

Is exploiting lateral movement to conduct an attack a recent practice among cybercriminals?

No, however, the prevalence and lack of visibility or prevention mechanisms by organizations needs to be shored up. We are not doing enough globally to stop attackers once they gain access to systems. But it’s not enough to solely focus on prevention since it’s impossible to prevent/stop every attack. Cybercriminals are relentless with finding their way into networks and around perimeter defenses, so organizations need to shift their focus to detection and analyzing the tactics and strategies deployed by cybercriminals to gain a significant leg up. Currently, attackers seem to be able to move around undetected for long periods of time. We need better security to combat this.

Are cybercriminals also leveraging the privilege escalation approach while using lateral movement to compromise organizations?

Yes, their main goal is to not get caught and gather as much information as possible and access to credentials, specifically accounts with elevated privileges. Once attackers get admin access, they can disable security tools, delete logs, and even install their own software across numerous systems. Therefore, cybersecurity leaders must place ample focus on lateral movement and credential harvesting attacks since most of the downstream impacts are due to the aforementioned issues.

What countermeasures should organizations take against these “new” attack types? What is the best way to deal with deepfakes?

We’ll need focused deepfake education to groups that may be impacted. In my opinion, this starts with the finance and IT sectors. Additionally, lateral movement prevention focus needs to happen at the switch level (where traffic traverses) and the hyper visor level, and there are several technologies that focus on limiting lateral movement. Credential harvesting looks to move towards a well implemented, well managed MFA solution. Although this will not stop all attackers, it is a step in the right direction. That being said, well implemented MFA requires a large amount of effort on the attacker side to bypass because this level of effort can cause them to focus on easier, lower hanging fruit. Simply put, don’t be a soft target.