cxo voice
  • Home
  • Technology
    • AI
    • Cloud
    • Telecom
    • Data Center
    • BPM
    • Blockchain
  • Finance
    • Banking
  • Cyber Security
  • View Points
  • Leaders Talk
  • News
  • Press Release
    • Submit Press Release
No Result
View All Result
  • Home
  • Technology
    • AI
    • Cloud
    • Telecom
    • Data Center
    • BPM
    • Blockchain
  • Finance
    • Banking
  • Cyber Security
  • View Points
  • Leaders Talk
  • News
  • Press Release
    • Submit Press Release
No Result
View All Result
Leaders Talk and Latest Tech News | CXO VOICE
No Result
View All Result
Home News Cyber Security

[Report] CISOs must rethink their defense strategy as cybercriminals are using diverse range of attacking methods

Deepa Sharma by Deepa Sharma
May 28, 2019
Cybercriminals attacking methods CIOs, Cyber security professions need to re-think their defense strategy

Cybercriminals are continuously evolve the sophistication of their attacking methods and tools, they are becoming very diverse and increasingly using vast range of attacking methods- from targeted ransomware to custom coding, to living-off-the-land (LoTL) or sharing infrastructure to maximize their opportunities, and using pre-installed tools to move laterally and stealthily across a network before instigating an attack, According to the findings of Fortinet report. CISOs and organizations need to rethink their cyber defense strategy to secure their network.

The Report highlights following detailed insight into each of these methods and analysis that CISOs and cyber security professionals need to understand.

Report Insights

1. Ransomware Far From Gone: Cybercriminals are ready with different and more strategical attacking methods, Ransomware have been replaced with more targeted attacks, but ransomware is far from gone. Instead, multiple attacks demonstrate it is being customized for high-value targets and to give the attacker privileged access to the network.

Example: LockerGoga is an example of a targeted ransomware conducted in a multi-stage attack. There is little about LockerGoga that sets it apart from other ransomware in terms of functional sophistication, but while most ransomware tools use some level of obfuscation to avoid detection, there was little of it used when analyzed. This suggests the targeted nature of the attack and a predetermination that the malware would not be easily detected.

2. Pre- and Post-Compromise Traffic: Need to analyze, how cybercriminals carry out phase different attacking methods in different week days, they always looking to maximize opportunity to their benefit. When comparing Web filtering volume for two cyber kill chain phases during weekdays and weekends, pre-compromise activity is roughly three times more likely to occur during the work week, while post-compromise traffic shows less differentiation in that regard.

ADVERTISEMENT

This is primarily because exploitation activity often requires someone to take an action such as clicking on a phishing email. In contrast, command-and-control (C2) activity does not have this requirement and can occur anytime. To take full leverage of cybercriminals attacking methods and strategies during the week when Internet activity is the most prevalent. Differentiating between weekday and weekend Web filtering practices is important to fully understand the kill chain of various attacks.

3. Majority of Threats Share Infrastructure: The degree to which different threats share infrastructure shows some valuable trends. Some threats leverage community-use infrastructure to a greater degree than unique or dedicated infrastructure. Nearly 60% of threats shared at least one domain indicating the majority of botnets leverage established infrastructure. IcedID is an example of this “why buy or build when you can borrow” behavior. In addition, when threats share infrastructure they tend to do so within the same stage in the kill chain.

It is unusual for a threat to leverage a domain for exploitation and then later leverage it for C2 traffic. This suggests infrastructure plays a particular role or function when used for malicious campaigns. Understanding what threats share infrastructure and at what points of the attack chain enables organizations to predict potential evolutionary points for malware or botnets in the future.

4. Content Management Needs Constant Management: Adversaries tend to move from one opportunity to the next in clusters, targeting successfully exploited vulnerabilities and technologies that are on the upswing, to quickly maximize opportunity.

An example of new technologies getting a lot of attention from cybercriminals recently are Web platforms that make it easier for consumers and businesses to build Web presences. They continue to be targeted, even associated third party plugins. This reinforces the fact that it is critical that patches be applied immediately and to fully understand the constantly evolving world of exploits to stay ahead of the curve.

5. Tools and Tricks for Living Off the Land: Because cybercriminals operate using the same business models as their victims, to maximize their efforts, in attacking methods often continue to develop even after gaining an initial entry. To accomplish this, threat actors increasingly leverage dual-use tools or tools that are already pre-installed on targeted systems to carry out cyberattacks. This “living off the land” (LoTL) tactic allows hackers to hide their activities in legitimate processes and makes it harder for defenders to detect them. These tools also make attack attribution much harder. Unfortunately, adversaries can use a wide range of legitimate tools to accomplish their goals and hide in plain sight. Smart defenders will need to limit access to sanctioned administrative tools and log use in their environments.

Key Takeaways

  1. Practice and perform safe: Cyber security professionals need to make sure, they preferring and responding to threat intelligence on any new vulnerabilities, mainly on newer technologies which has access to wide swatches of users. Cybercriminals will scan for those vulnerabilities after long time patches released to identify any week points and their attacking methods.
  2. Intentional Ransomware Defense: Because of frequently ransomware cases, detecting and preventing ransomware is becoming more of a “game of choice” rather than a “game of chance.” Cyber security professionals need to understand what ransomware attacks are targeting—geography and vulnerabilities, prioritize patching, and establish backup, storage, and recovery activities.
  3. Be Wary of Pre-installed Tools: Cyber security professional, CIOs and Organizations must be careful about their pre-installed tools such as PowerShell, VB, IronPython, and other tools that can be exploited to escalate privilege and hide malicious code and attacks. Intent-based segmentation, which uses business logic to segment the network, devices, users, and apps, can prevent lateral movement of LoTL attacks—preventing them from accessing critical data and infrastructure.
  4. Emphasize Threat Intelligence: Threat intelligence not only needs to analyze threats, but use that analysis to predict potential evolutionary points for that malware. Emphasizing threat intelligence help organization to secure their network from diverse range of attacking methods of cybercriminals. Security leaders should also look for threat intelligence that is not only broad and deep, but that uses AI/ML capabilities to model future states. This external intelligence then needs to be combined with local data, such as using sandbox technology to detect and prevent these “new” threats from impacting their environments. 

Read Fortinet Full Report [PDF]

Deepa Sharma

Deepa Sharma

Deepa Sharma is CXOVoice’s Managing Editor, overseeing all coverage technology, cybersecurity, banking, and financial coverage. She can be reached at [email protected]

Related Posts

cybersecurity
Cyber Security

Cybersecurity & IT in 2025: AI Arms Race, Passwordless Future, and a $1 Billion Security Push

August 13, 2025
Quick Heal Tamil Nadu
Cyber Security

Quick Heal Launches Internet Security Essentials in Tamil Nadu to Enhance Online Safety with AI-Powered Protection

August 7, 2025
Cyber Security

Rubrik and Sophos Join Forces to Enhance Microsoft 365 Protection with New Backup and Recovery Service

August 6, 2025
Palo Alto CyberArk
Cyber Security

Palo Alto Networks to Acquire CyberArk for $25 Billion, Strengthening Identity Security and Cyber Defense

July 31, 2025
Cyber Security

Why Even One Unpatched Device Can Be a Catastrophic Risk for Startups and SMBs

July 25, 2025
Cyber Criminals
Cyber Security

How WormGPT Became ChatGPT’s Evil Twin

July 15, 2025
Quantum Computing Cybersecurity
Cyber Security

Why Quantum Computing is a Serious Cybersecurity Threat for Organizations

July 10, 2025
Tech Mahindra Security
Cyber Security

Tech Mahindra Launches Managed Services for Cisco Multicloud Defense to Enhance Cloud Security

June 24, 2025
Load More
ADVERTISEMENT

Latest Updates

bob Digi Udyam

Bank of Baroda Launches ‘bob Digi Udyam’, a Quick, Collateral-Free Loans for MSEs

by Arshi Khan
46 minutes ago

Top 15 Cloud Service Providers in 2025: A CXO’s Guide to Choosing the Right Partner

by Santosh Kumar
3 hours ago

Athena Tech Mahindra

Athena Partners with Tech Mahindra to Accelerate Industry 4.0 Adoption through AI-Powered MES Solutions

by Arshi Khan
5 hours ago

Infosys Arena Kobe

Infosys Partners with Glion Arena Kobe as Official Digital Innovation and GX Partner

by Deepa Sharma
6 hours ago

Tokenization

Revolutionizing Finance: An Exclusive Interview with Sid Ugrankar, Co-founder of Qila.io on the Future of Blockchain and Tokenization

by Deepa Sharma
7 hours ago

Panasonic Ignition

Panasonic Launches Ignition 3.0, Calls Startups to the Future of Residential Living

by Deepa Sharma
1 day ago

Expert Views

Cyber Security

Why Even One Unpatched Device Can Be a Catastrophic Risk for Startups and SMBs

July 25, 2025
Cyber Criminals
Cyber Security

How WormGPT Became ChatGPT’s Evil Twin

July 15, 2025
Opinion

When AI Empowers Both Networks and Hackers: The New Battlefield for India’s Telecoms

May 20, 2025
Molly Sands AI
AI

AI RIP: 5 Things Knowledge Workers Will Say ‘Sayonara’ to in the Next Decade

March 8, 2025
multi cloud
Cloud

Multi-Cloud Made Simple: Strategies for Smart Business Management

March 5, 2025

Get Latest Update

Subscribe to our mailing list to receives newsletter direct to your inbox!

ADVERTISEMENT

Leaders Interviews

Tokenization
Interview

Revolutionizing Finance: An Exclusive Interview with Sid Ugrankar, Co-founder of Qila.io on the Future of Blockchain and Tokenization

-
Steve Wilson, GenAI Cybersecurity LLMs
Cyber Security

How effective is GenAI in cybersecurity? The role of LLMs and AI in security solutions. [Interview with Steve Wilson]

-
Interview on Counterfeit products with Nikhil Narayan
Leaders Talk

Advancements in ML & AI made it possible to detect counterfeit products in real-time, says Nikhil Narayan

-
Newgenone bridges the gap between business users and IT teams with its low code capability: Varun Goswami
Leaders Talk

Newgenone bridges the gap between business users and IT teams with its low code capability: Varun Goswami

-

Entrepreneur

Samsung Electronics appoints its first female president

Inspiring Women Entrepreneurs in India (2022)

Technology Adoption For Entrepreneurs

Volunteering management is the need of the Hour

CXOVoice.com is a leading online publication for CXOs, entrepreneurs, senior leaders, developers, and industry professionals. Our coverage spans key sectors, including IT, technology, banking, finance, cybersecurity, engineering, and automobiles.

Connect with us

Easy Links

  • Cryptocurrency
  • Event
  • Blockchain
  • Press Release
  • Resources & Downloads

Write Us

[email protected]
  • Home
  • About Us
  • Contact Us
  • Advertise
  • Privacy & Policy
  • Feedback

Copyright © 2025 CXOVoice - All Right Reserved

Welcome Back!

Login to your account below

Forgotten Password?

Retrieve your password

Please enter your username or email address to reset your password.

Log In

Add New Playlist

Our Spring Sale Has Started

You can see how this popup was set up in our step-by-step guide: https://wppopupmaker.com/guides/auto-opening-announcement-popups/

No Result
View All Result
  • Home
  • Technology
    • AI
    • Cloud
    • Telecom
    • Data Center
    • BPM
    • Blockchain
  • Finance
    • Banking
  • Cyber Security
  • View Points
  • Leaders Talk
  • News
  • Press Release
    • Submit Press Release

Copyright © 2025 CXOVoice - All Right Reserved