Share on:

Global forces have shaped a very different world today, due to wars, COVID, territorial disputes, etc. Geopolitical conflict is driving the cyber arms race, according to SentinelOne CISO Alex Stamos. In his RSAC 2024 Global Threat Overview session, he covered the four strategic risk drivers that shape the executive decision environment, including geopolitical conflict; the cyber arms race, tech competition and policy used as a weapon.

Ultimately, every country is investing in offensive cyber capabilities, as opportunities for exploitation and an expanding set of targets increase. The Internet has democratized, or made accessible the ability to easily and cheaply launch cyberattacks.

Greater and more distributed attack surfaces arise as technology evolves and the number of devices increases. The (halfway or hybrid) shift to the cloud and use of shadow IT also aggregates risk, all while increasing enterprise complexity puts IT teams at a disadvantage when it comes to defense.

One industry he mentioned is a major target by financially-motivated attackers includes local school districts — why? Because they have poor security, a huge amount of money backing them, and a huge amount of political pressure in the event of an incident. If they suffer a ransomware attack that keeps students out of school, they can go back to the state to get a ransomware payout. They’ve figured out — who has got the money (to pay ransom), but not the security teams.

Software supply chains are another focus of attackers, which correlates with the manufacturing industry ranking in the top 5 of all industries targeted by cyberattacks in 2023 (20.5%), and as the top singular most targeted industry.

Some risks associated with supply chains include attacks that target insecure software for large-sale updating platforms; custom in-house development or specialized code; and vulnerable devices like network gear, IoT and POS that allow them to deliver pre-installed malware. See their timeline of high-profile supply chain breaches:

According to SentinelOne, some key factors in an attacker’s choice to target specific industries include:

  1. The importance of their data and reputation
  2. The potential willingness to pay a ransom
  3. The overall state of the target’s security posture

Then Stamos hit on the buzzword slide of the conference as he switched over to the risks and opportunities of GenAI. On the operational side, it’s a huge benefit to companies because nobody can hire enough skilled people for their security team to provide around-the-clock coverage, especially globally.

GenAI can help make SOC analysts much more efficient, making it incredibly easy to query and get results from your data to determine the scope of an event’s impact in your environment (i.e., which endpoints are affected by a specific event). It makes it much more likely that you can staff a team to do this. But AI will catch up with all of this, and attackers will start to use AI systems to automate all the work necessary to fully compromise an organization, while pairing that with human attackers for the major decisions.

According to Stamos, the only way to defend against attackers is with speed, as speed kills – if they can pull off the killchain in 15 minutes, there’s no way your average analysts can defend against them.

Meanwhile, ransomware actors are getting smarter about how to extort/exploit victim organizations, as well as cyber insurance coverage. Rather than using custom malware that will likely get detected by an EDR, they’re using more commercial tools (remote access, employee management) to compromise a company. Finding those commercial tools can be quite hard.

Top ransomware actors are turning over $2 billion in profit and putting that revenue back into R&D. Stamos predicts they will use AI offensively to do the east-west movement to gain intelligence without requiring people to do it.

What can we do to defend against attacks? Make sure to harden defenses, get visibility and detect every step along the way of the kill chain:

Detecting at each step, particularly as early as possible, provides greater opportunity for faster response times and defense against ransomware infection. Learn more about Ransomware Prevention & Detection.

Security news and stories right to your inbox!