In our first of this two-part blog (Know thy enemy), we referenced Sun Tzu (771–256 BC), a brilliant Chinese military general, strategist, and philosopher. In this second blog, we look to his famous military treatise, ‘The Art of War,’ which is regarded as a source of modern-day inspiration for businesspeople, politicians and sportspeople alike.
With chapters devoted to extensive planning, winning decisive engagements, tactics, identifying strengths and weaknesses, the need for flexibility and creativity, and the use of good intelligence sources, Sun Tzu’s observations are incredibly relevant to countering the tide of cyber threats we face. (If born into the modern world, we suspect he would have made a formidable cybersecurity guru.)
Exploiting gaps in cloud protection
According to the 2024 CrowdStrike Global Threat Report, while organisations worldwide continue to move to the cloud, cybercriminals are taking delight in advancing their capabilities to exploit the mass migration by abusing features unique to the cloud. Cloud-conscious cases increased by 110% YoY, cloud environment intrusions by 75% YoY, and cloud-agnostic cases by 60%.
As an FYI, CrowdStrike defines cloud-conscious as ‘threat actors who are aware of the ability to compromise cloud workloads and use this knowledge to abuse features unique to the cloud for their own purposes.’
Increasing sophistication of supply chain attacks
Cybercriminals’ primary purpose in attacking supply chains and trusted software is to maximise their return on investment (ROI).
By initially compromising one organisation, they can gain access to all its supply chain relationships – so we can be talking about hundreds or even thousands of new opportunities across multiple verticals and countries. This is generally done in one of two ways. The first takes advantage of the vendor-client relationship using trusted supply chain software to spread malicious programs, and the second is by leveraging access to vendors supplying IT services.
Generative AI
It will be no surprise that generative AI promises to be a double-edged sword. And the ‘edge’ that is most worrying is the one used by the criminal fraternity. While most of the world has marvelled at the ability of generative AI to rapidly create content, hackers have equally appreciated its potential.
CrowdStrike says that the two primary opportunities to use generative AI for evil are:
- Using it to develop and execute malicious computer network operations (CNO) and to write scripts and code that function maliciously if used correctly.
- Supporting the efficiency and effectiveness of social engineering and information operations campaigns – just as your marketing department would.
The only good news is that CrowdStrike reports that over 2023, they rarely saw generative AI used for CNO development. However, it’s early days.
The escalation of e-Crime
eCrime, says CrowdStrike, is a highly attractive and lucrative business venture for many criminals. It was regarded as the most pervasive threat across the 2023 threat landscape, with adversaries leveraging techniques which maximise stealth, speed and impact.
One such eCrime technique is malvertising. This is the abuse of sponsored Google ads by inserting malicious links in either legitimate or specially created advertisements which appear at the top of the page. The web user then clicks through to a malicious website.
Over 2023, criminals specialising in eCrime shifted their focus and expanded their market opportunities with a rollout of macOS malware. These information stealers harvest stored passwords, cookies and cryptocurrency wallets.
Applying The Art of War to a world under cyberattack
If we had to make just five recommendations, these are the tactics we suggest are essential to
- Laying plans. Accepting that your business is under attack means planning and building a cybersecurity culture to ensure survival. From cyber awareness training to alignment with the Essential Eight to cybersecurity strategies and plans for recovery and mitigation, your organisation needs to live and breathe the concept of being cyber secure.
- Classification of terrain. Choose a battleground that works to your advantage. Prioritise cloud-native application protection platforms like CrowdStrike to protect critical areas of enterprise risk, such as endpoints, cloud workloads, identity, and data.
- Weak points and strong. Your adversaries are getting stronger and faster, but are you? It’s essential to constantly evaluate and reassess the strength and effectiveness of your defence capabilities. Understanding the evolving threat landscape and the tools and services available is critical to ensuring you can respond rapidly – and efficiently.
- Tactical disposals. To avoid creating opportunities for your enemies and defend what you value, ensure you have visibility across the most critical areas of enterprise risk.
- Use of spies. As cybercriminals seek to infiltrate your systems (and bank accounts) and commit identity theft through tactics such as social engineering, phishing, and malware, enforcing identity protection is a must-have.
What next?
There’s no escaping the brutal and unrelenting nature of cybercrime. But while war rages around you, we can help you stay safe.
Please contact us if you’d like us to conduct a Cyber Security Vulnerability Assessment to improve, support, and manage your ability to defend what you hold near and dear.
