Cybercriminals are becoming professional by advertising a wide range of attack services. Attackers are spending more and more time discovering victim perimeters and their defenses in order to succeed in their intrusions. But most malicious tactics are familiar to security teams.
To make their threats more devastating to public and private organizations, cybercriminal actors are also interested in their defense strategies. They have evolved significantly with real-time network and terminal detection tools, with methods that require AI in particular.
Today, attacks are industrialized as a portfolio of paid solutions suitable for all skill levels. A massive source of income for criminal groups, simple, fast and repeatable. After ransomware as a service (Raas), there is now an expanded set of tools that can be termed Crime as a service (Caas) and includes deep audio and video spoofing.
According to a study by Fortinet, a specialist in cyber security of large accounts, future attacks will be more targeted with a careful stage of knowing the victim’s resources. This monitoring information includes a company’s security strategy, identifiers and passwords, especially for sales on the dark web, the number and type of servers, etc. Somewhat a warrior strategy of knowing the enemy.
Money laundering is called LaaS (Laundering as a Service). Financial flows usually go through anonymous transfer services or cryptocurrency exchanges to avoid detection. This is the role of “mules”, individuals who hide illegal activities and place money in fake organizations, as in the classic criminal world. These operations are automated, making tracking them much more difficult.
Metaverse and NFT: the future attack surfaces
Facebook is investing $10 billion to $15 billion a year in virtual and augmented reality for its Metaverse, which will increase the perimeter to defend. It will be possible to purchase products and services in these immersive universes. An individual’s avatar provides access to their personal or sensitive data, such as identification codes for virtual purchases, digital wallets, cryptocurrency exchanges, NFTs and all currencies used to conduct transactions. Additionally, biometric hacking is a potential vector for hacking, via augmented or virtual reality components, making it easier for a cybercriminal to steal fingerprints, facial recognition data, or retinal scans. Other possible targets are applications, protocols, and transactions in virtual universes. To cope with this, EDR (endpoint detection response), XDR (extended detection response) and NDR (network detection response) solutions will have to evolve and adapt to this new situation.
The trivialization of Wiper-type malware (permanent data destruction), according to Fortinet, will lead to more destructive attacks. This mode of attack has been highlighted since the conflict in Ukraine and is particularly scary because it combines the disturbing powers of a worm with a wiper, and sometimes even ransomware. As in a classic war, it’s about destroying an enemy’s territory, in this case its digital resources. Sweeper attacks reduce detection time for security teams. A challenge to face.