Despite the best efforts of CISOs everywhere, cybercrime is often down to random opportunism. And, although it would make detection far easier, there’s no one-size-fits-all cybercriminal, either. 

Some threat actors like to use mass scanning or widespread phishing to target intrusions. They hope to gain a foothold for ongoing espionage or lay the groundwork for a bolder campaign. Others are more precise and subtle. They use clever masquerading and abuse legitimate credentials to break through networks. Then they throw in a bit of ransomware to compromise security further.

As our latest 2020 Cyber Threatscape report reveals, routinely, we find cybercriminals use both masked and noisy cyberattacks to complicate the process of detecting and attributing threat activity. They use off-the-shelf tools and techniques to enhance deniability, effectiveness and ease of-use so that their prolific attacks can continue. And our report shows how they are doing that year after year.

<<< Start >>>

<<< End >>>

Inside the cybercriminal mind

Our latest observations are part of five frontline trends that are influencing the cyberthreat landscape. In my earlier blogs I’ve shared two trends so far and suggested ways to tackle them. We’ve looked at COVID and the opportunistic threats from remote working. And we’ve seen how new sophisticated attacks are targeting business continuity. Now, we’re going to take a tour of the cybercriminal’s mind—and what we can do to understand it better.

Here are three things we’ve seen happening in the last year:

  • Sophisticated adversaries mask identities with off-the-shelf tools: a range of state-sponsored programs and organized criminal groups have been using open source or commercially available tools to supplement bespoke capabilities and “living off the land” techniques—that’s using tools readily available in the target environment. Cyberthreat actors often use these penetration testing tools to exploit victim networks—such as establishing persistence, command and control, lateral movement, and accessing credentials.
  • Spear phishing steps up a gear: one of the most well-known threat groups in this area is SNAKEMACKEREL whose activities, such as credential stuffing and external infrastructure enumeration, may be efforts to gain access to high-profile individual accounts at organizations for onward spear phishing. SNAKEMACKEREL actors have also increased their targeting of United States government agencies, education institutions and energy sector entities in 2020.
  • Supply chain targeting persists and proliferates: as we have seen recently, compromising a victim’s supply chain is increasingly a focus for cyberthreat actors. It may be most common among state-sponsored groups, but organized criminal groups are also on board with this approach. Some sophisticated cyberthreat actors have employed “island-hopping” techniques—compromising small firms to gain access to their larger partners—to bypass strong perimeter defenses in various industry sectors including aerospace, automotive, defense and nuclear.

Senior decision makers and their security teams need to stay one step ahead.  How? Well, prioritizing continuous and bespoke threat intelligence tailored for a specific organizational profile helps. And taking an intelligence-led security approach that identifies mitigations for certain adversaries means you can be quicker to target your response.

It’s really important to understand the commonly used tools and techniques, especially those involving malicious use of native systems and penetration test tools, and make sure they can be detected in your own environment. It means you can start to prepare for ready-made cybercrime long before it threatens you.

Take a look at the full report for more on the latest cybersecurity threats.

A special thanks to the following individuals who also contributed to 2020 Cyber Threatscape Report: Patton Adams, Omar Al-Shahery, Joseph Chmiel, Amy Cunliffe, Molly Day, Oliver Fay, Charlie Gardner, Gian Luca Giuliani, Samuel Goddard, Larry Karl, Paul Mansfield, Hannaire Mekaouar, Mei Nelson, Nellie Ohrand Kathryn Orme.

 

Accenture Security is a leading provider of end-to-end cybersecurity services, including advanced cyber defense, applied cybersecurity solutions and managed security operations. We bring security innovation, coupled with global scale and a worldwide delivery capability through our network of Advanced Technology and Intelligent Operations centers. Helped by our team of highly skilled professionals, we enable clients to innovate safely, build cyber resilience and grow with confidence. Follow us @AccentureSecure on Twitter or visit us at www.accenture.com/security.

The opinions, statements, and assessments in this report are solely those of the individual author(s) and do not constitute legal advice, nor do they necessarily reflect the views of Accenture, its subsidiaries, or affiliates.

Copyright © 2021 Accenture. All rights reserved. Accenture, and its logo are trademarks of Accenture.

Joshua Ray

Managing Director – Accenture Security

Subscribe to Accenture's Cyber Defense Blog Subscribe to Accenture's Cyber Defense Blog
Subscribe