In the age of rapid technological evolution, cybercriminals have been one of the many benefactors of novel technology, capitalising on emerging technology through the addition of new digital tools to strengthen their arsenals and accelerate their capabilities.
Cyber security controls considered robust not long ago are now being circumvented by these advanced tools and techniques, posing a heightened risk for organisations to mitigate.
Three driving factors can be attributed to attackers' increasing sophistication:
Adoption of AI
The barrier to entry for leveraging Artificial Intelligence (AI) has been significantly lowered through the emergence of pervasive platforms providing AI as a Service (AIaaS). The ease of implementation coupled with inexpensive requirements has allowed cybercriminals to weaponise AI to increase the efficacy of cyber campaigns, which has been leveraged in phishing campaigns and in the development of malware.1
Adoption of nation state tooling
2021 saw a record year of zero-day vulnerability exploitation in
the wild, almost three times the volume in the previous
year.2 Organizations that struggled to sustain the pace
required to patch vulnerable systems felt the full force, as cyber
insurance data showed a 100% increase in claims relative to
Historically, zero-day exploitation has been associated with nation state actors. However, we are witnessing a turning of the tide, as financially motivated cybercriminals were attributed to almost one third of zero-day vulnerability attacks in 2021. Moreover, the time elapsed between the announcement of a zero-day exploit and wide-scale exploitation by other cybercriminals has reduced significantly, which implies that they are adopting the newest tools and techniques developed by nation states with increasing ease.
Cybercriminal mergers and acquisitions
Much like organisations that seek to expand revenues through the acquisition of complementary firms, M&A activity allows cybercriminal groups to grow inorganically and expand their capabilities.
For instance, the adoption of a trust-based team model has accelerated the maturity of cybercriminal group Conti. At the end of 2021, Conti acquired the lead developers and managers of cybercriminal group TrickBot, transforming Trickbot into a subsidiary rather than a supplier. In turn, this granted Conti autonomy over the direction of development activity, while simultaneously strengthening their malware capability.4
How should organisations react?
As organisations embed new defensive capabilities, cybercriminals generate an equal and opposite reaction – whether that be through the adoption of AI, nation state tooling, or the acquisition of new criminal groups. Combatting this requires organisations to act continuously and decisively, and three winning approaches can be taken, at no additional cost, to provide a competitive edge:
- Enhance cross-functional
collaboration.Cross-functional collaboration between
security teams and internal partners, such as enterprise
architecture and privacy, is the organisational canary in the coal
mine. Breaking down communication siloes and establishing regular
communication channels and forums for discussion between the teams
enables pertinent risks to be surfaced and addressed before the
- Embed a culture of continuous
improvement.Ultimately, security is not an independent
project that can be completed – it is a behaviour, an
attitude. A paradigm shift is required to transform a security
programme from reactive to proactive. Operationalising this
requires implementing regular lessons learned exercises across all
functions and continually asking the question 'how can we
improve our processes next time?'.
- Measure the efficacy of security controls.
Reportingoperational and executive key performance indicators
enables the effectiveness of key controls to be tracked. Trends and
leading indicators highlight gaps which enables the decision makers
to drive investment and optimise resource allocation, allowing
security programmes to adapt to the dynamic threat landscape.
1. Bleeping Computer, 'OpenAI's new ChatGPT bot: 10 dangerous things it's capable of', 2022
2. MITRE, CVE List 2021-2021, 2022
3. Fitch Ratings, 'US Cyber Insurance Pay-outs Increase Amid Rising Claims, Premium Hikes', 2022
4. Bleeping Computer, 'Conti ransomware gang takes over TrickBot malware operation', 2022
The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.