easy-accordion-free domain was triggered too early. This is usually an indicator for some code in the plugin or theme running too early. Translations should be loaded at the init action or later. Please see Debugging in WordPress for more information. (This message was added in version 6.7.0.) in /home/mother99/jacksonholdingcompany.com/wp-includes/functions.php on line 6114zoho-flow domain was triggered too early. This is usually an indicator for some code in the plugin or theme running too early. Translations should be loaded at the init action or later. Please see Debugging in WordPress for more information. (This message was added in version 6.7.0.) in /home/mother99/jacksonholdingcompany.com/wp-includes/functions.php on line 6114wordpress-seo domain was triggered too early. This is usually an indicator for some code in the plugin or theme running too early. Translations should be loaded at the init action or later. Please see Debugging in WordPress for more information. (This message was added in version 6.7.0.) in /home/mother99/jacksonholdingcompany.com/wp-includes/functions.php on line 6114Threat analyst Dave Liebenberg on the Cisco Talos Year in Review and how organizations can stay protected in 2024. More RSS Feeds: https:\/\/newsroom.cisco.com\/c\/r\/newsroom\/en\/us\/rss-feeds.html<\/p>\n
\u200bCisco Newsroom: Security\u00a0\u00a0Threat analyst Dave Liebenberg on the Cisco Talos Year in Review and how organizations can stay protected in 2024. More RSS Feeds: https:\/\/newsroom.cisco.com\/c\/r\/newsroom\/en\/us\/rss-feeds.html\u00a0Read More<\/a>\u00a0<\/p>\n Cisco Talos<\/a> is one of the largest and most effective threat intelligence organizations in the world. And their Talos Year in Review<\/a> speaks volumes about the current trends and future threats defenders can expect to see in the coming year. \u00a0<\/p>\n To learn more about this year\u2019s report, and what organizations can do to counter what\u2019s coming, we spoke with David Liebenberg, head of Strategic Analysis for Cisco Talos.\u00a0<\/p>\n Thank you, Dave! Maybe we could start with a quick overview of Cisco Talos, and your role there.<\/em>\u00a0<\/p>\n Thanks, Kevin. As part of Talos, I contribute to Cisco’s threat intelligence work. Talos\u2019s work includes protecting customers from threats, discovering vulnerabilities, and going out and interdicting adversaries. Within Talos, I run a group called Strategic Analysis. We analyze the most impactful adversaries and trends in the threat landscape. And we produce a number of internal and external intelligence products, Including the Year in Review.\u00a0<\/p>\n What are the goals of the Talos Year in Review?\u00a0<\/em><\/p>\n Cybersecurity is a very fast-moving field. So, taking the time to conduct retrospective analysis helps put those changes in context and can also help anticipate future developments. My team reviews the vast treasure trove of telemetry and expertise we have here at Cisco to tell a comprehensive story of the major adversaries we dealt with in 2023, and the key themes and trends that will define the coming year as well.\u00a0<\/p>\n Once again, ransomware emerged as a major threat this year. What are some key trends in ransomware?\u00a0<\/em><\/p>\n Yeah, so ransomware is truly an evergreen threat, as this report illustrates. In terms of adversaries, LockBit remains the most active group, which was the same as last year. And they are up there with ALPHV, Clop, and BianLian. Those are the four main groups that we saw. One interesting trend, Clop showed how well-resourced they are. They exploited several Zero Day vulnerabilities in a variety of different platforms. That\u2019s something we typically associate with an APT, advanced persistent threat.\u00a0<\/p>\n Extortion emerged as a bigger threat in 2023. Could you explain that trend?\u00a0<\/em><\/p>\n Yes, a lot of well-established ransomware groups, Babuk, BianLian, and Clop to name a few, are moving into these pure extortion plays. So, they\u2019re not actually encrypting anything; they’re just stealing data and threatening to leak it. In Q2 2023, these type of pure extortion events comprised nearly a third of everything we saw in incident response and surpassed even ransomware for that quarter. Also, these big ransomware groups have had their builders and their payloads leaked, which has allowed less sophisticated adversaries to take that, modify it, and then create and deploy their own ransomware payloads.\u00a0<\/p>\n Which initial access vectors were exploited most in 2023?\u00a0<\/em><\/p>\n It can sometimes be difficult to pinpoint with 100 percent accuracy what the initial access actually was. But according to our incident-response data, the top three initial access vectors included the exploitation of vulnerabilities in public-facing applications; the use of compromised credentials or valid accounts; and phishing. \u00a0<\/p>\n To what extent are older infrastructures being targeted and exploited?\u00a0<\/em><\/p>\n We found in this report that threat actors are consistently exploiting older software vulnerabilities in common applications. And some of the most popular vulnerabilities we saw targeted were more than 10 years old. It basically underscores that organizations must implement a healthy and effective patching program. \u00a0<\/p>\n They like to exploit low-hanging fruit, don\u2019t they?\u00a0<\/em><\/p>\n Yes, adversaries are only going to innovate as much as they need to. So, you’re going to continue to see older vulnerabilities and older infrastructure targeted and used as a pivot point to get into the network. Obviously, a modernized network is the best response. But again, even older equipment, if you patch it correctly, you\u2019ll have a better chance. \u00a0<\/p>\n What responsibility do individual workers or company cultures have? \u00a0<\/em><\/p>\n Individual workers and company culture can definitely contribute to a healthier cybersecurity ecosystem. For individuals, it means complying with company security policies, avoiding password reuse and simplistic passwords, taking proper precautions when working remotely, and remaining very vigilant against social-engineering attacks. For company culture, it means conducting frequent training and testing. And it\u2019s very important that people who are in charge of internal security and security operations are able to effectively influence company policy. \u00a0<\/p>\n What are some key measures that those security experts should recommend?\u00a0<\/em><\/p>\n Well, for example, they should institute things like multifactor authentication and network segmentation. Segmentation is essential. You want to block off your high-value assets as much as possible. And you want to really make sure that access and credential management and all those pieces are secure. Also, an incident response plan is essential \u2014\u00a0so that you can effectively respond to an incident without coming up with a plan on the spot.\u00a0<\/p>\n Gen AI is playing in increasing role in things like social engineering attacks. And it\u2019s also enabling new defenses. What is the state of the AI arms race?\u00a0<\/em><\/p>\n It\u2019s a burgeoning development that we’re definitely continuing to monitor. It\u2019s adding new complexities and dimensions to those classic security issues that we already respond to. You mentioned social engineering. That’s absolutely top of mind for me when I\u2019m thinking of AI, because it can enable threat actors to craft really sophisticated, compelling and targeted lures. On the other hand, as you mentioned, there are applications for AI in cybersecurity as well. At Talos, we\u2019ve researched machine-learning models that can help detect business email compromise. And we\u2019ve used machine learning to help detect online disinformation. So, there’s big opportunities for the defenders as well. \u00a0<\/p>\n Any additional predictions for 2024?\u00a0<\/em><\/p>\n Ransomware continuing is a safe bet. So, I’ll start with that. And commodity loaders, they\u2019re not going anywhere. That\u2019s a type of tool that can be bought on the dark web or open markets. They were on the rise in 2023, and that should continue.\u00a0<\/p>\n One of the most popular commodity loaders that we’ve seen is Qakbot, which was actually disrupted this year. And typically, when this happens, a new variant will step in. With Qakbot\u2019s disruption, we could see new commodity loaders emerge. And then for advanced persistent threats, we\u2019re going to continue to see Ukraine being targeted by Russia-affiliated actors and China-affiliated actors improving their skills and targeting entities related to critical infrastructure and critical services in areas of strategic importance.\u00a0<\/p>\n Given all that, are you optimistic about 2024?\u00a0<\/em><\/p>\n Actually, I am. There are bright points in 2023 that gave me optimism. The intensity and increase in skills in advanced actors is being completely matched by the innovation and collaborative spirit of defenders. There\u2019s just so much collaboration happening across the industry. Things like the Cyber Threat Alliance<\/a> where we connect Talos and Cisco with other cybersecurity companies to tackle threats together. And we have the Network Resilience Coalition<\/a>. We\u2019ve discovered new threat actors and helped defend a bunch of different organizations from attacks, including in Ukraine. We\u2019ve achieved a ton of success, stopping bad guys wherever we can.\u00a0<\/p>\n \u00a0<\/p>","protected":false},"excerpt":{"rendered":" Threat analyst Dave Liebenberg on the Cisco Talos Year in […]<\/p>\n","protected":false},"author":0,"featured_media":2090,"comment_status":"","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[7],"tags":[],"class_list":["post-2089","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-cisco-newsroom-security"],"yoast_head":"\n