Cyberattack Trends
트렌드 #1: AI 활용
2023년을 정의하는 특징 중 하나는 사이버 보안에서 인공 지능(AI)의 급속한 부상이었습니다. ChatGPT는 2023년 마지막 몇 달 동안 공개 출시되었으며 획기적이고 독특한 것으로 여겨졌습니다. 몇 달 만에 생성형 AI와 대규모 언어 모델(LLM)을 다양한 작업에 적용하는 수백 또는 수천 개의 새로운 도구와 프로젝트가 등장했습니다.
사이버 보안 분야에서 생성형 AI는 수많은 잠재적 애플리케이션을 보유하고 있습니다. 이러한 도구는 이미 소셜 엔지니어링 공격의 품질을 크게 높이고 인포스틸러, 키로거 및 랜섬웨어를 포함한 새로운 멀웨어를 개발하는 데 적용되었습니다.
While companies such as OpenAI have attempted to build defenses into their tools, they have met with limited success. Research has demonstrated that these restrictions can be easily bypassed, allowing cybercriminals to leverage these tools to increase the scale and sophistication of their attacks.
트렌드 #2: 랜섬웨어
랜섬웨어 는 수년 동안 주요 사이버 보안 위협이었으며 랜섬웨어 공격은 기업에게 더욱 정교하고 보편화되었으며 비용이 많이 듭니다.
지속적인 성공의 주요 동인 중 하나는 랜섬웨어 위협의 끊임없는 진화입니다. 랜섬웨어 그룹 간의 경쟁으로 인해 더 빠르게 암호화하고 방어를 회피하며 더 많은 운영 체제를 표적으로 삼는 랜섬웨어가 탄생했습니다. 랜섬웨어는 또한 데이터 암호화에서 데이터 도난으로 전환되어 몸값 지불에 대한 잠재적인 방어 수단으로 백업을 무력화했습니다.
랜섬웨어 운영자는 또한 공격을 확장하기 위해 다양한 기술을 사용했습니다. 2023년에는 공급망 악용 및 제로데이 취약성으로 인해 CL0P 및 LockBit 랜섬웨어 그룹이 많은 기업에 대한 대규모 동시 공격을 가능하게 했습니다.
트렌드 #3: 핵티비즘(Hacktivism)
핵티비스트는 정치적 동기로 사이버 공격을 수행합니다. 어나니머스(Anonymous)와 같은 그룹은 수년 동안 이러한 공격을 수행해 왔지만, 2022년과 2023년 상반기에는 국가와 연계된 핵티비스트 공격이 급격히 증가했습니다.
이러한 공격은 일반적으로 분산 서비스 거부(DDoS) 공격(DDoS) 공격을 사용하여 특정 국가에 위치한 조직의 운영을 방해합니다. 예를 들어, 러시아와 연계된 킬넷(Killnet)은 서방 의료 기관을 표적으로 삼았고, 친이슬람 성향의 어나니머스 수단(Anonymous Sudan)은 스칸디나비아 항공, 미국 의료 기관, 마이크로소프트를 공격했다.
트렌드 #4 모바일 위협
In recent years, mobile device usage has increased dramatically in the workplace. This trend is driven by the growth of remote work and bring-your-own-device (BYOD) policies.
그 결과, 사이버 범죄자들은 이러한 모바일 디바이스를 손상시키는 데 노력을 집중했으며 모바일 멀웨어의 양과 품질은 급격히 증가했습니다. FluHorse와 같은 최신 모바일 멀웨어 캠페인은 모바일 디바이스의 2단계 인증 (2FA) 코드를 대상으로 하는 반면, FakeCalls는 금융 애플리케이션을 가장한 사기성 음성 통화를 생성합니다. 삼각 측량 캠페인은 사이버 범죄자들이 이전에는 Android보다 훨씬 더 안전하다고 여겨졌던 디바이스의 제로 클릭 취약성을 악용함에 따라 변화하는 iOS 보안 환경을 강조합니다.
Cyberattacks in the News
Russia/Ukraine conflict
Check Point Research (CPR) has released information on cyber attacks that have been seen in the context of the ongoing Russia-Ukraine conflict. In the first three days of battle, cyber attacks on Ukraine’s government and military sector increased by an astounding 196%. The number of cyber attacks on Russian businesses has climbed by 4%.
Phishing emails in East Slavic languages grew sevenfold, with a third of those malicious phishing emails being sent from Ukrainian email addresses to Russian receivers.
Apache Log4j Vulnerability
A severe remote code execution (RCE) vulnerability in the Apache logging package Log4j 2 versions 2.14.1 and below was reported on December 9th 2021 (CVE-2021-44228). With over 400,000 downloads from its GitHub repository, Apache Log4j is the most popular java logging package. It is used by a large number of enterprises throughout the world and allows users to log in to a variety of popular applications. It’s easy to exploit this flaw, which allows threat actors to take control of java-based web servers and perform remote code execution assaults.
SolarWinds Sunburst Attack
The world is now facing what seems to be a 5th generation cyber-attack – a sophisticated, multi-vector attack with clear characteristics of the cyber pandemic. Named Sunburst by researchers, we believe this is one of the most sophisticated and severe attacks ever seen. The attack has been reported to impact major US government offices as well as many private sector organizations.
This series of attacks was made possible when hackers were able to embed a backdoor into SolarWinds software updates. Over 18,000 companies and government offices downloaded what seemed to be a regular software update on their computers, but was actually a Trojan horse. By leveraging a common IT practice of software updates, the attackers utilized the backdoor to compromise the organization’s assets enabling them to spy on the organization and access its data. For more information visit our Sunburst attack hub.
Ransomware Attacks
The resurgence of ransomware has been growing. Small local and state government agencies, mainly in the southeastern part of the U.S., have been victimized. Digital transformation is eroding traditional network perimeters with the adoption of cloud computing, cloud-based subscription services, and the ubiquity of mobile devices. This increased expansion of vectors means more ways to attack an organization.
In Q3 2020 Check Point Research saw a 50% increase in the daily average of ransomware attacks, compared to the first half of the year, Organizations worldwide were under a massive wave of ransomware attacks, with healthcare as the most targeted industry
As these attacks continue to mature both in frequency and intensity, their impact on business has grown exponentially. The Top ransomware types were Maze and Ryuk
Types of Cyberattacks
Cyber threats of generation V and VI are now a reality for businesses. Cybercriminals are aware of recent advancements in company cybersecurity and have adapted their attacks to circumvent and defeat traditional safeguards. To avoid detection, modern cyber attacks are multi-vectored and use polymorphic code. As a result, detecting and responding to threats is more challenging than ever.
Cybercriminals’ primary target and an organization’s first line of defense in the remote work world is the endpoint. Securing the remote workforce necessitates an understanding of the most common cyber risks that employees experience, as well as endpoint security solutions capable of detecting, preventing, and resolving these assaults.
Cyberattacks come in a variety of different forms. Cybercriminals use many different methods to launch a cyber attack, a phishing attack, an exploitation of compromised credentials, and more. From this initial access, cybercriminals can go on to achieve different objectives including malware infections, ransomware, denial of service attack, data theft, and more.
A Cyberattack is Preventable
Despite the prevalence of cyber attacks, Check Point data suggests that 99 percent of enterprises are not effectively protected. However, a cyber attack is preventable. The key to cyber defense is an end-to-end cyber security architecture that is multilayered and spans all networks, endpoint and mobile devices, and 클라우드. With the right architecture, you can consolidate management of multiple security layers, control policy through a single pane of glass. This lets you correlate events across all network environments, cloud services, and mobile infrastructures.
In addition to architecture, Check Point recommends these key measures to prevent cyber attacks:
- Maintain security hygiene
- Choose prevention over detection
- Implement the most advanced technologies
Learn more about recent cyber attack trends by checking out Check Point’s 2024 Cyber Security Report. You’re also welcome to learn how to protect against modern cyber threats by signing up for a free demo of Check Point Harmony Endpoint.
피드백