WNAM REPORT: Recently, Cloudflare published its 2024 report, revealing that 225 major internet outages were recorded worldwide over the past year, with 4.3% of all emails sent being identified as malicious.
Fake links and fraudulent accounts were highlighted as the two most common types of cyber threats found in malicious email messages. In an exclusive interview with a correspondent, Diaz Rakhimzhanov, Head of the Support Department at the Operational Security Center and Service Division of LLP “Middle Comm” shared his insights on this concerning issue.
In your opinion, what legislative or regulatory changes could be introduced to combat cyber threats? How can artificial intelligence help detect and block fake accounts and phishing links?
Kazakhstan already has basic legislative projects addressing protection, but as the tech market evolves, the laws must be constantly improved. Currently, even ordinary citizens, organizations, and especially large commercial enterprises are vulnerable to attacks. They are the primary targets for malicious actors. Implementing two-factor authentication (2FA) is becoming common, but mandating it at a legislative level could significantly bolster security.
Public agencies, particularly in regional areas, often lack the resources to adopt such technologies. Legislating 2FA would require all entities to implement these measures, either in-house or through third-party providers widely available in the market. This is becoming essential.
Artificial intelligence (AI) plays a crucial role in simplifying and automating routine tasks. AI analyzes traffic and text-based content in emails, reducing the likelihood of phishing attacks or scripts that allow adversaries to infiltrate infrastructure. Legislating the adoption of AI for security and prioritizing 2FA are critical steps to address current cyber threats against enterprises and organizations.
What is the role of collaboration between the government and private companies in enhancing internet infrastructure security and protecting against cyber threats?
The government’s technical services have already established a platform for sharing artifacts and Indicators of Compromise (IoCs). This helps facilitate data sharing among various Operational Information Security Centers (OIBCs).
Future advancements could include government grants for research and development in specialized cybersecurity areas. There’s notable interest among young professionals in fields like Red Team operations, but the financial rewards in these areas often don’t justify the costs of maintaining research labs.
If the government provided grants, private companies could develop dedicated departments. Private-sector investments are typically more dynamic and agile, yielding better results. However, private companies struggle with the costs of maintaining labs and advancing threat-hunting capabilities.
Cloudflare Radar reports that the U.S. leads in bot traffic, accounting for over a third of the global total. Why is the U.S. a leader in this?
The U.S. has a high volume of server equipment and large data centers, making them attractive targets for hackers. Aspiring cybercriminals often aim to breach high-profile targets like the Pentagon, despite its robust security. Even the most secure infrastructure has vulnerabilities, making large data centers prime targets.
Hackers infiltrate these centers, moving laterally within the infrastructure to implant scripts that enable bot traffic. Bot traffic is now a business, with platforms offering services like DDoS attacks that are easily accessible, even to school students. Combating this requires continuous monitoring of server infrastructure, addressing vulnerabilities, and stricter controls on server rentals in data centers.
What percentage of global internet traffic consists of bots, and how can combating bots improve internet security?
Currently, bot traffic constitutes 40-60% of global internet traffic. Many commercial companies, especially in banking and fintech, prioritize robust security against botnets and DDoS attacks to avoid financial and reputational damage.
How has the development of artificial intelligence impacted cyber threats?
AI has complicated both attacks and defenses. Cybercriminals use AI to automate phishing and bypass security systems. This poses challenges for cybersecurity professionals and clients. However, AI also accelerates attack detection, enhances threat prediction, and enables proactive defense measures. AI is a powerful tool, beneficial or harmful depending on who wields it.
What types of attacks are most popular among cybercriminals today?
Phishing attacks, fake links, DDoS attacks, and exploitation of vulnerabilities are the most prevalent. Attackers scan infrastructure for unpatched systems and use these to infiltrate and cause damage, tailoring their methods to their goals.
In your opinion, what mistakes do companies make in their cybersecurity strategies that often lead to successful breaches?
Common errors include underestimating cybersecurity’s importance, insufficient investment, and a lack of architectural planning for security. IT and information security departments are often combined, which shouldn’t be the case. Information security should be an independent unit focused on protection.
Additionally, companies often neglect penetration testing, which identifies vulnerabilities. After testing, recommendations must be implemented promptly, not delayed for years. Ignoring software updates and patches is another common issue, giving attackers an advantage. Basic network segmentation is often overlooked, allowing attacks to spread easily. Even minimal segmentation, such as VLANs, could mitigate damage by isolating certain actions at the policy level if an attacker gains access to an organization’s infrastructure.
