Cyber attacks now becoming multi staged, coordinated and blended

As per a global survey report ‘The Impossible Puzzle of Cybersecurity’, which is conducted by a UK based research company Vanson Bourne and commissioned by Sophos, IT managers are inundated with cyberattacks coming from all directions and are struggling to keep up due to a lack of security expertise, budget and up to date technology. The survey also reveals how attack techniques are varied and often multi-staged, increasing the difficulty to defend networks. One in six IT managers surveyed didn’t know how they were breached, and the diversity of attack methods means no one defensive strategy is a silver bullet.

Further the report reveals, Software exploits were the initial cause of 41% of incidents and used in 35% of cyberattacks, demonstrating how exploits are used at multiple stages of the attack chain. Phishing emails impacted 54% of those hit by a cyberattacks. Ransomware impacted 39% of attack victims. 48% of attack victims suffered a data breach.

Sunil Sharma, Managing Director Sales, Sophos India & SAARC has shared his views with VARINDIA, on how cybercriminals are evolving their attack methods using multiple payloads to maximize profits.

The Threat Landscape

These days most of the attacks that are happening are advanced malware. The present threat landscape is changing from known to unknown. Attacks are launched from different directions  and they are multi stage coordinated and blended.  

Sunil Sharma explains, “When we talk about threat landscape, I think most of the people are talking about that it is the basic virus or basic malware. But we personally believe and as per data that, as of today, that is just 5% of the total threat landscape and 95% is advanced malware like ransomware. Which means deadly threat landscape is changing. It is changing from known to unknown.  If you look at the survey, a lot of people answered that cyber attacks are coming from multiple directions, at the same time they are multi stage coordinated and blended. These are the two outcomes of the survey. What exactly is meant by multiple directions is that what kind of most significant attacks that are happening like via emails, web, software vulnerability which has been exploited and external devices.” 

Further he adds, “The shift is not like earlier days when people are going to give you a simple virus attack, so that you can protect that with antivirus. Today it is the need of the hour that we need to protect the environment or our infrastructure from unknown threats and unknown threats cannot be protected by traditional security systems.”

Focusing some light on malwares, Sunil shares, “Cybercriminals are evolving their attack methods and often use multiple payloads to maximize profits. Advanced malwares are the malwares, which might be in the core, they might have some software which they have used in the past but they are now using different attachments to it. So the protecting software is not able to identify them. Sophos has huge data and reference. We can identify whatever shapes that malware takes in different forms. We know that it is a known one and by virtue of permutations and combinations, with the help of deep learning algorithm, we are able to identify and stop that malware entering into the system.”

CIO Concerns

Looking the present threat scenario the CIOs or the IT Heads of any organization are concern about three major things that are lack of skill set in manpower, technology update in the infrastructure and the budget. Elaborating on this Sunil says, “As of today, there are three concerns which we have mentioned in our survey outcomes. These three concerns are primarily the skill of manpower, the technology update in the infrastructure and the budget. These are the three challenges that are faced by all IT managers today.”