Well, it looks like we cybersecurity defenders won’t be getting a break any time soon. Unit 42 consultants and intelligence analysts have been busy, and a few trends have jumped out at us in the last few months. So, we decided to write them up. In our latest executive advisory, Navigating the Evolving Threat Landscape: Resilient Cybersecurity Tactics for CISOs, we highlight a couple attacker trends, what they mean, and what you can do about them.
The bottom line: attackers are becoming more tenacious and resilient to defense. Defenders can take a few steps to match those changes and improve their own organization’s resilience.
One trend is improved efficiency. More attackers now use automation, organization, playbooks and repeatable operations. Certain actors have developed key expertise in modern IT infrastructure. And, they use it to move efficiently through the target environment – faster and more quietly than before.
Muddled Libra is a threat group that’s exhibited these skills. The Unit 42 Threat Assessment on Muddled Libra has an in-depth written analysis, and you can also listen to the Unit 42 Threat Vector podcast for expert insights and strategies to counter this threat actor group.
Nation-state attackers don’t just conduct espionage. Lately, they have also been acting to destabilize other components of the states they target. One example is Trident Ursa, an APT group with a history of creating access to its targets and gathering information from them. Their targets include most business sectors: financial institutions and government entities, communications, manufacturing, information technology, education and more.
If you run operational technology (OT), you might also be interested in some of the insights in this OT Security Insights white paper from our OT colleagues. It looks at the IT-OT interface and how attackers are crossing it.
A comprehensive defense strategy helps you frustrate attackers. And, they deserve to be. The advisory goes into more detail. Here are some quick takes to consider.
These changes in attacker behavior aren’t all bad news. On the contrary, it means a comprehensive defense strategy is more valuable against more threat actors. Attackers are innovating, accelerating and becoming more tenacious. Your team should be, too.
Unit 42 and other Palo Alto Networks products and services can help. We provide Cyber Risk Management and Incident Response consulting services – from attack surface assessment to full-scope reactive incident response. We’re familiar and experienced with responding to threat actors – from APT to ransomware – in environments that include the largest Global 2000 firms.
This is just the beginning of what you need to know. Read the executive advisory, Navigating the Evolving Threat Landscape: Resilient Cybersecurity Tactics for CISOs to learn more about key attacker trends and tactical steps you can take to improve your security defense.