Everyone with a digital footprint is at risk for potential cyberattacks. In addition, the recent COVID-19 pandemic has forced physical and digital worlds to collide, with a sudden shift to work-from-home and remote work environments. As a result of this transition, the use of online tools for collaboration and communication quickly skyrocketed, leaving plenty of room for attackers to exploit vulnerable and unprepared organizations.
My name is Anna Chung, and I am a Principal Researcher with Unit 42. We are a global threat intelligence team for Palo Alto Networks that collects in-depth information about security threats, specifically for cloud environments. Our mission is to protect the digital world from cyberattacks and make sure that your worst days aren’t as bad as they might have been without us.
As cyberattacks continue to escalate worldwide, our researchers at Unit 42 continue to dissect the latest cyber risks, assess the security readiness of organizations, and help businesses recover when a cyberattack occurs. In this episode of the DevSecTalks series, I sat down with host Ashley Ward to discuss my role within Unit 42 and provide insights into the increased prevalence of cyberattacks during the COVID-19 pandemic.
What Are Cyberattacks?
Hackers who lead cyberattacks maliciously target an organization’s digital infrastructure. The fast-paced digitization of many organizations has greatly expanded the surface of these attacks. Since many businesses rely on the interconnectivity of applications for everyday operations, the number of third-party cloud-based services has dramatically increased. Coupled with a spike in remote work, the malpractice of cybersecurity hygiene leaves organizations more vulnerable than ever to cyberattacks.
Cyberattacks can occur in a number of different ways, all of which pose a significant level of risk for an organization. A few common types of cyberattacks include:
- Ransomware – Using malicious software to hold valuable data or information for ransom
- Phishing – Disguising legitimate communication with fraudulent email messages
- Denial of Service (DoS) – Shutting down a machine or network so that it’s inaccessible
The Motivations Behind Cyberattacks
Understanding the intent behind common cyberattacks can play a powerful role in preventing the attacks. Traditionally, our Unit 42 threat intelligence research showcases three major motivations that lead to these various types of attacks.
Cyber Espionage
Cyber espionage, also known as an Advanced Persistent Threat (APT), is the act of obtaining intellectual property without the knowledge of the information holder. The common targets of cyber espionage include government and defense agencies, along with high-tech organizations.
Due to the massive amount of infrastructures and resources required to conduct this type of attack, the misconception is that cyber espionage only impacts nation-states and highly visible companies. Although there’s some truth to this assumption, we have seen commercial espionage operate in the individual or private group domains, as well.
Financially Motivated Cybercrime
Financially motivated cybercrime is my personal interest and focus.
As you can imagine, profits are the end goal for financially-motivated cybercrime. But attackers aren’t always looking for direct financial benefit, since intellectual property and company data can be monetized. Financially motivated attackers focus on the best way to maximize their profits. They use initial access brokers that randomly compromise a lot of access points in corporate networks. The attackers later figure out who the ideal candidates are for ransomware attacks. With the magnitude of layers that exist for financial crimes, those intent on committing them find ample motivation for this type of cyberattack.
Hacktivism
The term ‘hacktivism’ is acquired from combining the words ‘hack’ and ‘activism’, and refers to groups or individuals that use their tech knowledge and hacking ability to make social and political statements.
Hacktivists often target corporations or government agencies to raise awareness of political or social ideologies they stand against. They’ve used website defacements, DoS attacks, and other forms of vandalism to challenge anyone who disagrees with their moral position. Recently, we’ve seen this group making an appearance through increasing use of unique and creative tactics, such as dumping stolen data into public websites.
Knowledge Is Power – The Importance Of Unit 42 Threat Intelligence Research For Countering Cyberattacks
Unit 42 is made up of an elite team of threat researchers and security consultants. Backed by the Palo Alto Networks Engineering and Critical Response teams, Unit 42 offers years of experience detecting and preventing attacks. The team collects and analyzes threat data from internal and external sources and runs it through a detailed threat analysis process.
We use automated systems and expert human analysis to interpret data, identify patterns, and evaluate our hypotheses against our entire data set. This intricate research helps us put cyberthreats into context and determine how to best defend against future cyberattacks.
A big part of my role as a principal researcher with Unit 42 includes using threat intelligence to help people make informed decisions. I consider myself a human-centric researcher with Unit 42, which means that I look at cybersecurity incidents as a combination of technical abuse and human behavior. I focus my research on people-centric solutions to understand the victims, defenders, and attackers of a cybersecurity incident.
The Latest Unit 42 Cybersecurity Research on Ransomware
It’s no secret that the world of post-pandemic remote work is here to stay. As cyberattacks escalate and continue to remain prevalent, now is the time to stay up to date on the latest cybersecurity risks. Taking actionable steps to prevent and mitigate the risks of a cyberattack will ensure that your organization is adequately secured in this era of digitization.
Unit 42 is a world-renowned threat intelligence and cybersecurity consulting organization with a mission to identify and resolve the most challenging threats in order to make the world a safer place. If you’re interested in helping your organization stay agile and proactive with cyber threat prevention, download the 2022 Unit 42 Ransomware Threat Report and get started today.
Did you enjoy this episode of DevSecTalks? Visit our website and tune in to our other sessions to hear from more DevSec industry experts who are building the future of cloud security.