While blended cybersecurity threats are not new, they are fairly sophisticated and multi-staged in nature, meaning that they are difficult to protect against and can pose a considerable threat to organisations’ IT environments.
A blended threat typically uses and exploits multiple vulnerabilities in an attack chain, says Brian Pinnock, Senior Director of Sales Engineering (EMEA) at Mimecast, adding that the severity of a blended threat will depend on the specific vulnerabilities that are targeted.
“For example, a threat actor or cybercriminal will launch a phishing campaign against an organisation by sending emails with infected links that redirect to malicious websites. When a user clicks on these links, they could download a piece of malware like a Trojan that spreads laterally and creates a backdoor into various systems. There are various malicious activities they could undertake such as ransomware or data theft or create a botnet.
“A botnet is a network of private computers which is infected with the malicious software and controlled without the owner’s knowledge. They could then launch Denial of Service (DoS) attacks or use your infrastructure to generate spam” says Pinnock.
He adds that the main difference between blended and normal cybersecurity threats is that the former use multiple methods to propagate and attack a system or organisation, making this a complicated and multi-stage attack that is difficult to prevent. Like normal threats, blended threats tend to exploit the same channels and vulnerabilities, because these are known by threat actors to work. Pinnock says that in some 90% of cases, blended attacks will use email as the initial threat vector, with the remainder generally using the web.
Multiple ways to attack
“There are multiple ways to initiate these types of attacks, but they typically start with email or the web. However, things become more complex from there. For instance, threat actors could infect a known website in a stealthy and subtle manner, making it difficult to detect. However, you get a multi-chain reaction once a user clicks on an infected link and the dominos start to fall one by one.”
He explains that blended threats are essentially a subset of normal cybersecurity threats. Cyber threats can typically be classified as either low-sophistication and high-volume, or high-sophistication and low-volume. Blended threats fall into the latter category and often target specific organisations or industry sectors, such as healthcare, for example.
Simeon Tassev, QSA and MD at Galix, says the impact of blended threats on a business would largely depend on the ultimate intentions of the threat actor. If it is a massive DoS attack, it could bring down some digital component of an organisation, which could affect its ability to transact and operate. Alternatively, the intention could be to monetise the attack through ransomware.
“However, blended attacks could also be used to install a ‘backdoor’ into a system which can be used for different activities by the threat actor, such as cryptocurrency mining. While not specifically malicious, this type of attack will exploit your resources and render your IT infrastructure inefficient. Whatever the intention, blended attacks can potentially be very disruptive and destructive,” he says.
More to lose
Tassev also warns that blended attacks are not only a threat to large organisations, explaining that anyone could be at risks. While larger organisations have more to lose, which makes them more attractive targets, smaller organisations could be more severely affected, to the point of going out of business.
Blended threats are quite difficult to prevent from occurring, but there are technologies that can be implemented. Organisations must ensure that their security controls all work together so that they can threat-share, while also orchestrating and automating responses to these kind of attacks.
Tassev notes that cloud service providers are best suited to intercept blended threat activities, as they offer this as a service to protect organisations from attacks and abnormal user behaviour. However, he urges companies to not underestimate the power of creating awareness among users.
“Cyber threat awareness training is key to creating a human firewall. Many of these attacks require human intervention at some point, so they can be mitigated to an extent through proper training and awareness,” he says.
Importantly, he adds, organisations must have a good understanding of context and what is relevant to them when defending against blended threats. This means understanding their risk and managing this risk by working with the right technology or service provider to ensure they have in place the right methodology, framework, and processes to protect their environments and users.