blog.barracuda.com
Open in
urlscan Pro
4.234.25.19
Public Scan
URL:
https://blog.barracuda.com/2023/06/08/how-attackers-defenders-learn/
Submission: On June 09 via api from TR — Scanned from GB
Submission: On June 09 via api from TR — Scanned from GB
Form analysis 1 forms found in the DOM
GET https://blog.barracuda.com/search
<form method="GET" class="cmp-search-box__form" action="https://blog.barracuda.com/search">
<input class="cmp-search-box__form__input" type="search" name="searchTerm" aria-label="Search for" placeholder="Search" value="" data-cmp-hook-header="searchInput">
<a href="#" class="cmp-search-box__form__search-btn" aria-label="Search" data-cmp-hook-header="searchSubmit">
<span class="cmp-search-box__form__search-btn__icon"></span>
</a>
</form>Text Content
* Home
* Ransomware Protection
* Email Protection
* Research
* Remote Work
* Home
* Ransomware Protection
* Email Protection
* Research
* Remote Work
TYPE AND PRESS ENTER TO SEARCH
BEND, DON’T BREAK: HOW ATTACKERS AND DEFENDERS LEARN FROM EACH OTHER
Topics:
Jun. 8, 2023
|
Adam Khan
Tweet
Share
Share
Tweet
Share
Share
For more than 30 years, cyber attackers and security teams have battled it out
across the digital landscape, one side looking for gaps and flaws to target, the
other side fixing and protecting them. The pace of the conflict is accelerating.
Today, there are more than 1 billion known malware programs. Of these, 94
million appeared in the last 12 months. In 2009, the annual figure was 25
million.
To mark Barracuda’s 20th anniversary, we took a high level look at how
cyberattacks and cybersecurity have evolved since we started in 2003, and what
might be waiting round the corner.
THE LANDSCAPE BY 2003
Cyberthreats and the cybersecurity to defend against them took off in the mid
1980s. The Cascade virus in 1987/8, the Morris worm in 1988, the Melissa virus
in 1999, to name a few.
By 2003, cyberthreats had begun to diversify and multiply, but attacks remained
largely fragmented, disruptive, and often opportunistic. Viruses, worms, and
other malware took advantage of the rise in business internet use but were not
really implemented as part of organised cybercriminal attack campaigns. The
attacks targeted laptops and desktop devices and looked for cracks in a defined
and controlled access perimeter.
The corresponding cybersecurity landscape was focused on scanning for and
detecting known malware by its signatures and on blocking spam, viruses, and
basic web attacks. The static signature detection system was soon complemented
by heuristic detection (detecting viruses by examining code for suspicious
properties) designed to spot the growing number of previously unknown malware
variants.
Waiting in the wings, however, was the first push-enabled BlackBerry handset
released in 2022 — freeing employees and data from the traditional confines of
the workplace. It wasn’t long before other devices, technologies, and
applications followed, and everything changed forever.
BY 2009
By 2009, mobile devices, services and software were taking over the business
landscape. The security perimeter stretched ever further outwards, and attackers
got organised. Financial fraud, phishing, ransomware, spyware, botnets, and
denial of service (DoS and DDoS) joined the cyberthreat ecosystem — and didn’t
leave. Some of the attack tactics first reported during this time — such as SQL
injection - are still in use today.
To cope with larger and more varied digital workloads, virtual machines (VM) and
virtualisation became integral components of IT networks. It can be harder to
keep track of workloads and applications in a virtualized environment as they
migrate across servers, which makes it more difficult to monitor security
policies and configurations. Under-protected VMs can be targeted with malware
and, once infected, can spread malware across the entire virtual infrastructure.
Virtualization also offered some security advantages. If a VM is isolated from
the wider network it can be used for malware analysis, penetration- and
scenario- testing.
BY 2012
The age of modern ransomware had arrived. Web-based and social engineering
attacks became widespread, and attacks by nation-state supported groups and
hactivists increased.
At the same time, the business need for scalable, accessible, security that can
be updated in real-time and doesn’t drain resources drove security to the cloud
and as-a-service consumption models. Organizations also looked for security that
could store and protect their growing volume of cloud-hosted assets and for
advanced email security to combat the increasingly sophisticated email-based
attacks.
BY 2016
As the decade progressed, cyberattacks became more prolific and destructive.
Connected internet-of things (IoT) systems and hybrid cloud/on premise IT
environments become common, offering attackers a broader attack surface and new
points of weakness to target and exploit. Attackers were using fileless malware
and legitimate or built-in IT tools to bypass security measures and detection.
The skills and resources needed to secure complex digital environment against
such threats overwhelmed many organizations, and they turned in growing numbers
to managed service providers for external support. Security provision became
more flexible, available through the major online marketplaces and other service
providers so it could be bought and up and running within minutes.
2017 was to be a defining year for cyberthreats and cybersecurity. It was the
year the powerful exploit tool targeting the SMB protocol, EternalBlue was
leaked and the year of two attacks with vast global impact — WannaCry and
NotPetya.
BY 2023
Today, we see the internet-of-things evolving into the internet-of-everything
(IoE.) Security integration and visibility are struggling to keep pace — leading
to security gaps that attackers are quick to target and exploit.
Both attackers and defenders are harnessing AI and machine learning — the first
to craft ever more convincing social engineering attacks and malware; the second
to develop ever more intelligent security tools to detect and block these.
With malware tools and infrastructure widely available as-a-service,
cyberattacks are within the reach of many more criminals, powering the spread of
ransomware, extortion and more — and homing in on businesses with many users,
devices, applications, and data active far beyond what was once the perimeter.
Security has adapted, implementing single vendor, end-to-end network security
platforms that bring advanced security to the edge — known as Secure Access
Service Edge (or SASE) – with Zero Trust based access controls, threat
intelligence, incident response and 24/7 security operations centers.
The Russia-Ukraine war that started in 2022 has also reminded the world how
cyberattack tactics, such as DDoS, wipers, and more can be wielded as
cyberweapons in times of geopolitical tension.
BY 2028
What does the future hold?
As we move towards the second half of this decade, we know that security
perimeters are a thing of the past, and that attacks are more likely have
catastrophic results, simply because we have become so dependent on vast
interconnected digital systems and infrastructure. Security needs to be
embedded deeply into these systems.
We expect the widespread adoption of AI to continue, with significant
repercussions for businesses, society, and geopolitical stability. AI will
enable security operations centers to become intuitive and responsive,
accelerating the detection, understanding and mitigation of complex incidents.
By the end of the decade, quantum computing is expected to become commercially
viable, transforming everything from drug development and financial markets to
climate change and weather forecasting. Quantum computing will also have a
significant impact on cybersecurity, including the ability to crack traditional
encryption.
CONCLUSION
Cybersecurity is a journey. Looking back across 20 years shows us that attackers
and security teams have adapted continuously to the changing landscape and to
each other, both sides driving and driven by change. Over the coming years, the
pace of change will continue and accelerate. There will be new vulnerabilities
and new threats, alongside decades’ old tactics and weaknesses — security needs
to be ready for it all.
Adam Khan
Adam Khan is the VP, Global Security Operations at Barracuda MSP.
He currently leads a Global Security Team which consist of highly skilled Blue,
Purple, and Red Team members. He previously worked over 20 years for
companies such as Priceline.com, BarnesandNoble.com, and Scholastic. Adam's
experience is focused on application/infrastructure automation and security. He
is passionate about protecting SMBs from cyberattacks, which is the heart of
American innovation.
Related Posts:
Cybersecurity intelligence sharing needs to get better
U.S. discloses how FSB used snake to steal data
The language of data privacy: The differences between PII, PHI, NPI, and PCI
Cybersecurity Threat Advisory: Critical PaperCut vulnerability actively
exploited
Tweet
Share
Share
Tweet
Share
Share
--------------------------------------------------------------------------------
Popular Posts
Threat Spotlight: 3 novel phishing tactics From portfolio to platform: Barracuda
turns 20 Stay ahead of attackers trying to capitalize on recent bank failures
OWASP Top 10 API security risks: 2023 update Repeat ransomware attacks: What’s
putting victims at risk?
Topics
13 Email Threat Types Ransomware Protection Microsoft 365 Email Protection
Network Protection Application and Cloud Protection Data Protection and Recovery
Healthcare Education Industrial and IoT Security Managed Services Digital
Transformation Barracuda Engineering
Resources
Barracuda Security Insights Barracuda Email Threat Scan Security Glossary
2023 © Journey Notes
* Email Protection
* Application and Cloud Security
* Network Protection
* Data Protection
HOW BARRACUDA USES COOKIES
YOUR PRIVACY
YOUR PRIVACY
Barracuda Sites may request cookies to be set on your device. We use cookies to
let us know when you visit our Barracuda Sites, to understand how you interact
with us, to enrich and personalize your user experience, to enable social media
functionality and to customize your relationship with Barracuda, including
providing you with more relevant advertising. Note that blocking some types of
cookies may impact your experience on our Barracuda Sites and the services we
are able to offer.
* STRICTLY NECESSARY COOKIES
STRICTLY NECESSARY COOKIES
Always Active
Strictly Necessary Cookies
These cookies are necessary for the website to function and cannot be
switched off in our systems. They are usually only set in response to actions
made by you which amount to a request for services, such as setting your
privacy preferences, logging in or filling in forms. You can set your browser
to block or alert you about these cookies, but some parts of the site will
not then work.
* ANALYTICS COOKIES
ANALYTICS COOKIES
Analytics Cookies
These cookies help Barracuda to understand how visitors to our pages engage
within their session. Analytics Cookies assist in generating reporting site
usage statistics which do not personally identify individual users.
* PERFORMANCE COOKIES
PERFORMANCE COOKIES
Performance Cookies
These cookies allow us to count visits and traffic sources so we can measure
and improve the performance of our site. They help us to know which pages are
the most and least popular and see how visitors move around the site. If you
do not allow these cookies we will not know when you have visited our site,
and will not be able to monitor its performance.
* TARGETING COOKIES
TARGETING COOKIES
Targeting Cookies
These cookies may be set through our site by our advertising partners. They
may be used by those companies to build a profile of your interests and show
you relevant adverts on other sites. They do not directly identify you, but
are based on uniquely identifying your browser and internet device. If you do
not allow these cookies, you will experience less targeted advertising.
* FUNCTIONAL COOKIES
FUNCTIONAL COOKIES
Functional Cookies
These cookies enable the website to provide enhanced functionality and
personalisation. They may be set by us or by third party providers whose
services we have added to our pages. If you do not allow these cookies then
some or all of these services may not function properly.
Back Button
ADVERTISING COOKIES
Filter Button
Consent Leg.Interest
Select All Vendors
Select All Vendors
Select All Hosts
Select All
* REPLACE-WITH-DYANMIC-HOST-ID
33ACROSS
33ACROSS
View Third Party Cookies
* Name
cookie name
* REPLACE-WITH-DYANMIC-VENDOR-ID
33ACROSS
3 Purposes
View Privacy Notice
33ACROSS
3 Purposes
View Privacy Notice
REPLACE-WITH-DYANMIC-VENDOR-ID
Consent Purposes
Location Based Ads
Consent Allowed
Legitimate Interest Purposes
Personalize
Require Opt-Out
Special Purposes
Location Based Ads
Features
Location Based Ads
Special Features
Location Based Ads
Clear Filters
Information storage and access
Apply
Confirm My Choices
COOKIE ACCEPTANCE
We use cookies to make our website work. We and our partners would also like to
set optional cookies for analytics purposes, as well as to measure and improve
the performance of the website, and to remember your preferences and provide you
enhanced functionality and personalization. Click on the Cookies Preferences
button to find out more and set your preferences.
Click on the Accept All button if you consent to the use of all such cookies. If
you choose to allow the use of such cookies, you will be able to withdraw your
consent at any time. Please refer to our Privacy Policy to better understand
your rights.Privacy Policy
Accept All Cookies
Cookie Preferences