The Ever-Evolving Threat Landscape: 14 Threat Vectors and Sources You Might Not Be Aware of

If you’re reading this, you know more about the contemporary digital landscape than the average person. You take proactive steps to protect yourself from the raft of cyber-threats you know to exist out there. You’re well-versed in the top cyber protection solutions and understand how to evaluate each.

But, if you’re being honest, you know that there’s quite a bit you don’t know. Indeed, even digital security professionals who’ve devoted their lives and careers to anticipating and combating cyber-threats rarely have a complete understanding of the threat landscape at any given time. The state of play simply evolves too quickly, with too many moving parts, for any single individual or team to track.

Sure, we entrust white hat cybersecurity professionals to address specific threats and threat vectors, such as discrete nation-state attacks and new malware permutations. It’s just that such threats are far too numerous and, well, permutable for laypeople to keep up with.

At the same time, it’s important for people and organizations whose bottom lines (and, often, whose very survival) depends on anticipating and protecting against serious cyber-threats. With the caveat that it’s impossible to achieve total protection in such a diverse and rapidly changing milieu, individuals and organizations alike can and should take commonsense steps to fight back against the black (and gray) hats. (More on the grays later on; they’re an interesting bunch.)

These 14 threat vectors and sources are not universally known, despite their persistence and severity. As you read through the list below, ask yourself: what am I doing to protect myself, my family, and my company from these digital pitfalls?

1. Malware Weaponized by Nation-States

“Cyber warfare is a fact of [the] modern defence landscape…and malware is the most commonly used weapon in cyber conflicts,” writes Chuck Easttom of CEC Consulting in a 2018 whitepaper.

Wealthy nation-states have vast resources to invest in cyber-offensive capabilities. Some of the world’s most capable hackers are employed or contracted by government intelligence or military organizations. This is fairly well-known; check the news on any given day and you’ll probably see at least one story about a hack or attack led by nation-state actors.

What’s not as widely understood is that many of the cyber-weapons used by nation-state actors don’t originate with those actors. Many are simply co-opted private malware programs — malicious software developed by individuals or small groups and only later weaponized by hackers directly associated with nation-states.

For practical purposes, it doesn’t much matter whether nation-state hackers use malware developed in-house or by external actors. The end result is much the same. And, as we’ll see later, malware isn’t the only threat vector exploited by nation-state actors; zero-day exploits, spearphishing, and other tactics to gain access or information are increasingly common tools employed by civilian and military intelligence agencies.


Illustration: Freepik / Your_photo

2. Malware Developed by Nation-States

Due to its sophistication and specificity, it’s worth calling out malware developed by nation-states as separate and distinct from privately developed malware. Although your organization is less likely to be incidentally affected by government-developed malware, it’s extremely difficult to defend against such attacks.

Moreover, some government-developed malware programs do cause significant collateral damage. The infamous Stuxnet malware, likely a joint project of American and Israeli intelligence (though neither government has officially confirmed this) aimed at disrupting Iran’s nuclear enrichment activities, was successful in its primary objective.

But it also infected thousands of civilian computer systems, playing havoc with some of the world’s best-known industrial employers — who, by virtue of using software and hardware components similar to those used by Iran’s nuclear engineers, found themselves in the proverbial wrong place at the wrong time. Bottom line: Stuxnet is a cautionary tale.

3. Failing Computer Hardware

All good things must come to an end, including the hardware lifecycle. You know that your computer hardware will soon enough become functionally obsolete and require replacement. The question is what happens to it as that day approaches, and how well you’re able to anticipate the unique challenges of dealing with failing computer hardware.

Failing hardware, particularly when it’s not well cared-for, is more vulnerable to cyber-attacks than newer hardware that’s properly maintained. This isn’t to say new hardware is invulnerable; as we’ll see, the rise of zero-day exploits is a threat that’s not to be underestimated. But one of the easiest things you can do to shore up your security posture without spending lots of extra money is to repair or replace failing hardware before it jeopardizes your business model.

4. Failing Computer Software

Computer software fails, too. With the rise of software as a service (SaaS), it’s now virtually inevitable that you’ll rely on external vendors to keep the software upon which your company depends running smoothly. Be sure you’re working with reputable vendors committed to cybersecurity best practices; one of the advantages of SaaS is that the cost of switching your business away from subpar vendors is relatively low.

Your organization still needs to use non-SaaS programs, of course, not to mention operating systems installed directly on devices. Your team is responsible for ensuring that these programs and platforms remain in optimal working order, which means patching and upgrading as needed in timely fashion. Every day that goes by without a mission-critical update is a day that leaves your system vulnerable to preventable exploits.

5. Offensive Artificial Intelligence

Cybersecurity experts have warned of the dangers of malicious artificial intelligence for years, and AI has finally progressed to the point that these warnings feel more than prescient. The good news: many experts believe that AI will, on balance, favor defenders and white hats more than attackers and black hats. But that doesn’t mean your organization and those tasked with protecting it should sleep on the game-changing potential (for good and ill) of AI.

6. Zero-Day Exploits

A report by ZDnet pegs the average zero-day attack costs $440 per endpoint. If that doesn’t sound like a catastrophic figure, try this: $7.12 million. That’s the average organizational cost of a zero-day attack, according to a study by the Ponemon Institute.

Even if your organization could absorb such a financial hit, the logistical and technical efforts involved in cleaning up after a serious zero-day attack are not to be taken lightly. Worse, protecting against zero-day exploits is more complicated than simply maintaining the latest version of a first-rate anti-malware program on your entire array of organization-owned and BYOD devices. Zero-day exploits take advantage of weaknesses in computer hardware and operating systems to harm victims. In many cases, those affected by zero-day exploits don’t realize they’ve been attacked for months, until well after the damage is done.

7. “Fat Finger” Errors

You’ve surely perpetrated a “fat finger” error, a data entry mistake caused by a wayward keystroke. “Fat finger” errors are very often harmless and frequently humorous; careful typists are apt to discover them in real time.

But that’s not to say “fat finger” errors are always victimless. They’re particularly vexing for financial companies whose human traders think fast and trade faster; the world’s worst financial “fat finger” errors wiped millions or billions off affected organizations’ balance sheets (while, incidentally, ruining their hapless perpetrators’ careers). Frivolous as it might sound, it doesn’t hurt to have a policy in place to prevent and remediate these sorts of errors.

8. Accidental Deletions

Another variety of “fat finger” mistake is the accidental deletion, wherein a human or automated function mistakenly deletes key files or data. Without proper backups, accidental deletions can set organizations back months or years, and may well result in significant financial losses (not least due to loss of customer trust). Again, it never hurts to have a policy in place to address the prospect of accidental deletions; a thorough data backup policy is crucial as well.

9. Commercialized Malware and Ransomware

In the old days, most malware developers were thrillseekers more inclined to take sick pleasure in the misfortune of others than to seek to profit off their mischief.

For better or worse, that’s no longer the case. Many of the world’s most destructive recent malware attacks were motivated by greed. Ransomware is the most obvious example; ransomware programs are designed to release the systems they’ve taken hostage only after their human overseers receive the financial ransom paid by the victim. (Although many unscrupulous ransomware developers renege on their promise to release said systems. This is why it’s absolutely crucial to regularly and comprehensively back up your data.)

Developers of other types of malware, such as spyware, may indirectly profit from their use. For instance, keystroke-logging malware quietly and unobtrusively records data entered into infected systems, including sensitive information such as account numbers and passwords.

10. Organized Cybercrime Syndicates

Organized cybercrime syndicates use a variety of threat vectors to torment individuals and organizations.

We’ve already seen some such vectors at work. Ransomware is a favorite of organized criminals, thanks to credulous victims and the relative anonymity of cryptocurrency ransoms.

Some criminal syndicates are more sophisticated. Many even work with nation-states, usually loosely and unofficially, to attack particularly high-value targets, such as banks, major retailers, and third-party vendors that store financial data. The capabilities of well-resourced syndicates often rival those of nation-state actors, increasing peril for organizations unlucky enough to find themselves on the wrong side of their efforts.

11. Phishing Attacks

Phishing is one of the most common threat vectors. You’ve almost certainly been on the receiving end of a phishing attack this month, although you’re probably fortunate enough to count on a sophisticated spam filter to weed out all but the most convincing. Still, you’d be surprised at the “stickiness” of the phishing problem; the practice robs individuals and organizations of many millions of dollars each year. If you haven’t already done so, make sure your organization follows anti-phishing best practices.

12. Spearphishing and Other Sophisticated Information-Gathering Attacks

Spearphishing is a more sophisticated type of phishing that plays upon potential victims’ credulity. The most successful attacks generally involve originate from impersonated (perhaps with one letter changed in the address line) or infected (through prior phishing attempts or other vectors) email accounts already known to the victim; when they’re asked to take action or provide information by a trusted individual or vendor, they’re victims are more likely to comply. Unfortunately, the results can be devastating.

13. Malicious Insiders

Combating the ever-insidious insider threat requires faithful adherence to the “principle of least privilege,” which holds that process owners should have only the bare minimum credentials necessary to do their jobs properly. While this is easier said than done, it’s worth fighting for within and without your organization.

14. Adware and Other Forms of Grayware

Not all malware is patently malicious. “Grayware” occupies an expansive gray area that’s neither clearly bad nor clearly harmless. Adware is a common type of grayware that may track your activities without your permission, even if it doesn’t relay them to black hats who actively intend to harm you. Whether and how you choose to address grayware is up to you; when in doubt, consult a cybersecurity professional for advice.

Stay One Step Ahead of the Threat

Overwhelmed yet?

Look, you’re doing your best to stay one step ahead of these ever-evolving threats. Every day that goes by without a notable cybersecurity incident is a good day for your organization. Even a single breach may constitute a major setback that can damage your company’s reputation and divert resources that you’d prefer to allocate elsewhere.

Sooner or later, though, you’re going to learn firsthand what it’s like to fall victim to a data breach or cyberattack. It might not happen tomorrow, or next month, or even next year. But you must be prepared when it does.

That’s why it’s so important to invest in comprehensive cyber protection that addresses a range of possible threat vectors, facilitates rapid recovery, and provides the peace of mind upon which you depend to fulfill your professional responsibilities — those not involving cybersecurity, at least — to the best of your ability. Look for solutions that address all five vectors of cyber protection: the safety of your data (ensuring a reliable and complete copy is always available when you need it), accessibility (ensuring your data is readily available wherever you are), privacy (ensuring tight controls on access to and use of your data), authenticity (ensuring that your data copies are entirely unaltered from the originals), and security (providing comprehensive data protection against many of the threats described above).

With the right cyber protection solution, you’ll find yourself in a far better position to address the ever-evolving digital threats that your organization faces every day. You may also find yourself sleeping better at night. Now that would truly be something.

Read next: All You Need to Know About Ethical Hacking (infographic)

No comments:

Post a Comment