Tim Roberts
London
In the age of rapid technological evolution, cybercriminals have been one of the many benefactors of novel technology, capitalising on emerging technology through the addition of new digital tools to strengthen their arsenals and accelerate their capabilities.
Cyber security controls considered robust not long ago are now being circumvented by these advanced tools and techniques, posing a heightened risk for organisations to mitigate.
Three driving factors can be attributed to attackers’ increasing sophistication:
Adoption of AI
The barrier to entry for leveraging Artificial Intelligence (AI) has been significantly lowered through the emergence of pervasive platforms providing AI as a Service (AIaaS). The ease of implementation coupled with inexpensive requirements has allowed cybercriminals to weaponise AI to increase the efficacy of cyber campaigns, which has been leveraged in phishing campaigns and in the development of malware.[i]
Adoption of nation state tooling
2021 saw a record year of zero-day vulnerability exploitation in the wild, almost three times the volume in the previous year.[ii] Organizations that struggled to sustain the pace required to patch vulnerable systems felt the full force, as cyber insurance data showed a 100% increase in claims relative to 2020.[iii]
Historically, zero-day exploitation has been associated with nation state actors. However, we are witnessing a turning of the tide, as financially motivated cybercriminals were attributed to almost one third of zero-day vulnerability attacks in 2021. Moreover, the time elapsed between the announcement of a zero-day exploit and wide-scale exploitation by other cybercriminals has reduced significantly, which implies that they are adopting the newest tools and techniques developed by nation states with increasing ease.
Cybercriminal mergers and acquisitions
Much like organisations that seek to expand revenues through the acquisition of complementary firms, M&A activity allows cybercriminal groups to grow inorganically and expand their capabilities.
For instance, the adoption of a trust-based team model has accelerated the maturity of cybercriminal group Conti. At the end of 2021, Conti acquired the lead developers and managers of cybercriminal group TrickBot, transforming Trickbot into a subsidiary rather than a supplier. In turn, this granted Conti autonomy over the direction of development activity, while simultaneously strengthening their malware capability.[iv]
How should organisations react?
As organisations embed new defensive capabilities, cybercriminals generate an equal and opposite reaction – whether that be through the adoption of AI, nation state tooling, or the acquisition of new criminal groups. Combatting this requires organisations to act continuously and decisively, and three winning approaches can be taken, at no additional cost, to provide a competitive edge:
[i] Bleeping Computer, ‘OpenAI's new ChatGPT bot: 10 dangerous things it's capable of’, 2022
[ii] MITRE, CVE List 2021-2021, 2022
[iii] Fitch Ratings, ‘US Cyber Insurance Pay-outs Increase Amid Rising Claims, Premium Hikes’, 2022
[iv] Bleeping Computer, ‘Conti ransomware gang takes over TrickBot malware operation’, 2022