Targeted threat intelligence is key to protecting enterprises against cyberattacks

Did you miss a session at the Data Summit? Watch On-Demand Here.

The war against cyberattacks is raging fiercely across the enterprise ecosystem, as cyberattackers continue to evolve with new tactics. Last year, a report by Sophos revealed ransomware-as-a-service (RaaS) attacks increased at a rapid rate in the past 18 months. Another study by Forrester Consulting on behalf of Cyware showed a considerable gap between how fast organizations detect ransomware and the quickness of an attack — highlighting how unprepared many organizations are to identify and mitigate cyberattacks. The Gartner 2022 Audit Plan Hot Spots lists ransomware as one of the 12 key issues auditors will have to grapple with this year.

“Ransomware attacks have become increasingly prevalent and sophisticated,” said Zachary Ginsburg, research director for the Gartner Audit and Risk practice. “Ransomware is resulting in revenue and data loss, compromised data, reputational damage, significant operational disruption and more.” According to Ginsburg, regardless of their size or revenue, organizations should assume they will be targeted with ransomware and examine their prevention, detection, mitigation, response and recovery measures.

As ransomware attacks continue to exploit an ever-widening enterprise attack surface, how can organizations win this fierce war against cyberattackers?

Cyberint, an Israel-based digital risk protection and threat intelligence company, claims its proprietary Argos Edge technology offers an answer, by giving enterprises real-time actionable threat intelligence alerts that help IT teams protect digital assets beyond the traditional security perimeters. Yochai Corem, CEO at Cyberint, told VentureBeat that for organizations to stay protected against attacks, they need to know the exact channels threat actors use for communicating and interacting.

Threat detection and mitigation becomes difficult when organizations are unable to do this swiftly and effectively, according to Corem. He said Cyberint’s proprietary machine learning (ML) algorithms continuously monitor and automatically identify threat actors, enabling security teams to swiftly identify targeted cyberattacks against their organization.

A searchable database for enhanced threat intelligence

Corem said there are different types of malware operated as a service that can be bought and distributed easily, enabling malicious actors to infect machines and steal credentials. “Threat vectors are linking from one source to another — from the dark web, to Telegram channels and many more,” he said, adding that Cyberint can continuously monitor and automatically identify millions of linkages from threat actors with the technology the company has built from over ten years of research and development.

“ML and AI enable us to automatically classify over a billion pieces of data and verify them, looking at those that are most critical and most relevant to the problem our customers are attempting to solve,” he said. “So, for example, out of the 14 million pieces of data we collected in January, I can actually go and look for exposed credentials like credit cards and see the exact attack tools or methods that were used to get them.”

Cyberint claims it has data that no one else does because it created a searchable database of the dark web. It also infiltrated hacker groups on Telegram to gain intelligence on RaaS families and threats across millions of machines around the world.

Corem said Cyberint’s platform continuously scans the entire internet to identify which IPs and domains relate to the company’s customers, and then verifies that there is no open window with access a threat actor can explore and exploit.

“Every attack starts with reconnaissance — information gathering — and then exploitation,” he said. “Our goal as a company is to identify weaknesses in an organization’s attack surface via our unique attack surface management models, providing actionable insights that address any exposure and ensure critical assets are protected.”

Ransomware predictions for 2022

A report by the Cyberint research team showed that the United States is one of the top targeted countries for ransomware attacks. “The report further revealed an overall number of 2,845 ransomware cases last year, with the industrial energy, retail and finance sectors as the top three sectors hit by successful campaigns,” he said.

Corem said ransomware attacks will continue to grow in 2022, as Cyberint saw an 84% increase in ransomware cases in the second half of 2021, compared to the first half of the year.

“There’s a RaaS competition today, with our report showing the Conti ransomware gang as leader of the competition,” said Corem. “And even if organizations have the best endpoint security and the best antivirus firewalls, attackers can still infiltrate their systems using several techniques.” Companies need to be “super-focused” on how they protect their assets, he added: “They need support from experts like us.”

Originally appeared on: TheSpuzz