ARQCUS Roundtable

February’s ARQCUS roundtable began with Quorum Cyber’s Senior Threat Intelligence Consultant, Jack Alexander, discussing the Quorum Cyber Threat Intelligence Outlook 2024 report. The report provides a high-level, strategic overview regarding developing cyber threats, where they originate from and why, and how they are likely to surface and manifest throughout the calendar year. It also outlines the many national and presidential elections that are taking place throughout 2024 and into 2025, in addition to the Olympic Games in Paris and the second anniversary of Russia invading Ukraine, plus the anniversary of the Hamas attacks in Israel.

Jack highlighted the increasing prevalence of artificial intelligence (AI) in cyber-attacks across all sectors, with targeted phishing attacks and AI-enabled ransomware attacks expected to rise. AI lowers the entry barrier for cybercriminals, making it easier to execute wide-ranging and scalable ransomware attacks.

To counter these threats, he proposed several measures, including effective endpoint detection and response, robust incident response plans, and active brand and credential monitoring. He also emphasised the importance of employee training, especially for new hires, to prevent executive impersonation scams, which are increasing.

Jack also highlighted an increase in hacktivism, particularly since Russia’s invasion of Ukraine, and the exploitation of multi-factor authentication (MFA) fatigue. Furthermore, high-profile organisations in countries supporting Ukraine or Israel are being targeted by hacktivist groups, with distributed denial-of-service (DDoS) attacks being the most common. To mitigate these attacks, he recommended reducing external footprints, implementing web application firewalls, and reassessing conditional access policies.

Rising threats to critical infrastructure

At his first ARQCUS event, David Aucsmith, a former naval officer and scientist in the US intelligence community, and a member of Quorum Cyber’s Strategic Advisory Board, shared insights from his unique career. He predicted that AI will have a significant impact in the cyber security space, with tools like generative AI (GenAI) automating reconnaissance, mapping, and initial exploits in both offensive and defensive cyber operations. “AI doesn’t get bored and it doesn’t slow down, so you’re being hammered by something that works at internet speed and volume,” he said.

David discussed the escalating threats to critical national infrastructure (CNI), citing a recent FBI announcement about China’s multi-year process to infiltrate US supervisory control and data acquisition (SCADA) systems. Anticipating these threats extending beyond the US to other Five Eyes nations, he sees them not targeting governments but the private organisations that are crucial to societal functioning.

In the roundtable he explained that a deterioration of European relationships, particularly with Russia over Ukraine, would continue, and forecast that cyber-attacks would widen in scope. He emphasised the need to remain vigilant against these evolving threats, including ransomware moving towards remote physical access and sophisticated equipment to breach wireless systems of industrial controllers.

How do organisations prepare for ransomware and requests for ransoms?

Bob Hayes, who spent ten years as a Senior Fellow of the Microsoft Institute for Advanced Technology in Governments, and is Chair of the Quorum Cyber Strategic Advisory Board, contributed to the discussion by focusing on the topic of ransomware, specifically whether or not organisations should pay ransom fees.

He suggested that organisations should have a predetermined plan, including engaging pre-existing relationships with law enforcement or cyber security firms. Such exercises should involve top-level executives in such exercises, he said, as they would be the ones making critical decisions during an actual crisis. Bob highlighted the value of threat-led tabletop exercises, which involve a deep dive into the organisation and its sector to understand who might target them and why. He noted that such exercises have received positive feedback and have helped prepare organisations for real incidents.

“The focus should not only be on the type of attack, but also on how the organisation responds, particularly in terms of communications with stakeholders and the media,” he said. “The ability to plan ahead instead of making decisions in the heat of a crisis is invaluable.”