Optiv’s new 2019 Cyber Threat Intelligence Estimate (CTIE) report suggests that threat actors are now using “cyber-disguises” to keep their true intentions a secret.
Typically, cyber threat intelligence categorises threat actors into fixed classes, such as nation-states, cyber-criminals, and “hacktivists”. However, this report suggests that it is, “a mistake to assume these categories are rigid or to assume that a threat actor’s classification is static.”
Instead, Optiv researchers found that it is actually quite common for threat actors to have multiple criminal identities, so that they can switch between them without getting caught and without revealing their true agenda. The report states:
“Sometimes threat actors may masquerade as a certain type in order to hide their true agenda. Or, threat actors may belong to two or more classes, switching between them as their priorities change.”
Threat actors who demonstrate this kind of behaviour are described by Optiv’s researchers as “hybrid threat actors”. According to the report, their primary targets are governments, manufacturing, energy, and utilities, but—according to Optiv CISO, Brian Wrozek—their tactics make them “quite difficult” to spot.
“Imagine robbing a bank, but the bank robber is able to present themselves as a police officer. It would be extremely difficult to identify that person. Security professionals look for patterns, which can create opportunities for bad actors to abuse those patterns to obscure their true identities,”
The report also found that crypto-jacking and ransomware attacks are increasing in popularity, and that retail, healthcare, government, and financial institutions continue to be among the most targeted in cybersecurity attacks / attempts.
Tom Kellermann, chief cybersecurity officer at Carbon Black, who contributed to the production of the report, said: “Cyberspace has become more hostile. Hackers are more organised and sophisticated in 2019, and we’re seeing malicious attackers increase their counter measures to avoid detection.”
“We hope cybersecurity leaders and teams will use this data as a clarion call to improve their cybersecurity postures.”
Registration now OPEN for PrivSec Global
Taking place across four days from 30 Nov to 3 Dec, PrivSec Global, will be the largest data protection, privacy and security event of 2020.
Reserve your place before 2nd October, and receive VIP access to PrivSec Global which includes priority access to limited space sessions, workshops, networking opportunities and exclusive content.
We have been awarded the number 1 GDPR Blog in 2019 by Feedspot.