By: Derek Manky
Technology continues to play a significant role in accelerating cyberattacks and increasing their effectiveness, reflecting a global trend that sees cybercriminals growing in number and sophistication.
So, how are the defenders doing? Are we making any headway against this evolving threat landscape? Sadly, not as much as we’d like. Today’s cybercriminals are tech-savvy, emboldened, and supported by sophisticated cybercrime ecosystems bent on maximizing their profits and impact. While we see occasional dips and valleys in the number of attacks, the World Economic Forum reports that 91 per cent of business executives and cybersecurity leaders believe that a far-reaching, catastrophic cyber event could happen in the next two years.
Crime pays
Unfortunately, the success of past cyberattacks was all the encouragement needed to birth a complex cybercrime ecosystem. Today, malicious actors are developing more complex and targeted attacks and offering them up as a service for sale on the dark web to the highest bidder.
As a result of this growing business, the consequence of an attack is also growing. Cybercriminals now have access to the latest tools and technologies, from machine learning to artificial intelligence or AI. Supported by a network of criminal enterprises and sometimes nation-states, their targets are expanding, including critical infrastructure like hospitals, transportation, and industry. Most recently, the press in Canada spread news about cyberattacks on highly impact targets and supply chain management platforms, which impacted multiple critical infrastructures and services, including the health sector.
Reuse and retrofit
Cybercriminals are also adopting their version of the “three Rs” principles to advance their goals efficiently—at least two anyway: reuse and retrofit. What does that mean? Think of cyber adversaries as entrepreneurs looking to maximize their investments. They do this by reusing established code. In fact, according to Fortinet research, the most common malware for the second half of 2022 was more than a year old, and some were over ten years old. But they are also retrofitting old code to deliver more aggressive attacks. For example, in the second half of 2022, Fortinet researchers saw six different “species” of one specific piece of malware. Not content to automate threats, today’s cybercriminals build on successful innovations to do more harm.
Among the technological advances cybercriminals leverage, none has the potential impact of generative AI. By weaponizing AI, attackers can further enhance their attacks by thwarting detection efforts, mimicking human behaviour or maximizing social engineering tactics.
These advances drove a record number of zero-day attacks and new Common Vulnerabilities and Exposures (CVEs) in 2023. Given how valuable zero days can be for attackers, zero-day brokers—cybercrime groups selling zero days on the dark web to multiple buyers—will become more prevalent.
How do we compete
The news seems dire, but there are ways for organizations to push back. First, it’s time for the good guys to band together. Partnerships and cooperation offer the best approach to fighting cybercrime. At Fortinet and FortiGuard Labs, cybercrime research helps us lead, foster and share actionable threat intelligence. Our investment provides opportunities to build trust and gain access to critical information and intelligence that can help identify new threats and proven approaches.
The security community can take many actions to anticipate and disrupt cybercriminals’ efforts. Through international collaboration across the public and private sectors, we can share threat intelligence and adopt standardized measures for incident reporting. We can better understand cybercrime operations by sharing standard definitions and key performance indicators as a sector.
On the technology side, innovations are also being leveraged to protect organizations and critical systems better. Levelling up security controls and locking down processes can shore up defences, making it more difficult for attackers to infiltrate defender’s networks.
Train for the workforce you need
Investments in training are also critical to ensure organizations create a culture of cyber resilience. Cyber awareness and hygiene training must be a cornerstone for any company that extends to all employees, not just those in IT or security functions. An estimated 80% of organizations reported last year that they’d suffered one or more breaches due to a lack of cybersecurity skills and awareness.
Through Fortinet’s Training Institute, individuals and organizations can find access to cybersecurity training, from security professionals who need to upskill to new entrants to the cybersecurity field and even general training for employees working within an organization. Training is critical in improving organizations’ defences.
In this new era of cybercrime, it takes a global effort to combat the growing threats. Investing in training, adopting the right technologies and encouraging collaboration among cybersecurity defenders — whether public or commercial organizations or sectors — is the best way to continue disrupting the growth of today’s cybercriminal supply chains.
To defend against cybercriminals with their ecosystems and supply chains, defenders need to work together to share information, expand knowledge of the threat landscape, and bolster the number of qualified security professionals at the ready.
Derek Manky is Chief Security Strategist & VP Global Threat Intelligence at FortiGuard Labs