Cyberattacks are already the most significant operational and financial threat to almost every type of business. Surveys of CISOs consistently reveal phishing attacks, identity security, social engineering, and the resulting data breaches and ransomware attacks are the top concerns.
These fears are well founded. Each new day brings fresh headlines of another major breach or successful ransomware attack. The Cybersecurity and Infrastructure Security Agency (CISA), an agency of the DHS reports that 90% of ransomware attacks begin with phishing. Last quarter witnessed the first individual ransomware loss that exceeded a billion dollars of damages, and a leading news media reported nine new major breaches in a single week.
What is driving this epidemic and how much worse will it get?
The answers are both simple and complex. The simple answer is that this next generation of cyberattacks is being driven by the incredible power and innovation of generative AI, while the primary defense utilized by most organizations to stop the majority of cyberattacks is twenty-year-old multifactor authentication (MFA).
We will look at each of these in detail in the following.
Digital transformation has been reshaping society for decades and the most profound changes are happening now courtesy of Generative AI. With myriad conveniences and efficiencies brought to us by technological advancements, so are perils and harm. The most significant of which is the onslaught on identity that generative AI and a new wave of cybercriminal tools will enable. The proliferation of a new generation of very powerful and user-friendly hacker tools will democratize cyberattacks enabling almost anyone with internet access to launch cyberattacks. This is compounded by the rise of the gig economy, creating an environment that will enable cybercriminal activities to be carried out by untrained individuals.
The franchise model comes to cybercrime
Phishing and ransomware attacks were once the exclusive domain of highly skilled cybercriminals. With the power of generative AI and new cybercriminal tools, the ability to rapidly launch cyberattacks is now readily accessible to the masses via Ransomware-as-a-Service (RaaS) and Generative AI tools on the dark web. These modern hacker tools remove the complexity and knowledge requirements of cyberattacks and enable almost anyone with a computer and internet access to launch an attack.
The process starts with skilled developers who create ransomware, which they then offer to affiliates/would-be cybercriminals for either a fee or a share of the criminal profits. Cybercriminals have developed easy-to-use platforms where affiliates can register, select their preferred ransomware package, and manage their activities. They also provide user-friendly dashboards, tools for managing attacks, the ability to track payments, and extensive "customer support." The affiliate can be void of any advanced technical skills including capabilities in social engineering, phishing, or exploiting software vulnerabilities, and still instantly become a dangerous cybercriminal.
Affiliates most often launch attacks with phishing emails that steal user login credentials. Next, they defeat the legacy MFA of the victim organization. There are more than a half dozen proven and effective ways to bypass legacy MFA including SIM-swapping, session hijacking, social engineering, MFA prompt bombing, and others. After gaining successful network access, the attacker exfiltrates sensitive data and/or encrypts the victim's files, rendering them inaccessible. Ransomware payments are managed through the RaaS platform. The affiliates and developers share the ransom, most often splitting profits around 70% for affiliates and 30% for developers.
The Role of the Dark Web
The dark web has played a crucial role in the accessibility of these tools. Marketplaces on the dark web offer a variety of hacking tools and services, from simple phishing kits to sophisticated malware. These platforms operate in a manner remarkably similar to legitimate e-commerce sites. You'll find user reviews, ratings, and customer support. The anonymity afforded by the dark web makes it a haven for cybercriminals to market their tools and services without fear of law enforcement. And the same goes for the attackers.
The number of RaaS operators has increased exponentially and competition between cybercriminals has driven down prices and increased profits for affiliates. As the tools for cyberattacks are democratized and the barriers to becoming a cybercriminal evaporate, we will see a constant increase in ransomware incidents. We are on the front edge of this and just starting to see the significant financial and operational damage to individuals and organizations that are coming.
Cybercrime in the gig economy
The gig economy is characterized by short-term, flexible jobs, facilitated through digital platforms. It has seen significant growth in recent years and now more than 60 million Americans are gig workers and very few don't use these services in some way. We have gig-workers who shop for us in the morning, deliver food for us at lunch, and provide transportation for us in the evening.
The gig economy has created a massive pool of individuals who can now turn to cybercrime either out of necessity or curiosity. The accessibility of democratized hacker tools means that even those without formal training can engage in illegal cybercriminal activities anonymously, on a part-time basis, from anywhere they may be. Financial incentives and very low odds of being caught will drive large numbers of individuals toward cybercrime. Cybercriminal activities can be highly lucrative, often yielding much higher returns than legitimate gig work.
Mitigation and defense strategies
Addressing the challenges posed by the democratization of cyberattacks requires a multi-faceted approach that includes technological and educational measures.
Organizations must invest in modern cybersecurity technologies to protect against the increasing volume and sophistication of attacks. This includes deploying next-generation firewalls, multifactor authentication, intrusion detection and prevention systems, and endpoint protection solutions. Additionally, the use of artificial intelligence (AI) and machine learning (ML) can enhance threat detection and response capabilities.
90% of data breaches and ransomware attacks result from phishing and social engineering that steal user credentials and defeat legacy MFA. Not all MFA is created equally, and most MFA is twenty-year-old technology. There is an urgent need to implement phishing-resistant, next-generation MFA. Next-generation MFA eliminates all of the current methods that are being used to defeat legacy MFA.
To underscore the importance of modern MFA, a recent survey by , a renowned leadership advisory firm, researched senior security executives to gather their perspectives on MFA solutions and trends. The survey revealed that a significant majority of security leaders are aware of the limitations of legacy MFA and are actively seeking more advanced solutions to combat evolving cyber threats.
It's simple - if cybercriminals are defeating your locks, get better locks.
Raising awareness and educating individuals about cybersecurity is also crucial in mitigating the risks posed by untrained hackers. This includes providing training on safe online practices and how to identify the newest phishing and social engineering attacks.
Conclusion
The democratization of cyberattacks, fueled by the availability of easy-to-use hacking tools and the rise of the gig economy, presents significant challenges for cybersecurity. Untrained individuals now have the capability to launch sophisticated attacks, increasing the volume and complexity of threats faced by organizations. Addressing these challenges requires an upgrade to current defense technologies, most importantly legacy MFA. By adopting these strategies, we can mitigate the risks and protect against the evolving landscape of cyber threats.
John Gunn — CEO and Next-Generation MFA Evangelist https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjgWBPDJYCLklHdEV3LtOQe4CHG0p3UYFzeiPKVfMhI5RISzROxuEnnMgkVcHNVY3USAwjyIrEmGvyX6VtY79wMNFSXgep6Zi6h5gVEK-H2vlUaHRvjpSGUhTKkB8SdN_B50-5u9Ooo1Aj8Qz4pav183N_r0DMh6cjQJLd41uGBhKi2HLwuMRtuNzMlIoKH/s100-rw-e365/john.png