Our website uses cookies to give you the most optimal experience online by: measuring our audience, understanding how our webpages are viewed and improving consequently the way our website works, providing you with relevant and personalized marketing content.
You have full control over what you want to activate. You can accept the cookies by clicking on the “Accept all cookies” button or customize your choices by selecting the cookies you want to activate. You can also decline all non-necessary cookies by clicking on the “Decline all cookies” button. Please find more information on our use of cookies and how to withdraw at any time your consent on our privacy policy.

Managing your cookies

Our website uses cookies. You have full control over what you want to activate. You can accept the cookies by clicking on the “Accept all cookies” button or customize your choices by selecting the cookies you want to activate. You can also decline all non-necessary cookies by clicking on the “Decline all cookies” button.

Necessary cookies

These are essential for the user navigation and allow to give access to certain functionalities such as secured zones accesses. Without these cookies, it won’t be possible to provide the service.
Matomo on premise

Marketing cookies

These cookies are used to deliver advertisements more relevant for you, limit the number of times you see an advertisement; help measure the effectiveness of the advertising campaign; and understand people’s behavior after they view an advertisement.
Adobe Privacy policy | Marketo Privacy Policy | MRP Privacy Policy | AccountInsight Privacy Policy | Triblio Privacy Policy

Social media cookies

These cookies are used to measure the effectiveness of social media campaigns.
LinkedIn Policy

Our website uses cookies to give you the most optimal experience online by: measuring our audience, understanding how our webpages are viewed and improving consequently the way our website works, providing you with relevant and personalized marketing content. You can also decline all non-necessary cookies by clicking on the “Decline all cookies” button. Please find more information on our use of cookies and how to withdraw at any time your consent on our privacy policy.

Skip to main content

An ever more prolific threat landscape and how to fight back

by Lukasz Olszewski, former Global Head of CERT, Atos

The cyberthreat landscape is increasingly prolific, sophisticated and tricky to defend against. Much of this is due to a rise in state-sponsored attacks, for-hire cybercriminals and rapidly evolving offensive technologies. These add additional complexity around issues of data sovereignty and control. This is pulling the private and public sector closer together and further cooperation is needed to tackle what is at stake.

A fundamental part of the problem is the motive, opportunity, impunity cycle where we see high rewards and minimal punishments in cyberattacks. This is exacerbated by state espionage and cyber warfare, which prevents global consensus in tackling the issue.
There must be a step change in how public and private sector work together across the globe to manage cyber threats as the economic and political risk involved increases year-on-year, not to mention the risk to public safety and global geopolitics.

Impunity

Part of the issue is that threat actors can feel protected by their governments when there aren’t any co- operations in place for prosecution and where state-sponsored cyber warfare muddies the water. But what is also at stake is a lack of resources and skills to tackle cybercrime globally and, in some instances, a lack of political will. Unless governments and private sector tackle this as a global crisis – all working together – there will be little change in the proliferation of attacks. Obviously, cybercrime is remote: a threat actor may be sitting in one country attacking an organization or government in another feeling secure in the knowledge that it is highly likely he will not be punished. Being able to act with impunity means there is really no deterrent at work.

Motive

The other major issue in cybercrime more specifically are the financial benefits. The US Department of Justice said it had recovered $2.3 million worth of Bitcoin that Colonial Pipeline paid to ransomware extortionists. Ransomware is now a huge issue for organizations and, perhaps more dangerously, for public sector and critical infrastructure. If an attack puts people or an organization at risk, the policy is generally to pay the ransom and resume services or safeguard operations as swiftly as possible.
There is never any guarantee when paying a ransom that you will be safe afterwards. There is little honor among criminals, and so it is becoming increasingly common for criminals to use the same attack method more than once – they had success the first time and a few weeks later may try again. They can be successful on more than the first occasion.
Moves are being made, particularly in the US, to make the payment of ransoms difficult for organizations and reduce the amount of money going to organized criminals. Broadly, more input from government on tackling this issue is welcome, but criminalizing organizations for payment needs to be balanced with more practical support to help organizations recover quickly from an attack – this element is still lacking in legislative approaches thus far.

With the above cycle still playing out, what can we do to protect organizations?

Cybersecurity teams keep getting better at tackling cybercrime, says Maciej Zarski , Global Head of
CERT, Atos, “The threat landscape is slightly changing every year with new TTPs (Tactics, Techniques, and Procedures) but we still observe that the basic threats are very effective, including: phishing, stolen credentials, ransomware, poor security hygiene and DDoS, DoS. This means we can hunt, detect, plan and educate against these threats. However, tackling the root cause – breaking the impunity cycle – must be the long-term goal.
To break this impunity cycle what matters is accountability. Even if it does not solve the problem completely, surely it should slow down cybercrime.”

Some of the most destructive and costly ransomware groups are now in their third incarnation over as many years.

Brian Krebs

American journalist and investigative reporter from Krebs on Security

Share this Page

Maciej Zarski, Global Head of CERT, Atos