With the modern-day cyber threat landscape more crowded than ever, Advanced Persistent Threats (APTs) are becoming a major worry, causing major problems for cybersecurity teams across the world.
TechRadar Pro spoke to Dmitry Volkov, CEO of cybersecurity firm Group IB, which recently revealed new research pointing to 2024 as a ‘year of cybercriminal escalation’, with a 10% rise in ransomware compared to the previous year, and a 22% rise in phishing attacks - showing a serious development in cybercriminal infrastructure.
“We’re seeing some big changes,” Volkov declared. “Last year, we detected that more than 5,000 attacks were listed on data leak sites managed by these ransomware groups. This is a big increase.”
‘Game-changing' AI
We’ve all heard it before - AI is being used by security teams and by cybercriminals, and its role is only growing. It’s true that attackers are using the technology to develop more sophisticated attacks and more accessible tools will make these more frequent and severe.
“AI is now the big and important part of everything [cybersecurity teams] do,” Volkov reaffirms, “because without it, it's impossible to analyze big volumes of information, and that is usually unstructured information.”
But it’s not quite there yet - it’s not a “silver bullet”, Volkov says. This is mostly because security experts “don’t trust the technology 100%”, so, they use AI for advice, analysis, and to speed up processes - but not yet for higher automation.
“At the current level of development, it's not mature enough. We can't trust it. It will take time to develop better technologies, to make it more accurate”
“AI will help [teams] to achieve their goals, raising efficiency. And because of AI, it's not just about cyber attacks, it's more about fraud. Because the first application [of AI] that we’ve seen on the cyber criminal side, is to make fraudulent activity more efficient”
So, for the foreseeable, AI will remain a piece of the toolkit rather than a complete revolution in the way cybersecurity is conducted.
Ransomware prevails
In 2024, ransomware remained one of cybersecurity’s most pervasive cyber threats. The Ransomware-as-a-Service (RaaS) model has expanded through its affiliate networks at a rapid pace, with refined methods for encryption, data exfiltration, and extortion.
Group-IB’s research identified 39 advertisements for RaaS programs on dark web forums, and the number of offers looking for affiliates to join the programs rose 44% compared to the previous year.
Ransomware is evolving fast, and the groups have become more disruptive, Volkov says. Because governments are protecting data with ‘deglobalization’ strategies, attackers are increasingly able to target critical infrastructure,
“We put all the services in one basket. So that's why if threat factors manage to do one successful attack on this infrastructure, dozens, or in some cases hundreds of government services become unavailable.”
There’s no sign that this is slowing either, with ransomware attacks soaring to new highs, both thanks to the diversification of RaaS groups, and the strengthening of tactics. 2024 saw a serious rise in the number of active ransomware groups, with some research suggesting a 56% increase year-on-year.
“Last year, we detected that more than 5,000 attacks were listed on data leak sites managed by these ransomware groups. This is a big increase.”
But there has been some significant progress thanks to some high-profile disruptions, such as Operation Cronos, and emerging regulations aimed at dissuading RaaS attackers by banning public services from paying any ransoms.
Geopolitical motivators
Cybercrime is increasingly politically motivated. According to Group-IB’s research, state-sponsored actors have intensified their attacks on Europe, “largely due to the ongoing political conflicts between Russia and Ukraine in Europe”.
These conflicts “draw in” various international stakeholders, but also crucially “create an environment where cyber operations are used as tools of influence, disruption, and espionage, prompting state actors to exploit the geopolitical instability for their strategic objectives.”
State-sponsored actors pose a ‘real threat’, not just to government agencies, but to private companies that provide critical services. We’ve seen this evidenced in many healthcare attacks, and the giant ‘major incident’ that targeted 9 major US telecommunications firms.
What are experts scared of? How much damage can a cyber attack really do? Well, you’d be surprised. A nation-backed threat actor could plunge the world into darkness by cutting an undersea cable and attacking satellites at the same time - which would be devastating for civilizations across the world.
This isn’t outside the realms of possibility, with NATO previously warning that Russia could target critical infrastructure like internet and GPS, so protecting from cyberattacks is something every industry must be concerned with.
“The worst case scenario will be the combination of disruption in undersea part second satellite and if key telcos are already breached and potential threat actors have remote control of this network, it could multiply the effect," concludes Volkov.
You must confirm your public display name before commenting
Please logout and then login again, you will then be prompted to enter your display name.
