Blog
Threat Intelligence 2024 Special Edition
Posted: December 29, 2023
What a year!
I think we all deserve a quieter 2024, and that’s why I’m sending out this special edition Threat Intelligence. Let’s see what we can learn from 7 dangerous themes that emerged in 2023 and apply those lessons to your MSP and your clients’ organizations.
1. Ransomware Renaissance: Top of the list? Yep. The big casino heist. Was this the worst event of 2023? Probably not. It does, however, help us understand that no one is safe. The most important point of this story – casinos are highly regulated, have great training programs, and have people who are great at following rules.
2. Credential Crisis: This got really ugly in 2023. Attackers got onto networks like normal users, then moved throughout the environment with privileged access. How is this lateral movement happening? The attackers were able to move through the network using single sign on tokens. Whether you’re using passwords, multifactor authentication, or password-less authentication – as long as trust exists in the network, a temporary login artifact is stored. That login artifact can often be replayed, leading to this lateral movement.
a. BOTTOM LINE: In 2024, this type of lateral movement will continue.
b. PRO TIP: Make sure you have user identity management and a mechanism in place to protect that user identity management system. Tokens and login artifacts should be treated as the crown jewels of your network. What mechanisms do you have in place to protect them from hackers?
3. Supply Chain Siege: In 2023, hackers didn’t just use vulnerabilities. They also gained access through vendors and supply chain attacks. In one example, over 60 Credit Unions’ networks were held for ransom. The way in? Using access one of their vendors had to their networks to deploy ransomware. These supply chain attacks are not single events, or unlucky breaks for the victims. They represent a continued trend that hackers where are exploiting weakness in an organization’s supply chain.
a. BOTTOM LINE: This trend will continue into 2024 and beyond.
b. PRO TIP: Steps to reduce the risk of supply chain threat include vendor evaluation, least privilege, and testing. The easiest way to test supply chain risk or insider threat exposure is a recurring penetration test focused on these threat vectors. As leaders in cybersecurity, educating organizations of this risk and testing is a necessity.
3. Data Deluge: The biggest data breaches we’ve ever seen: 3.8 billion email and password combinations leaked to the dark web. You might be thinking you have multifactor authentication, so this isn’t a big deal. But here’s the thing: this data is used to improve the models hackers use to socially engineer their victims. The data is imported into tools to build social webs and AI models that allow hackers to figure out how people are connected and how to create an effective pretext while phishing users.
a. BOTTOM LINE: This has been lucrative for hackers, so it’s probably part of their 2024 success plan already.
b. PRO TIP: User training will be a critical component of your 2024 cyber security strategy.
5. Email Compromise: Got a story about someone who wired money to a scam? Well, join the crowd. That was a huge issue in 2023, and if you haven’t heard a story about it, well, you’ve been living under a rock.
a. BOTTOM LINE: The data shows that the number of victims and the amounts of money lost to these attacks continues to rise.
b. PRO TIP: I recommend having a Funds Transfer Policy as part of the decisions you are guiding your clients on about security in Q1 of 2024. You’ll also want to include a M365 hardening project as part of your 2024 recommendations. Check out SecOps 160 for more details on this one. There’s even a script and a worksheet that will help you get it done.
6. Unpreparedness Unraveled: Organizations often make assumptions about how prepared they are, and this is truly dangerous. This year, I personally helped 11 different MSPs respond to ransomware events. Only one of them had a solid plan that was both documented and tested with their client.
a. BOTTOM LINE: Many organizations are assuming their IT teams have this under control.
b. PRO TIP: Your opportunity in 2024 is to educate your clients that incident response and recovery is an operational issue, not just an IT issue. Help your clients by offering tabletop exercises as a starting point to find out where they need practice. Build this into your compliance as a service offering. And yes, all of your clients need compliance as a service.
7. Compliance Conundrum: Compliance has changed cybersecurity forever and it’s just getting started. CMMC might only impact less than 5% of your clients, and maybe it will be years before any real case law exists or enforcement happens around it. However, cyber insurance requires a compliance program, and when people sign up for cyber insurance, they make commitments to security controls. Making these commitments means, not only do you have to implement them, but you also have to gather evidence that these controls are implemented. The key is to build out a compliance program that will be able to be iterated and expanded to support other standards like SOC2, ISO27001, CMMC, PCI, or FTC Safeguards as they become more mainstream.
a. BOTTOM LINE: In 2024, part of your security strategy should include introducing your clients to compliance programs and educating them. This elevates you from a security perspective into a thought leader and advisor.
b. PRO TIP: To get started, we have a turnkey system in the portal that you can use on your clients and your own MSP to build your compliance program.
Ultimately in 2024 the MSPs who will see the most growth are also the ones that are thinking about what happened in 2023 from a security standpoint and coming up with ways to reduce these risks in their 2024 offerings.
Inquire now to get you started on this journey!
Contact Us Today!
