In today's ubiquitous AI, I believe many people dare not guarantee it. The new generation of AI technologies represented by ChatGPT, Sora, multimodal and other concepts have swept the world, and with it, cyber risks have increased sharply, and AI-based deepfake fraud, phishing emails, and ransomware have become increasingly rampant, posing a major threat to data centers, critical infrastructure, and even national security. "These attacks are global and profit-driven. Especially after the advent of AI, the cost of cyber attacks has decreased, and we need to think about how to build a higher 'protective wall'. In addition, today's businesses will be connected to the network, many applications will run in the cloud, and data will also go to the cloud, people are generating data all the time, and they are facing risks anytime and anywhere. Wenjun Chen, president of Palo Alto Networks Greater China, said.
Palo AltoNetworks(派拓网络)大中华区总裁陈文俊
In other words, AI is a double-edged sword. Hackers can use AI technology to enhance the effectiveness of traditional cyber attacks, and extend to the edge environment with the help of the Internet of Everything, hundreds of millions of smart terminals have deployed a large number of sensors, from factory production lines to robots, drones, to cars on the road, home entertainment, etc., are all possible targets. At the same time, threats such as deepfakes have increased the difficulty of user identification, and the popularity of open-source large models has brought deeper hidden risks. In this regard, enterprises need to shift from passive defense to active defense, participate in decision-making with the help of machine intelligence and automation capabilities, build a global collaborative security protection system, and protect the security of multi-cloud and hybrid cloud will become the focus.
When it comes to business risk, ransomware is a topic that can't be avoided. The suspected mastermind of a ransomware attack on a wholly owned subsidiary of a major bank in the United States, which caused some system disruptions, is said to be a globally active hacking group that has compromised more than 1,600 organizations, including Boeing, Royal Mail and others. Since 2020, Lockbit's ransom payments worldwide have exceeded $100 million. Cyberattacks such as ransomware are becoming more and more serious threats to critical infrastructure and core systems.
According to Palo Alto Network's observations, the current cyber threats mainly present three characteristics: universality, distributed in finance, energy, Manufacturing and other industries, more severe, the scale of the attack is getting larger and faster, the attack speed is getting faster and faster, and the impact of the attack is getting bigger and bigger, the reason is that many attacks will hide in the system, leading to the long-term threat of long-term data leakage, and many times it takes only 2-3 days on average from the attack to the exfiltration of data; more complex, some attacks will invade the software supply chain and open source libraries, the attack methods iterate faster, and hackers can also use generative AI to automatically form code and carry out variant attacks. More strategic, more organized and professional.
In its 2024 Ransomware Review: Analysis of Unit 42 Leaked Websites, Palo Alto Networks noted that in 2023, there was a 49% increase in the number of victims reported by ransomware leaked websites, with a total of 3,998 posts published by ransomware organizations. Zero-day exploits targeting 2023, including SQL injection into the MOVEit and GoAnywhereMFT services, have led to a spike in ransomware infections by organizations such as CL0P, LockBit, and ALPHV (BlackCat) before defenders update the vulnerability. For example, CVE-2023-0669 for GoAnywhere MFT or CVE-2023-34362, CVE-2023-35036, and CVE-2023-35708 for MOVEit Transfer SQL Injection. LockBit, Medusa, ALPHV (BlackCat), and other organizations launched zero-day exploits on the Citrix Bleed vulnerability CVE-2023-4966 and carried out multiple intrusions during November 2023.
In addition, 2023 saw the emergence of at least 25 new leak websites and the launch of ransomware-as-a-service (RaaS) offerings, which accounted for about 25% of all ransomware posts in 2023, with Akira leading the list of posts among new organizations. Akira was first spotted in March 2023 and described as a fast-growing ransomware group. The researchers linked the organization to Conti through cryptocurrency transactions related to Conti's leadership team. The second highest number of leaked website posts in 2023 is the 8Base ransomware, one of the ransomware groups that has been active since 2022, but the group only started announcing victims in May 2023.
Out of the 3,998 leaked website posts in 2023, the LockBit ransomware remains the most active, with 928 organizations, or 23% of the total. With the fall of groups like Conti, Hive, Ragnar Locker, and others, LockBit has become the ransomware of choice for many attackers, who subsequently become members of the group. LockBit has released several variants that affect both Linux and Windows operating systems. By repurposing the freeware tool and taking advantage of LockBit's fast encryption capabilities, members can tailor the ransomware campaign to their needs. In second place in terms of the number of leaked posts is the ALPHV (BlackCat) ransomware, which accounts for about 9.7% of the total number of leaked website posts in 2023. In third place is the CL0P ransomware, which accounts for about 9.1% of the total number of posts in 2023.
The distribution of leaked website posts in 2023 shows that the manufacturing industry is the most affected by ransomware, accounting for 14% of the total number of posts. This is due to the fact that manufacturers often have limited visibility into their operational technology (OT) systems, increasing networking, insufficient monitoring of the network, and sometimes failure to implement best security practices. Considering that manufacturing enterprises have high requirements for the continuity of production lines, the losses suffered once they are extorted are huge. Manufacturing is followed by legal services, high-tech industries, etc.
Logistics is also a vulnerable industry in the Chinese market. "From being driven by security compliance in the past, customers are now more focused on how to protect against more advanced attacks. "In addition, many Chinese companies are pushing their business overseas, which makes it even more necessary to strengthen their cyber defenses to meet the laws and regulations of various regions around the world." ”
Chuntao Dong, general manager of pre-sales for Palo Alto Networks in Greater China
In this regard, Palo Alto Networks put forward eight recommendations for enterprises: first, to implement a defense-in-depth strategy, in addition to the traditional firewall and WAF, to further strengthen, including the creation of multiple layers of security control to jointly provide overlapping protection against potential threats, and second, to develop an incident response plan, and constantly review it according to the opinions of cybersecurity experts. Update and test to better respond to attacks, ensure full visibility of the attack surface to help identify and mitigate vulnerabilities before they are exploited, implement an enterprise-wide zero-trust network architecture that creates layers of security that prevent or limit attackers from moving laterally through the network, implement a cloud security program and platform to achieve comprehensive cloud-native security to protect cloud infrastructure and applications, enforce MFA as a technical control and security policy for all users, and implement the principle of least privilege to minimize the impact of security incidentsEighth, leverage the power of AI and automation to modernize security operations and reduce the excessive workload of analysts.
In the past, Palo Alto Networks' main business was application-based firewalls, but as the network security landscape became more and more complex, the company has formed a series of innovations and acquisitions to form a platform-based service that integrates cloud security, endpoint security, security operations, security consulting and other capabilities, covering hardware, software and SASE products. For example, Cortex can integrate data analytics and automated SOC capabilities to protect against unknown threats with AI. At the same time, Palo Alto Networks also has Unit 42 Security Consulting, which provides threat intelligence and consulting services to help enterprises respond to crises and change from reactive to proactive. Combined with SCA (Software Composition Analysis), Prisma Cloud can help enterprises scan and check for vulnerabilities or malicious programs in open source code, while ensuring the reliability of the software supply chain, and then promote development and operation.
Palo Alto Networks' next-generation platform helps enterprises transform their networks
With the help of cloud-based virtualization firewall technology, Palo Alto Networks brings the advantages of NGFW to the cloud, providing virtual machine and container versions, compatible with various mainstream public clouds, easy to deploy, can be integrated into SASE and edge resources, global protection of cloud and local workloads, unified management capabilities, and can provide hour-level security deployment in any region of the world. Enterprises can better protect against ransomware threats with next-generation firewalls with built-in cloud security services (Advanced WildFire, DNS Security, Advanced Threat Prevention, Advanced URL Filtering, and more).
If you want to know if you have been attacked, if your cloud configuration is vulnerable, if you are compliant, and if you want to know if you have any issues, Strata can provide situational awareness services to support hardware, software, and SASE deployments. Purpose-built for SecOps transformation, Cortex XSIAM brings together all data and SOC functions (XDR, SOAR, ASM, SIEM) into a single, AI-driven platform that connects events from disparate data sources to accurately detect and block threats at scale, automates security tasks, reduces manual effort, and enables minute-by-minute response and detection, all right out of the box.
Because hackers' attacks are already done through AI, if we use human hands to prevent it, it can't be stopped, it must be machine-to-machine. In addition, we use Cortex Xpanse for attack surface management, with Xpanse, we can find vulnerabilities before attackers can find vulnerabilities and proactively reduce risk through a comprehensive inventory of assets, uncovering previously undiscovered attack surfaces. Cortex Xpanse continuously discovers and monitors an organization's digital attack surface across the Internet, ensuring that security operations teams are not exposed to blind spots. With Cortex Xpanse, businesses are discovering 35% more assets than they can track using a manual inventory process.
In fact, Palo Alto Alto Networks has been using AI to accurately identify and defend against attacks for more than a decade and has already leveraged generative AI technology to help customers better understand, configure, and use their products. Today, Palo Alto Networks employs more than 4,400 machine learning models across a wide range of products to process different samples. With the increasing number of networked devices and the multi-dimensional forms of attacks, Palo Alto Networks will use the AI algorithm in Cortex to collect and count huge logs, compare the AI algorithm with a large number of attack samples, find the most correlated causes, find suspicious clues, and give suggestions to block and isolate, a process that may have taken days in the past, but can now be solved in minutes.
"In the next three to five years, platform-based and AI-driven active defense will become a trend, and the cybersecurity market will also move towards consolidation, with thousands of companies becoming several leading companies. "For Palo Alto Networks, our platform-based products will drive the integration of the entire market, help customers move from reactive defense to active defense, help customers prevent, detect, and block through AI-driven, coupled with continuous technological innovation, to meet future security challenges with customers." ”
(8669070)