Threat Intelligence Reveals Attack Motives and Targets
Threat intelligence, often referred to as cyber threat intelligence (CTI), involves the collection, processing, and analysis of data to understand the motivations, targets, and behaviors of threat actors.
This intelligence is essential to enable security teams to make informed, proactive decisions to defend against cyberthreats. Classified into different types: tactical, operational and strategic, the information provided that makes up intelligence is evidence-based knowledge, including the context, mechanisms, indicators and implications of threats, which helps organizations anticipate and prevent cyberattacks before they happen.
This prevention is becoming increasingly important due to the types of attacks now being directed against businesses.
“Cyberattacks targeting operational technology have increased: in the past year, 76% of industrial companies detected malicious activity in their operational technology, and one in four had to shut down operations due to an OT cyberattack” , Edgardo Moreno, Executive Industry Consultant at Hexagon Asset Life Intelligence explains.
The cost of shutting down operational technology (OT) following a cyberattack can be significant.
When IT systems are impacted, the damage typically focuses on data breaches or financial theft, which, while significant, does not necessarily impact operations. When OT systems are impacted, an entire company’s operations can be disrupted.
This can lead to massive financial losses due to downtime. Additional expenses may include replacing specialized equipment that has been damaged beyond repair, as well as increased labor costs required to expedite the process of bringing systems back online and recording a response to an incident.
One such ransomware attack disrupted AP Moller Maersk’s operations for two weeks in 2017, blocking access to systems the company relied on to operate shipping terminals. The incident temporarily closed the Port of Los Angeles’ largest cargo terminal and caused a loss of US$300 million in business interruption and equipment damage.
“Ransomware remains the most significant cyber threat, with RansomHub becoming the largest ransomware group in June 2024,” says Graeme Stewart, head of public sector at Check Point.
Even businesses that have taken more modern approaches by embracing cloud, both hybrid and on-premises, are being hit hard. Although the form of attacks and their type are increasingly specific to each type.
Indeed, the threat landscape is becoming more and more sophisticated on the part of attackers. Behind that? AI.
“Without doubt, the most significant emerging threats are those associated with the use of AI,” says Darren Thomson, Field CTO EMEAI at Commvault. “Attack methods are becoming more targeted and tailored, and it’s a trend that will only accelerate, in large part due to the capabilities offered by AI. »
