Stepping Ahead of Risk
Trend Micro’s 2023 midyear cybersecurity threat report, titled “Stepping Ahead of Risk”, emphasizes the importance of forward-looking mindset for cybersecurity professionals to predict and get ahead of cyber threats.
This is even more important now than ever before, as malicious actors are dynamically changing their attack methods (TTP’s) and targets, utilizing innovations like AI-based solutions to become more prolific and carry out the attacks more efficiently.
In the first half of 2023, AI-enabled tools simplified enacting scams, automating refining targets, and increasing scalability with a crop of new crimes. Ransomware actors have increasingly deployed bring-your-own-vulnerable-driver (BYOVD) attacks while also exploiting zero-day vulnerabilities like those in GoAnywhere, 3CX, PaperCut, and MOVEit. Meanwhile, enterprise threats continued to leverage entry through weak or default passwords.
Trend Micro’s attack surface risk management (ASRM) data showed that the United States, Brazil, and India had the most risk events detected in the first half of 2023, while the manufacturing, healthcare, and technology industries registered the most detections in the same period.
Shift left to stay ahead of connected ransomware groups with ever-changing targets
Ransomware groups continued to update their tools and techniques for expanded targets and efficient data extraction. Our investigations of Royal and Mimic suggested connections with the larger and more notorious Conti ransomware group, while our investigation of TargetCompany showed its links to other families such as the BlueSky and the GlobeImposter ransomware. These connections are consistent with our ransomware revolution insight on how collaborations could lead to lower costs and increased market presence while also maintaining the efficacy of criminal activities.
Meanwhile, financial gain might not be the only motivator for ransomware groups, as government entities could offer recruitment opportunities to operators in lieu of prosecution. In our May report on the RomCom backdoor, we discussed how the historical use of the backdoor in geopolitically motivated attacks on Ukraine since at least October 2022 suggests a shift in Void Rabisu’s targets. Recent ransomware attacks are now comparable to APT groups in terms of skills, approach, and attack capabilities.
Ransomware players who remain in it for money might also turn their data exfiltration efforts toward cryptocurrency theft, business email compromise (BEC), and deploying short-and-distort schemes for stock market manipulation. Cryptocurrency has also made payment schemes more efficient in favor of threat actors, underlining the demand to shift left — meaning implementing as many measures as possible for blocking threats from entering the network in the first place — when anticipating ransomware-related attacks that trigger extortion only after gaining access and exfiltrating data.
AI innovations simplify tasks, even for cybercriminals
As early as 2021, 52% of companies accelerated their AI adoption plans because of the COVID-19 crisis. Meanwhile, organizations are increasingly embedding AI capabilities in their operations. AI adoption continued at a stable pace last year, with 35% of companies using AI in their business. One in every four companies is adopting AI to bridge labor and skills gaps, while two in every three companies are planning to apply AI to address sustainability goals.
The cybersecurity industry can also expect an increase in demand for identity-aware anti-fraud techniques along with an uptick in cybercriminals leveraging AI to carry out virtual crimes more efficiently. Virtual kidnappers, for example, currently use voice cloning, SIM jacking, ChatGPT, and social network analysis and propensities (SNAP) modeling to identify the most profitable targets and execute their ploy.
Meanwhile, ChatGPT and other AI tools create nested tiers of automation to gather information, form target groups, and identify and prioritize vulnerable behaviors by expected revenue to lure big-name victims (also known as “big fish”) in harpoon whaling attacks and romance scams. Other threat actors play the long game and con victims off their money through cryptocurrency investment scams known as pig butchering. There are also reports that AI-based coding assistants and ChatGPT can be tricked into writing malicious code.
A set of proactive and holistic security solutions is crucial, as our midyear cybersecurity threat report shows that illegal actors are shifting targets, utilizing innovations, and becoming more creative to increase efficiency and prolificacy. The use of AI-based innovations in cybercrime will surge as more individuals and enterprises adopt and invest in artificial intelligence to streamline their own operations.
These threats underline the need for a proactive cyber risk management that operationalizes elements of a zero-trust strategy and continuous visibility and assessment across the entire risk life cycle that would comprise discovery, assessment, and mitigation. Investments in extended detection and response would result in sufficient data, analytics, and integrations from which security teams and researchers can reap insights into threat activity and how well defenses are coping.