Cybercriminals were emboldened to undertake record-high levels of intrusions in 2023 largely due to a lack of repercussions in response to those efforts, and because they are seeing more success by evolving their attack methods.
That’s according to Kevin Mandia, CEO of Google Cloud’s Mandiant cybersecurity business, who spoke about what’s been driving attack trends at the 2024 RSA Conference in San Francisco on May 6.
“If you do espionage, you get what you want, and if you do crime, you get what you want. Cyber intrusions are paying off, and that’s why I think you’re seeing this happen,” Mandia said.
He said that attackers have evolved their spearphishing techniques as email communication became an ineffective way to gain access to a network. In 2023, hackers moved from email communication to compressed files, social media, and even QR codes to gain access to networks, Mandia explained.
Hackers also learned how to overcome multi-factor authentication practices — push notifications, one-time passwords, hardware keys — to gain access to a network.
“But again, what this means is you’ve got to have a way to respond,” Mandia said. He added that the silver lining in “all this bad news” is that cyber experts have “gotten better at detecting attacks sooner.”
According to Mandia, increased attention to improving security practices has been propelled forward by stronger partnerships between government and private industry.
One example of this kind of partnership is the Cyber Safety Review Board (CSRB), which was established under the Department of Homeland Security as part of President Biden’s executive order on ‘Improving the Nation’s Cybersecurity’. The board is composed of 15 cybersecurity leaders from the Federal government and the private sector.
Mandia explained that the board’s review and assessment of significant cyber incidents and vulnerabilities helps to drive improvements within the private and public sectors.
For example, in 2023 CSRB issued a report on a breach that victimized a cloud service provider. The incident occurred because “a key … that was seven years old [was] used to mint tokens and one-time authentication for a really, really big scope for the access of emails.” In response, CSRB released 25 recommendations to all cloud service providers and the Federal government on the steps needed to prevent a similar breach.
Those recommendations included incident and vulnerability transparency, disclosure of cybersecurity practices, audit logging norms, victim notification processes, digital identity standards, and security and compliance standards.
“Ransomware has evolved. No question about that and there’s a lot of reasons for this,” Mandia said, “But [leaders] are more engaged … and we see this through the acceleration of private sector and government collaboration in advancing cybersecurity.”
