Attacker behaviour, AI and cloud-native applications

Article by David Sajoto, Regional Vice President, Vectra AI, APJ 

With the popularity of cloud-native applications and solutions on the rise, ransomware is also becoming an unfortunate reality for businesses in every industry.

Researchers at IDC have found that 750 million cloud-native applications will be created globally by 2025, as businesses work toward building ‘sustainable digital value engines’. As business leaders increasingly embrace cloud technology to expand their operations to achieve success, security leaders are finding themselves grappling with the growing challenge of navigating hybrid infrastructure and its ever-expanding volume of alerts.

Globally, PwC finds 45% of security and IT execs expect a further rise in ransomware attacks, 38% expect more serious attacks via the cloud in 2023, and 46% of CEOs (49% at previously breached organizations) want to give CISOs more authority to drive collaboration on security next year.

In this sober reality, CISOs and business leaders must work to understand attacker behavior, adopt a preventative approach for their organization, and implement detection and response solutions and plans.

The rise of cloud gives way to unknown threats, and ransomware runs rampant

Malicious actors are increasingly targeting hybrid networks and exploiting cloud systems as businesses migrate more data and information to the cloud, shifting away from traditional on-premises infrastructure.

Over the past decade, enterprises have progressively transferred larger datasets to the cloud, providing greater incentive for attackers seeking to exploit data for nefarious purposes or financial gain.

One notable aspect is that many cloud solutions offer pre-built tools and features that are shared across different businesses, allowing attackers to leverage these resources without starting from scratch for each target. For example, attackers often discover and comprehend APIs created by cloud service providers, significantly reducing the number of steps they need to take to achieve their objectives.

To illustrate this point, an attacker might utilize a cloud service provider’s cryptographic tool to gain access to an enterprise’s data. With efficient control mechanisms designed to lock victims out, a successful ransomware campaign can swiftly encrypt this data.

It is crucial to recognize that ransomware is no longer confined to on-premises environments and is now leveraging what are often seen as benefits of the cloud. In addition, attackers are employing new tactics and techniques specifically tailored to cloud-native solutions. In order to safeguard their businesses, security leaders must acknowledge and comprehend this evolving reality.

Understanding behavior as a cornerstone of robust security practices

Securing an organization’s network and endpoints can be overwhelming. It is no surprise that security teams are burdened and exhausted, inundated with alerts that hinder their ability to effectively prioritize time and resources.

This is precisely why the focus on behavior and leveraging the power of artificial intelligence (AI) has become increasingly helpful and important. To prevent breaches before they reach the ransom stage, security leaders, and by extension security teams, must concentrate on the behavioural aspects of attackers. This helps to then distinguish true alerts from noise.

Here artificial intelligence (AI) becomes a great collaborator. While AI is a trending topic that raises concerns about job displacement, we perceive this technology differently. In reality, AI has been in existence for years and continues to offer more benefits for security teams as it advances.

For instance, when trained to tackle specific problems such as attacker behavior, AI can automate tasks that were once time-consuming and mundane, elevating them from low-level to high-speed operations. This early identification of attackers and the ability to locate the proverbial needle in the haystack contributes to enhanced signal clarity overall.

Practical approaches and applications to reduce unknowns and improve security

The ongoing discourse surrounding securing operations in a hybrid world, as the prevalence of cloud-native applications increases, continues to develop alongside the technological solutions tailored to address these very challenges.

There are two practical steps that every enterprise should promptly undertake. First, gain a comprehensive understanding of the hosting location of your cloud data. Additionally, implement both preventive controls and robust detection and response (D&R) capabilities.

Regarding cloud data, it’s noteworthy that each major cloud service provider (AWS, Azure, and Google), offers its own distributed, highly available data storage solution. These solutions integrate numerous other services within their respective platforms and are designed to fulfil diverse data storage requirements. Recognizing the location of your data represents a fundamental step in thwarting cloud-native ransomware attacks.

Subsequently, the implementation of preventive controls and D&R capabilities is paramount. Cybersecurity is a collective effort that necessitates practice. Regular drills and playbooks, leveraging security solutions and managed by highly skilled professionals, must be conducted to align with your current infrastructure requirements. Routine assessments also enable you to ensure the adequacy of your security tools, address any gaps in security controls, and enhance remediation measures.

The views in the article is that of the author and may not reflect the views of the publication.

---

---

---