Network Infrastructure Is A Prime Target For Cyber Threats

The Cisco Talos Year in Review 2023 report reveals a concerning intensity of cyber threats focused The paints a concerning picture of the cybersecurity landscape, analyzing the events and trends of the past year and emphasizing the critical challenges posed to organizations. The report reveals insights across the cybersecurity spectrum, with sections focused on telemetery trends, ransomware and extortion, network infrastructure, commodity loaders, and examination of APT (advanced persistent threat) groups based in China, Russia, and the Middle East. I had an exclusive opportunity to dive into the details of the Network Infrastructure portion of the report with Nick Biasini, global lead at Cisco Talos Outreach.

Biasini provides valuable insights, shedding light on the strategies and motivations behind the attacks on network infrastructure, a trend that has intensified in 2023. The report shares the following key takeaways for Network Infrastructure: Adversaries Targeting Network Infrastructure Biasini told me the threat landscape has evolved, with adversaries, including state-sponsored hackers and criminal organizations, increasingly targeting network infrastructure. This shift represents a strategic choice, exploiting vulnerabilities in devices that form the backbone of global communication and data exchange.

He emphasized that these attacks are not limited to enterprise-level infrastructure but extend to consumer devices, illustrating the scale and diversity of the threat. “So you have like the end consumer stuff—we’ve seen a lot of activity targeting SoHo [small office/home office] devices like your VPN filters, and those types of things. ” He explained that SoHo So devices are a very attractive target because a compromised SoHo device provides them with a way to do proxy-based attacks.

They can use home devices as their pivot points to launch attacks, which makes it hard to do things like geofencing and can allow threat actors to get access to important people, systems, and data. The Dual Nature of the Threat The attacks on network infrastructure fall into two primary categories: those targeting consumer devices and those aimed at enterprise-level infrastructure. In the consumer realm, devices like routers and home networks have become pivotal for proxy-based attacks, allowing attackers to use these devices as launchpads for further malicious activities.

On the enterprise side, edge devices are particularly vulnerable. These devices are essential for network operations but often lack comprehensive security measures, making them attractive targets for exploitation. Biasini stressed that these devices are often purpose-built and lack any means of running a full security stack locally.

They also tend to be left alone—rarely receiving updates or getting rebooted. Covid-19 and the Shift in Attack Patterns I asked whether the focus on SoHo devices and targeting the home networks of employees had any relation to the Covid-19 pandemic and the spike in remote and work-from-home scenarios. Biasini noted that the increase in attacks on SoHo devices predates the COVID-19 pandemic, but acknowledged that the shift to remote work has accentuated the risk.

The pandemic has led to a surge in remote work, expanding the attack surface for cybercriminals. The lack of regular updates and maintenance of home networking devices presents an increased opportunity for attackers to exploit vulnerabilities. Challenges and Strategies for Enterprises Enterprises face the dual challenge of securing their network infrastructure while having limited control over the devices provided by ISPs for the home networks of employees.

Biasini suggested a multifaceted approach to secure these devices, including using VPNs to encrypt traffic, deploying managed devices with up-to-date security stacks, and maintaining visibility of devices when they are not connected to VPNs. The Critical Role of Routine Auditing and Deception Routine auditing, especially of external user accounts, is a vital security measure. Biasini highlighted the trend towards deception in cybersecurity, where organizations set traps using fake accounts and devices to identify potential intruders.

This proactive approach can significantly enhance an organization’s security posture. Guidance for Future Security Measures Biasini shared crucial advice to help organizations secure their network infrastructures: Importance of Data Protection and Access Control Beyond securing the devices themselves, Biasini stressed the importance of data protection. The concept of ‘data is king’ underlines the need for robust mechanisms to control access to sensitive information.

He discussed the evolution of access controls, from routine permission management to dynamic and context-aware systems that adapt to the changing security landscape. Looking Ahead: The Evolving Threat Landscape The Cisco Talos report provides great insight into the challenges and trends organizations face. As part of looking at the year ahead, I also reached out to a couple other cybersecurity experts for additional perspective.

Scott Gerlach, co-founder and CSO at added API security to the mix. “It continues to be challenging due to the rapid pace of development outpacing available security resources, leading to overlooked vulnerabilities,” he warned. “The security teams’ limited visibility during development and playing catch-up with new and existing APIs further emphasizes risks.

” “Today, mobile security and education in the enterprise is more crucial than ever,” stressed JT Keating, SVP of strategic initiatives at . “In most cases, mobile devices represent a significant, unaddressed attack surface for enterprises. No matter if they are corporate-owned or part of a BYOD strategy, the need to implement appropriate security controls, and educate end-users about potential threats, is critical.

” As we look to the future, it’s clear that the threat landscape will continue to evolve. Biasini’s insights underscore the need for organizations to be agile and adaptive in their cybersecurity strategies. The focus should be not only on reacting to threats but also on anticipating and preparing for new attack vectors.

The insights from Nick Biasini, combined with the findings of the Cisco Talos Year in Review report, provide a comprehensive understanding of the challenges faced in securing network infrastructure. Organizations must recognize the sophistication of modern cyber threats and adopt a multi-layered defense strategy to protect their network infrastructure. As the landscape evolves, so must our approaches to cybersecurity, ensuring that we stay one step ahead of the adversaries.

.