It’s not news that crime does indeed pay. Digital crime has taken hold within the enterprise, as companies grapple with high ransoms following successful attacks.

One such attack medium is the revered zero-day malware, a type whose signature or composition is not yet fully known and, therefore, remains mostly undetectable by available protection protocols.

“I think very recently, there was a disclosure of a $30 million ransom on one target,” said John Hultquist (pictured, right), chief analyst for Mandiant Intelligence at Google LLC. “And if you look at the way that the zero-days we’ve seen, the way that they work — they’re all enabling access to dozens, hundreds of targets and you could imagine the payout from that.”

Hultquist and Selena Larson (left), senior threat intelligence analyst at Proofpoint Inc., spoke with theCUBE industry analysts Rob Strechay and Rebecca Knight at the mWISE Conference, during an exclusive broadcast on theCUBE, SiliconANGLE Media’s livestreaming studio. They discussed several emerging threat vectors enterprises have to secure against. (* Disclosure below.)

Supply chains remain vulnerable

In their shared keynote, Larson and Hultquist identified enterprise software supply chains as a key area of concentration for threat actors. A main reason threat actors are finding success through this avenue is that security teams remain unaware of the little-known but powerful exploitation tools in play, according to Larson.

“A lot of these organizations or the applications and services that are being compromised with a zero-day, like MOVEit, for example, or GoAnywhere … things like that, are not necessarily widely known, [but] they’re widely used,” she explained. “But if you talk to the average person at an enterprise, they might not even know that this is the type of software that’s in the attack stack.”

Another prominent threat vector is attacking data in motion, either to or from the cloud, data centers or many of the other enterprise infrastructures, according to Hultquist.

“One of the things that we’ve seen through the years on the espionage side is that there are these third parties that we give our most sensitive data to that are also targeted,” he said. “And we have to really start thinking about where that data lies, not necessarily who controls it, whether or not it’s in even in our system.”

Here’s the complete video interview, part of SiliconANGLE’s and theCUBE’s coverage of the mWISE Conference:

(* Disclosure: Google Cloud sponsored this segment of theCUBE. Neither Google Cloud nor other sponsors have editorial control over content on theCUBE or SiliconANGLE.)

Photo: SiliconANGLE