{"id":307763,"date":"2023-11-02T09:30:59","date_gmt":"2023-11-02T16:30:59","guid":{"rendered":"https:\/\/www.paloaltonetworks.com\/blog\/?p=307763"},"modified":"2023-11-02T12:27:25","modified_gmt":"2023-11-02T19:27:25","slug":"navigating-the-complex-threat-landscape","status":"publish","type":"post","link":"https:\/\/origin-researchcenter.paloaltonetworks.com\/blog\/2023\/11\/navigating-the-complex-threat-landscape\/","title":{"rendered":"Navigating the Complex Threat Landscape \u2014 Key Takeaways for CISOs"},"content":{"rendered":"

Well, it looks like we cybersecurity defenders won\u2019t be getting a break any time soon. Unit 42 consultants and intelligence analysts have been busy, and a few trends have jumped out at us in the last few months. So, we decided to write them up. In our latest executive advisory, Navigating the Evolving Threat Landscape: Resilient Cybersecurity Tactics for CISOs<\/a>, we highlight a couple attacker trends, what they mean, and what you can do about them.<\/p>\n

The bottom line: attackers are becoming more tenacious and resilient to defense. Defenders can take a few steps to match those changes and improve their own organization\u2019s resilience.<\/p>\n

<\/a>Criminals Are Committing Crime More Efficiently<\/h4>\n

One trend is improved efficiency. More attackers now use automation, organization, playbooks and repeatable operations. Certain actors have developed key expertise in modern IT infrastructure. And, they use it to move efficiently through the target environment \u2013 faster and more quietly than before.<\/p>\n

Muddled Libra is a threat group that\u2019s exhibited these skills. The Unit 42 Threat Assessment on Muddled Libra <\/a>has an in-depth written analysis, and you can also listen to the Unit 42 Threat Vector podcast<\/a> for expert insights and strategies to counter this threat actor group.<\/p>\n

<\/lite-youtube><\/div><\/p>\n

<\/a>States Are Sponsoring Attacks on Non-State Targets<\/h4>\n

Nation-state attackers don\u2019t just conduct espionage. Lately, they have also been acting to destabilize other components of the states they target. One example is Trident Ursa<\/a>, an APT group with a history of creating access to its targets and gathering information from them. Their targets include most business sectors: financial institutions and government entities<\/a>, communications, manufacturing, information technology, education and more.<\/p>\n

If you run operational technology (OT), you might also be interested in some of the insights in this OT Security Insights white paper <\/a>from our OT colleagues. It looks at the IT-OT interface and how attackers are crossing it.<\/p>\n

<\/a>What Unit 42 Recommends<\/h2>\n

A comprehensive defense strategy helps you frustrate attackers. And, they deserve to be. The advisory goes into more detail. Here are some quick takes to consider.<\/p>\n

    \n
  1. Change How You Measure Success: <\/strong>Define success as how effectively you respond to active threats, not how you prevented everything bad \u2013 nobody does that.<\/li>\n
  2. Constrain the Attacker:<\/strong> Deny them time and space, and give it to your defenders instead.<\/li>\n
  3. Lather, Rinse, Repeat: <\/strong>Run your response playbooks efficiently and repeatedly.<\/li>\n
  4. Increase the Pressure:<\/strong> Everyone makes more mistakes when they\u2019re rushed.<\/li>\n
  5. Measure and Reduce Your External Attack Surface:<\/strong> Almost half the organizations we surveyed had a Microsoft Remote Desktop server open<\/a> to the internet.<\/li>\n
  6. Work Toward Being a<\/strong> Zero Trust Enterprise<\/a>:<\/strong> Asset inventories and user identity are some of the first questions incident responders ask.<\/li>\n<\/ol>\n

    \"Navigating<\/span><\/div><\/a><\/p>\n

    <\/a>Being Thoughtful About Defense<\/h2>\n

    These changes in attacker behavior aren\u2019t all bad news. On the contrary, it means a comprehensive defense strategy is more valuable against more threat actors. Attackers are innovating, accelerating and becoming more tenacious. Your team should be, too.<\/p>\n

    Unit 42 and other Palo Alto Networks products and services can help. We provide Cyber Risk Management<\/a> and Incident Response<\/a> consulting services \u2013 from attack surface assessment to full-scope reactive incident response. We\u2019re familiar and experienced with responding to threat actors \u2013 from APT to ransomware \u2013 in environments that include the largest Global 2000 firms.<\/p>\n

    This is just the beginning of what you need to know. Read the executive advisory, Navigating the Evolving Threat Landscape: Resilient Cybersecurity Tactics for CISOs<\/a> to learn more about key attacker trends and tactical steps you can take to improve your security defense.<\/p>\n","protected":false},"excerpt":{"rendered":"

    \"Navigating the Evolving Threat Landscape: Resilient Cybersecurity Tactics for CISOs\" provides an overview of 18 months of attacker trends. <\/p>\n","protected":false},"author":133,"featured_media":307764,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[308,6724,115,483],"tags":[5948,1631],"coauthors":[1222,9611],"class_list":["post-307763","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-announcement","category-points-of-view","category-reports","category-unit42","tag-cisos","tag-threat-landscape"],"jetpack_featured_media_url":"https:\/\/origin-researchcenter.paloaltonetworks.com\/blog\/wp-content\/uploads\/2023\/10\/12277-palo-alto-APT-Report_Web-banner.jpg","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/origin-researchcenter.paloaltonetworks.com\/blog\/wp-json\/wp\/v2\/posts\/307763","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/origin-researchcenter.paloaltonetworks.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/origin-researchcenter.paloaltonetworks.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/origin-researchcenter.paloaltonetworks.com\/blog\/wp-json\/wp\/v2\/users\/133"}],"replies":[{"embeddable":true,"href":"https:\/\/origin-researchcenter.paloaltonetworks.com\/blog\/wp-json\/wp\/v2\/comments?post=307763"}],"version-history":[{"count":6,"href":"https:\/\/origin-researchcenter.paloaltonetworks.com\/blog\/wp-json\/wp\/v2\/posts\/307763\/revisions"}],"predecessor-version":[{"id":307868,"href":"https:\/\/origin-researchcenter.paloaltonetworks.com\/blog\/wp-json\/wp\/v2\/posts\/307763\/revisions\/307868"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/origin-researchcenter.paloaltonetworks.com\/blog\/wp-json\/wp\/v2\/media\/307764"}],"wp:attachment":[{"href":"https:\/\/origin-researchcenter.paloaltonetworks.com\/blog\/wp-json\/wp\/v2\/media?parent=307763"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/origin-researchcenter.paloaltonetworks.com\/blog\/wp-json\/wp\/v2\/categories?post=307763"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/origin-researchcenter.paloaltonetworks.com\/blog\/wp-json\/wp\/v2\/tags?post=307763"},{"taxonomy":"author","embeddable":true,"href":"https:\/\/origin-researchcenter.paloaltonetworks.com\/blog\/wp-json\/wp\/v2\/coauthors?post=307763"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}