A report published by Akamai at the close of 2019 advises cybersecurity teams to expect to see many more weaponized cyber attacks in the New Year.
Larry Cashdollar, an Akamai security researcher, said going into 2020 an overlap between criminal developers and nation-state actors is creating a steady stream of zero-day tools targeting specific organizations and individuals.
As the entities that launch these attacks become increasingly more professional in how they operate, attacks stemming from credential abuse, phishing and exploitation of vulnerabilities in popular systems will only continue to grow in scale and size, Cashdollar said. In the last 17 months, Akamai has observed 55 billion credential stuffing attacks with no signs of slowing down.
Overall, Akamai research identifies the U.S. as the top source for credential stuffing, followed by Russia. In terms of phishing attacks aimed at compromising credentials, thwarting these efforts is becoming more difficult because 60% of the phishing kits monitored by Akamai were active for only 20 days or less, according to the company.
Finally, in terms of application attacks, the U.S. again dominates, followed more closely by Russia. SQL injections (SQLi) continue to be the primary attack vector being employed, accounting for 77% of all application attacks in the first three quarters of 2019 and creating more than 3.1 billion alerts on the Akamai platform.
Given the scope and sophistication of the cyber attacks being launched, Cashdollar said organizations will need to rely more on machine learning algorithms and eventually other forms of artificial intelligence (AI) to combat attacks. The challenge is that as cybercriminals become more organized, they’re starting to invest in AI at scale as well. In effect, cybersecurity in the future will soon involve bots battling one another for supremacy, he said.
In the meantime, however, while cybercriminals are getting better at targeting attacks, their methods appear to remain consistent. Rather than developing new exploits, it’s easier to continue to rely on existing methods that are known to work. What’s changing is the ability of cybercriminals to launch attacks at scale.
The good news is attitudes toward cybersecurity are shifting as well. Organizations of all sizes are making a more concerted effort to secure their software supply chains, as evidenced by the growing interest in DevSecOps, noted Cashdollar. Unfortunately, too many of those supply chains are still vulnerable to low-level SQLi attacks.
The cybersecurity battle may never be won. Each new defense developed generally pushes cybercriminals toward focusing on some other known vulnerability. The challenge facing cybersecurity teams at the end of the first decade of the 21st century is pretty much the same as it was at the beginning. There continues to be a strong need to focus on cybersecurity fundamentals. The only thing that has really changed is the scale at which those fundamentals need to be applied continues to expand exponentially as each new platform is added to the extended enterprise.