A Perfect Storm Of Cyber Threats

Uploaded on 2023-10-23 in TECHNOLOGY-Key Areas-Artificial Intelligence, NEWS-Cybersecurity News, FREE TO VIEW

Criminal activities surged in the first half of the year, with Check Point Research (CPR) reporting an 8% increase in global weekly cyberattacks in the second quarter, marking the highest volume in two years. Familiar threats such as ransomware and hacktivism have evolved, with criminal gangs modifying their methods and tools to infect and affect organisations worldwide.

Even legacy technology such as USB storage devices regained popularity as a vehicle to spread malware.

One of the most significant developments this year was the evolution of the ransomware landscape. Data derived from over 120 ransomware “shame-sites” revealed that in the first half of 2023, a total of 48 ransomware groups reported breaching and publicly extorting more than 2,200 victims. High-profile incidents in the first half of the year include the MGM Resorts ransomware attack, which knocked systems offline at major Las Vegas casino resorts sites for several days, costing $millions to recover.

Looking aheard to 2024, Check Point’s predictions fall across seven categories: Artificial Intelligence & Machine Learning,  Supply Chain and Critical Infrastructure attacks, Cyber Insurance, Nation State, Weaponised Deepfake technology, Phishing attacks and Ransomware. 

AI & Machine Learning

  • Rise of AI-directed cyber attacks:   Artificial intelligence and machine learning have dominated the conversation in cybersecurity. Next year will see more threat actors adopt AI to accelerate and expand every aspect of their toolkit. 
  • Fighting fire with fire:   Just as we have seen cybercriminals tap into the potential of AI and ML, so too will cyber defenders. We have already seen significant investment in AI for cyber security, and that will continue as more companies look to guard against advanced threats.
  • Impact of regulation:   There have been significant steps in Europe and the US in regulating the use of AI. As these plans develop, we will see changes in the way these technologies are used, both for offensive and defensive activities. 

"Our reliance on AI for cyber security is undeniable, but as AI evolves so will the strategies of our adversaries. In the coming year, we must innovate faster than the threats we face to stay one step ahead..." commented Sergey Shykevich, Threat Intelligence Group Manager at Check Point.

Supply Chain & Critical Infrastructure Attacks

  • Zero trust in the supply chain:   The increase in cyberattacks on critical infrastructure, particularly those with nation-state involvement, will lead to a shift towards "zero trust" models that require verification from anyone attempting to connect to a system, regardless of whether they are inside or outside the network. With governments introducing stricter cyber security regulations to protect personal information, it will be essential for organisations to stay ahead of these new legal frameworks.
  • Supply chain still a weak link:   The rate of incidents involving the supply chain remains a challenge for organisations and the impact can be exstensive. This will continue to be a trend next year if organisations fail to carry out stricter evaluations of third-party suppliers.
  • Strengthening Security Protocols:   Recent breaches highlight the critical importance of stronger security protocols in the supply chain. As cyber criminals target smaller downline suppliers to access bigger companies, organisations must demand stricter evaluations and implementation of security protocols to prevent further attacks. 

Cyber Insurance

  • AI in Insurance:   Like all industries, AI is set to transform the way that insurance companies assess how cyber resilient prospective customers are. It is also going to provide opportunities for these companies to offer cyber security services directly. However, it is crucial to note that AI alone cannot solve all cybersecurity challenges, and companies must balance security with convenience.
  • Preventative approach to reduce premiums:   With rising costs of cyber insurance and talent shortages, organisations will begin to shift from reactive security to more effective defensive security. By demonstrating preventative action against cyber attacks, organisations may see their premiums reduced. 

Nation State Attacks & Hacktivism

  • The staying power of cyber warfare:   The Russo-Ukraine conflict was a significant milestone in the case of cyber warfare carried out by nation-state groups. Geo-political instability will continue into next year, and hacktivist activities will make up a larger proportion of cyberattacks, specifically DDoS attacks, with the key aim to disturb and disrupt.
  • Masking hidden agendas:   While many hacktivist groups use a political position as a reason to launch attacks, they may be masking ulterior motives. We could see blurred lines between hacktivism and commercialism with threat actors choosing ransomware attacks as a revenue stream to fund other activities. 

Deepfake Technology Will Be Weaponised  

  • Deep fake technology advances:   Deepfakes are often weaponised to create content that will sway opinions, alter stock prices or worse. These tools are readily available online, and threat actors will continue to use deepfake social engineering attacks to gain permissions and access sensitive data. 

Phishing Attacks Continue To Plague Businesses

  • Phishing and legitimate tools:   Software will always be exploitable. However, it has become far easier for threat actors to “log in” instead of “break in”.  Over the years, the industry has built up layers of defence to detect and prevent intrusion attempts against software exploits. With the relative success and ease of phishing campaigns, next year will bring more attacks that originate from credential theft and not vulnerability exploitation.
  • Advanced phishing tactics:   AI-enhanced phishing tactics might become more personalised and effective, making it even harder for individuals to identify malicious intent, leading to increased phishing-related breaches.

Ransomware: Stealthy Exploits, Enhanced Extortion & AI Battlefields

  • Living Off the Land Tactics Prevail:  The adoption of “living off the land” techniques, which leverage legitimate system tools to execute attacks, is expected to surge, especially in light of successful takedowns of malware networks like Qbot by agencies such as the FBI. This approach, whisch is harder to detect, emphasises the necessity for sophisticated threat prevention strategies, including Managed Detection and Response (MDR) that can pinpoint device and network behaviour anomalies.
  • Data Risks Amidst Ransomware Defences:   Despite organisations bolstering their defences against ransomware, incidents of data loss or leakage are likely to ascend. A contributing factor may be the increasing reliance on SaaS platforms to store sensitive data as part of application services, presenting new vectors and vulnerabilities that malicious entities can exploit.
  • Ransomware Reporting Nuances:   The observed increase in ransomware attacks will require discerning interpretation, potentially being inflated due to newly instituted reporting mandates. It is imperative to dissect these statistics judiciously, understanding the dynamics of reporting protocols in analysing the true scope and scale of the threat.

As cybercriminals continue to evolve their methods and tools, organisations need to adapt their cyber security measures. In 2023 to date there have been several large-scale attacks and in the modern threat landscape, companies have to prioritise their own security protocols andscrutinise the security practices of their third-party suppliers

With the rise of AI-enhanced cyber attacks, zero trust models, and deepfake technology, it is more important than ever to invest in collaborative, comprehensive and consolidated cyber security solutions. 

Image: 95C

You Might Also Read:

Four Key Cybersecurity Trends For Industrial Companies:

___________________________________________________________________________________________

If you like this website and use the comprehensive 6,500-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible

 

« Iranian State Sponsored Hackers On The Attack
Navigating The Data Privacy Maze »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Directory of Cyber Security Suppliers

Directory of Cyber Security Suppliers

Our Supplier Directory lists 7,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

Fidelis Security

Fidelis Security

Fidelis Security is a leading provider of extended threat detection and response (XDR) solutions for your security operations.

National Agency for Information & Communication Technologies (ANTIC) - Cameroon

National Agency for Information & Communication Technologies (ANTIC) - Cameroon

ANTIC is responsible for regulating the activities of electronic security and regulation of the Internet in Cameroon.

CyberDefcon

CyberDefcon

CyberDefcon is an independent organization dedicated to the pursuit of making the internet a safer place.

Zivver

Zivver

Zivver is the effortless, secure email platform, powering the next generation of secure communications.

Crossword Cybersecurity

Crossword Cybersecurity

We work with research intensive European university partners to identify promising cyber security intellectual property from research that meets emerging real-world challenges.

Smokescreen

Smokescreen

Smokescreen's IllusionBLACK employs deception technology to detect, deflect and defeat advanced hacker attacks.

WizNucleus

WizNucleus

WizNucleus develops, markets and supports a software platform (Cyberwiz-Pro) that enables Critical Infrastructure enterprises to ensure the future state of their cybersecurity and remain compliant.

Berwick Partners

Berwick Partners

Berwick Partners’ Cyber Security Practice is a leading recruiter of senior management positions in this field; we have an exceptional understanding of the constantly changing Cyber landscape.

Bureau Veritas

Bureau Veritas

Bureau Veritas are a world leader in Testing, Inspection and Certification. We provide certification and training services in areas including cybersecurity and data protection.

Industrial Cybersecurity Center (CCI)

Industrial Cybersecurity Center (CCI)

CCI is the first center of its kind that comes from industry without subsidies, independent and non-profit, to promote and contribute to the improvement of Industrial Cybersecurity.

NETRIO

NETRIO

If you are looking for a highly mature, exceptionally competent Managed Service Provider, NETRIO has solutions to keep your business running at warp speed with zero disruptions.

Stronger International

Stronger International

Stronger International provides expert cyber services and training to organizations and individuals to enhance IT and security knowledge.

Strata Identity

Strata Identity

Strata is pioneering identity orchestration to unify on-premises and cloud-based authentication and access systems for consistent identity management in multi-cloud environments.

SecOps Group

SecOps Group

SecOps Group is a boutique cybersecurity consultancy helping enterprises identify & eliminate security risks on a continuous basis.

Oz Forensics

Oz Forensics

Oz Forensics is a global leader in preventing biometric and deepfake fraud. It is a developer of facial Liveness detection for Antifraud Biometric Software with high expertise in the Fintech market.

The Purple Guys

The Purple Guys

The Purple Guys offer Trouble-Free IT Support to businesses across the Central and Southern US. Safe and Secure, Rapid Response, Friendly Support that’s our Purple Promise.