October 25, 2023
If you’re a cybercriminal, congratulations! You’ve selected a high-growth field that’s expected to generate $14 trillion in criminal value by 2028. But that growth in digital criminality is a problem for the rest of us, who must cope with increasingly sophisticated schemes.
Cybercrime was relatively slow-growing industry, generating a mere $1.2 trillion in costs to society globally in 2019, according to Statista. But something snapped in the collective criminal mind in 2020, and cybercrime has been riding an elevated growth curve ever since. Between 2017 and 2028, Statista projects cybercrime will enjoy a 28 percent compound annual growth rate (CAGR).
In the cat and mouse game between criminals and security professionals, staying on top of the latest technologies and techniques the bad guys use is critical if the good guys are to prevail. Here are four security trends to watch now.
Ransomware Still Prevalent
The recent MGM Grand ransomware attack, which brought the casino giant’s systems down for weeks and ultimately cost it $100 million, showed that ransomware is still very much a problem.
According to Rapid7’s Mid-Year Threat Review, ransomware gangs claimed at least 1,500 victims worldwide in the first half of 2023. Many of these attacks occur due to newly discovered software vulnerabilities, which bad actors are exploiting en masse, Rapid7 says.
“Exploitation of public-facing applications has been a popular initial access strategy so far this year, including for advanced persistent threat actors (APTs) and state-sponsored adversaries,” Rapid7’s Tom Caiazza writes in a recent blog post. “APTs exploited both zero-day and known vulnerabilities in routers, security appliances, printer management software, Voice over Internet Protocol [VoIP] technologies, and more.”
Rapid7 further found that nearly 40 percent of incidents observed in the first half of 2023 “resulted from missing or lax enforcement of multi-factor authentication, particularly for VPNs and virtual desktop infrastructure (VDI),” Caiazza writes.
Meanwhile, new research by NCC Group concluded that ransomware attacks were up 153 percent in July this year over last. NCC Group found that the Cl0p cybercrime group was responsible for 34 percent of ransomware attacks in July. Cl0p is the group that claimed responsibility for the MGM hack.
Gen AI-Based Email Emerges
The rise of ChatGPT and generative AI language models has dramatically lowered the bar for creating high-quality text for a variety of use cases. Marketing and sales people are clamoring to use GenAI to generate convincing prose for emails to boost their numbers, and so are the bad guys.
SlashNext teamed up with Osterman Research to look into the phenomenon. The report, “The Role of AI in Email Security,” finds that cybercriminals are already using AI in their email attacks.
“AI services can be used to analyze the stylistic and grammatical nuances of any given person, creating near-perfect matches that the person didn’t write–but could have,” Osterman writes in the report. “Think high-efficacy executive impersonation, email thread hijacking for pretexting, business email compromise attacks, and more.”
Security vendors are responding by finding new ways to fortify email, which Osterman says is insecure by design and also provides “direct contact with employees deep inside an organization.” One of the most obvious ways to thwart AI-based email is to provide AI-based email protection–that is, using machine learning and other AI techniques to spot fake emails.
One-quarter of the survey respondents said email security was their highest security, while about 50 percent said it was in their top three. About one-fifth put it in their top five priorities.
Needle Still In Haystack
Security professionals are inundated with security events to review, most of which are false alerts but some of which are indicators of a cybercrime. Unfortunately, the growth in security events is hampering the security professional’s ability to do her job, according to Vectra AI’s 2023 State of Threat Detection Research Report.
According to Vectra AI’s report, 97 percent of the approximately 2,000 security operating center (SOC) analysts surveyed say they “worry about missing a relevant security event because it’s buried under a flood of alerts.” On average, SOC analysts receive nearly 4,500 alerts daily, and spend nearly three hours a day manually triaging alerts.
That’s clearly not a sustainable workload, but two out of five SOC analysts “believe alert overload is the norm because vendors are afraid of not flagging an event that could turn out to be important,” Vectra AI says in its report.
“The current approach to threat detection is broken,” said Kevin Kennedy, senior vice president of products for Vectra AI.
Security Analysts Burning Out
Statistics like those shared above demonstrate why security analysts are at risk of burning out. In Tines’ recent Voice of the SOC Report, it found that 63 percent say they’re “experiencing burnout” and 55 percent of security professionals say they’re likely to change jobs over the next 12 months.
While some of the work of detecting security threats has been automated, much of it must be done manually. Nearly 19 out of 20 people surveyed for the report say “more automation would improve their work-life balance.”
“This year’s data reveals that overall job satisfaction in the SOC remains high – security practitioners love the work they do,” Tines CEO and co-founder Eoin Hinch says in the report. “However, burnout is taking its toll. Leaders continue to feel their teams are understaffed and don’t have access to the tools that could automate the most mundane aspects of their work.”
Why You Should Be Concerned About the MGM ‘Vishing’ Attack
We Know Security Is A Concern, But What Is Actually Going On?
Security Threats, They Are a Changin’