Palo Alto Networks Finds Cyberattack Patterns Changing
An analysis of cyberattacks published by the Unit 42 research arm of Palo Alto Networks found a significant increase in attempts to mimic generative artificial intelligence (AI) sites on the web using typosquatting techniques.
Cybercriminals are attempting to take advantage of the popularity of platforms like ChatGPT to distribute malware to end users that are not looking closely at the URL of the site they have landed on, the report warned.
The report also noted that while cybercriminals are not yet widely using generative AI to create cyberattacks, there has been an increase in attacks aimed specifically at operational technology (OT) platforms. In the last year, Unit 42 reported a 28% increase in the ratio of malware aimed specifically at vertical industries using OT technologies.
Anand Oswal, senior vice president and general manager for network security at Palo Alto Networks, said that while attacks against OT technologies are not new, the level of increase suggested that cybercriminals are increasing their focus on critical infrastructure.
Overall, the report also noted that 13% of the network traffic generated by malware is now encrypted using the secure socket layer (SSL) protocol and that cryptominer traffic has doubled in the last year.
Finally, the report also found exploitation of known vulnerabilities increased 55% compared to 2021 and that PDFs remain the most widely used vehicle for delivering malware via email attachments.
In general, the challenge cybersecurity teams encounter is not so much that cybercriminals are developing new malware and techniques but that they continually evolve existing ones. Most malware is a derivative of a previous exploit, while typosquatting has been exploited by cybercriminals for decades. The issue is that the overall size of the attack surface that needs to be defended continues to expand as more devices are connected to the internet to access a range of cloud services.
Palo Alto Networks has been making a case for unifying the management of cybersecurity via a cloud service that spans both IT and OT technologies. It’s not clear how quickly organizations are centralizing the management of cybersecurity, but reducing the total number of point products that cybersecurity teams need to deploy, manage and update reduces the total cost of cybersecurity. It also provides more flexibility in terms of being able to invoke additional capabilities as required.
In the meantime, most cybersecurity teams are going to accomplish a lot more by focusing on the fundamentals than spending too much time worrying about the launch of more esoteric cyberattacks. Most cybercriminals are not going to put extra time and effort into launching a complicated, unique cyberattack when the simple ones they already have at their disposal remain effective. The challenge cybersecurity teams face now is finding a way to automatically combat as many known threats as possible. This will allow them to use the limited resources they have to identify how the techniques and tactics that cybercriminals use are evolving to evade existing controls.
