EXCLUSIVE WEBINAR: Microsoft Outlook Chaos Unleashed — Live Technical Analysis of new Vulnerabilities
arrow-white arrow-white Secure your spot

Are Threat Actors Winning the Cybersecurity Arms Race?

Posted by Daniel Petrillo on March 18, 2021

Threat Actors Winning CybersecurityEver since the Morris Worm infected 10 percent of internet-connected computers in 1988, endpoint security has become a critical asset for organizations and endpoints themselves a top target for threat actors. However, in recent years, the arms race between cybercriminals and businesses has reached a fever pitch. Even though spending on cybersecurity solutions has increased exponentially, the damage done by cybercrime has not diminished. Estimates now show that by 2025 global cybercrime will cost over $10 trillion per year — equivalent to half the United States' current GDP. 

While an increasingly digitized world raises the stakes for cyberattacks, another key driver of this rising cost is the proliferation of devastating ransomware. The most frequently used tool for cybercriminals right now, ransomware attacks happen every 11 seconds. As of this year, the average ransom payment has also increased by 57 times since 2015. However, while the damage that cyberattacks pose to organizations is growing, enterprises also have access to a greater variety of "next-generation" solutions than ever before. With that in mind, it's worth asking why it looks like cybercriminals are gaining the upper hand.

The Problem with Modern Cybersecurity

The increasing danger posed by cyberattacks is partly due to the continued use of outdated cybersecurity approaches. Traditionally, cybersecurity has been built on a perimeter-based and fragmented approach. In the increasingly borderless digital environment where modern enterprises operate, this approach is ineffective. 

Threat actors have learned to seek out and exploit both fragmented security stacks and misconfigured server environments to bypass enterprise firewalls and propagate malware and ransomware. Accordingly, cloud infrastructure misconfigurations alone have been responsible for more than 30 billion record leaks in the recent past. Most enterprises find out too late that many of their security solutions do not protect them against fileless attacks and in-memory exploits that propagate laterally across their networks. 

On the other hand, relying on siloing important assets also doesn't work. As illustrated by the Stuxnet virus's dramatic success in 2010, no system, no matter how critical, can be hermetically sealed from threats. With everything from cars to medical devices now forming potential endpoints, IoT devices have also opened up new attack vectors for cybercriminals. While the pandemic has undoubtedly highlighted the importance of endpoint security for this growing target area, protection solutions are often too heavy or opaque for modern enterprise environments. Meanwhile, the human element of endpoint security remains underappreciated.

Cyberattack Innovation Continues Its Acceleration

While cracks in enterprise defenses continue to expand, cybercriminals are rapidly innovating. Previously the reserve of criminal gangs with a high level of technical savvy, ransomware-as-a-service has made high-end ransomware easily accessible. Ransomware strains such as DoppelPaymer can now be "licensed" by affiliates in return for a percentage payment of their ill-gotten gains. New call-to-action

Threat actors are also on track to leverage developments in machine learning technology. Far from a dystopian science fiction story, the prospect of self-learning phishing scams and AI-powered ransomware attacks is unnervingly close to becoming a reality. The combination of intelligent targeting, where machine learning algorithms change out words until they find the most effective combination for phishing emails, and intelligent evasion designed to make it easier to bypass detection-centric tools is a powerful risk that could easily overwhelm even the savviest defenders.

Further, the proliferation of state-sponsored cybercrime means that while many businesses face increasing danger from persistent threats, more virulent ransomware strains are filtering down into the hands of profit-driven cybercriminals. The privateering nature of highly capable gangs such as Evil Corp, who recently conducted a massive ransomware attack on Garmin, also shows how the line between state sponsorship and profit-driven opportunism is blurring.

Companies Need to Adopt a Proactive Approach to Reduce Their Cybersecurity Risks

To counter the growing capability of threat actors, the cybersecurity industry presents endless opportunities for organizations to deploy more complex collections of solutions. Regrettably, the cybersecurity industry is rife with marketing jargon where real security is needed. While solutions that use buzzwords such as "next generation" or "machine learning" sound innovative, they ultimately fail to protect against the growing number of unknown, evasive attacks.

The only reliable way for organizations to counter increasingly capable adversaries is to refocus on what works. A less diverse array of effective solutions is a far better bet when it comes to solutions stacks. At the same time, more effort and investment need to be directed towards protecting the endpoints where ransomware can gain a beachhead in the first place. This concept means improving cyber hygiene through proactive measures such as device hardening and privilege restriction while working towards a zero-trust approach propagated throughout the enterprise.

Only 29 percent of information security professionals in a recent InfoSec survey reported training employees on safe remote working practices. Unfortunately, this finding highlights the inherent weakness in many enterprises — its people. It's vital to remember that employees are frequently the weakest link in any security posture. The key to shoring up this critical security weak point is up-to-date training and resources that help individuals spot and avoid phishing attacks and social engineering scams that allow most attacks access to your network. 

Final Thoughts

Instead of responding to malicious actors' growing capability by loading up on increasingly complex solutions stacks, enterprises should leverage a proactive cyber defense strategy. While the key to this approach is making security an inherent operational asset, refining the enterprise security stack is also vital. Taking a proactive approach, rather than a reactive one of responding to threats once they’ve breached critical systems, enables even the most resource-constrained teams with a reduced attack surface and lowered risk of attack.  

To achieve a simple and effective security solution stack that offers protection from known and unknown threats, you leverage a deterministic solution like Morphisec Guard that enhances visibility into and control over the OS-native security tools inherent in Microsoft Windows 10. Bolstered with a more effective security posture, enterprises shouldn't lose hope. Even if cyber criminals may win the battle, there is no reason they should win the war.