Despite better collaboration between industry and law enforcement, 2023 proved to be another record year for ransomeware, with attackers collecting an estimated $1.1 billion in payments from extorted companies, according to a keynote presentation at this week's RSA conference in San Francisco by Kevin Mandia, CEO of Mandiant and Google Cloud. The damages caused by the attackers vastly exceeded this amount.
Mandia's commentary is based on 1,100 investigations and numerous red team exercises conducted over the year.
Here are highlights from his keynote.
Conclusions from Investigations
- Global Risks and Repercussions: There's a perceived lack of significant risks or repercussions for cyber attackers globally, which emboldens their activities.
- Innovation in Cyber Offense: There has been noticeable innovation in ransomware, evolving from data theft and extortion to more aggressive tactics including harassment.
- Private and Government Cooperation: 2022 has seen improved collaboration between private sectors and government bodies, enhancing cybersecurity responses.
Findings and Suggestions
- Zero-Day Exploits: There has been a sharp increase in zero-day exploits, with significant impacts on multiple vendors beyond the major ones like Microsoft, Google, and Apple. Mandia emphasizes the importance of being prepared for such vulnerabilities as they are inevitable.
- Espionage and Attribution: Espionage remains difficult to manage with traditional cybersecurity methods. Mandia discusses the need for modernizing treaties to help attribute and impose risks on criminal actors more effectively.
- Spearphishing Evolution: Attackers are shifting techniques due to enhanced email security measures and more widespread use of multifactor authentication (MFA). Mandia suggests focusing on proxy logs to detect malicious downloads which bypass secure email gateways.
Strategy for Defense Improvement
- MFA and Social Engineering: Mandia highlights the ongoing challenges with MFA and the need for secure systems that can resist social engineering attacks.
- Infrastructure and Evasion Techniques: Cyber attackers are increasingly using sophisticated methods to blend into normal network activities, requiring advanced detection strategies that go beyond initial breach detection.
- Public and Private Sector Collaboration: The talk concludes with a call for continued improvement in collaboration between the public and private sectors, emphasizing the need for transparency and shared standards in cybersecurity practices.
A recording of the keynote can be seen here:
