Cybersecurity experts are sounding the alarm as the pace of cyber-attacks speeds up, with threat actors moving swiftly from infiltration to exploitation, seeking rapid financial gains. Ransomware-as-a-Service (RaaS) has made coordinated attacks easier, as specialised cybercriminals work together to streamline the process and achieve quicker, more impactful strikes.
According to Stephen Osler, co-founder and business development director at Nclose, RaaS plays a crucial role in accelerating cyber-attacks. “In this model, different cybercrime specialists handle various stages of the attack chain, including reconnaissance, password compromise, privilege escalation, and execution. This collaborative approach involves multiple specialists working together to expedite the attack process.”
During the first quarter of 2024, there has been a significant increase in the volume of attacks, says Osler. Cybercriminals are leveraging artificial intelligence (AI) to amplify the scale and speed of their offensives. “We are also seeing more attempts in our MDR clients. This increase in the volume of attacks might be due in part to attackers shifting their focus from nation-state type attacks back to traditional enterprises, which is worrying.”
At the same time, cyber defenders are using AI to support their efforts, he says. Dwell times, the critical period from breach to detection, have notably shrunk, possibly because of advancements in detection technologies.
“Google Cloud-owned Mandiant’s 2024 M-Trends report, which was released this month, validates this observation. The report highlights a significant decrease in the global median dwell time from 16 days in the previous M-Trends report to just 10 days last year, down from 101 days in 2017.”
Pre-election cyber risk
Amidst these developments, cyber attackers are exploiting major events to manipulate emotions and sow discord. With elections on the horizon, there is a heightened risk of phishing attacks themed around political events, Osler warns.
“Criminals will always try to prey on people’s emotions, and elections are an emotional time, so they could launch phishing attacks with election themes. As always, people should exercise caution and not allow their emotions to be exploited. They should never click on a link to verify information.”
He further adds: “People should know the risk of fake news and the use of deepfakes to sway public opinion ahead of the election. With generative AI, it has become very easy to create fake pictures and videos purported to represent political figures.”
As cybersecurity trends continue to evolve at breakneck speed, individuals and organisations are urged to stay vigilant and proactive in the face of these dynamic threats, Osler concludes. “The shifting landscape of cyber warfare demands a heightened level of awareness and readiness to navigate the ever-changing digital security domain.”