Mandiant Threat Intelligence is playing a crucial role in addressing the rising ransomware threats and evolving cybercrime tactics that are reshaping the global cybersecurity landscape.
Over the past 18 months, attackers have become more sophisticated, targeting vulnerabilities that were once the domain of state-sponsored actors, while expanding their methods and tools in ways that are fundamentally altering how businesses defend themselves. The rise of ransomware, phishing and vulnerabilities being used as a service has created a complex and highly profitable ecosystem for malicious actors, according to Allison Wikoff (pictured), director of global threat intelligence, Americas lead, at PricewaterhouseCoopers International Ltd.
PwC’s Allison Wikoff talks with theCUBE about Mandiant Threat Intelligence at mWISE 2024.
“The last 18 months have been really interesting — it’s the first time that we took a pause and were like, Oh, actually things are shifting,” Wikoff said. “One of the biggest things that we’ve seen over the last 18 months is the use of vulnerabilities by threat actors. There’s this whole concept of zero-day vulnerabilities, which sounds super scary. It’s not, but traditionally this is thought of as something that the espionage or the state-sponsored actors are solely using.”
Wikoff spoke with theCUBE Research’s John Furrier and Savannah Peterson at mWISE 2024, during an exclusive broadcast on theCUBE, SiliconANGLE Media’s livestreaming studio. They discussed the rise of zero-day vulnerabilities, the evolution of ransomware-as-a-service, the increasing complexity of cyber threats tied to geopolitical events, and where Mandiant Threat Intelligence fits in. (* Disclosure below.)
How Mandiant Threat Intelligence is addressing the evolution of cyber threats
Ransomware has evolved into a profitable “as a service” model, allowing affiliates to operate without technical expertise. This has led to the emergence of various other cybercrime services, according to Wikoff.
“Look at ransomware over the last two years; it’s been rampant,” she said. “They’ve never made more money in this space, which has really changed the whole market for ransomware. So, several years ago, you had to have a lot of technical capabilities and a lot of infrastructure available to run a ransomware scheme.”
This evolution has not only increased the volume of attacks, but also diversified the types of extortion tactics used. In many cases, threat actors are no longer even encrypting data, Wikoff added.
“What we’re seeing is a lot of threat actors are now not even moving to encrypt the data within the organization; just to say, ‘Hey, I’ve got it. I’m going to release it publicly,’” Wikoff said. “Because there’s so much regulation now around all the different types of data that organizations hold that … in addition to being a potential reputational risk, you’ve got financial risk and other types of risk that can occur if your data gets leaked publicly.”
As the threats evolve, so too must the defensive strategies. One of the key shifts highlighted by Wikoff is the move from focusing on traditional indicators of compromise, such as IP addresses or malicious signatures, to a more comprehensive approach that analyzes threat actor behavior.
“Everything can be hacked. I think the big thing that I’ve seen in terms of how customers are defending against things is 5, 10 years ago, there was a lot of focus on indicators. So, these tactical things that we could block and tackle,” Wikoff said. “Our clients are now focusing more on threat actor behavior. That sort of informs not just how organizations defend against it, but how they plan for the transformation of their environments in the future.”
Here’s the complete video interview, part of SiliconANGLE’s and theCUBE Research’s coverage of mWISE 2024:
(* Disclosure: PricewaterhouseCoopers International Ltd. sponsored this segment of theCUBE. Neither PwC nor other sponsors have editorial control over content on theCUBE or SiliconANGLE.)