COMMENTARY
One of the most repeated ideas about cybersecurity is that it’s a race between attackers and defenders. Cybercrime groups usually are assumed to be early adopters of new technology, used to outwit their adversaries and achieve their goals. But in reality, the picture is more nuanced than that.
While the cybercriminal underground has professionalized and become more organized in recent years, threat actors are, to a great extent, still using the same attack methods today as they were in 2020. This presents a significant opportunity for network defenders — but only if they are prepared to proactively embrace emerging technologies like artificial intelligence (AI).
Tried-and-True Tactics Continue to Dominate
Threat researchers are always analyzing and predicting novel attacks. As the cybersecurity landscape evolves, it is critical for research teams to anticipate where attackers may focus their efforts next and make their organizations more resilient. It is equally important to share these insights with the wider cyber community to make the digital world safer.
However, threat actors are largely still using tried-and-true tactics like phishing, vulnerability exploitation, and compromised account credentials to achieve initial access. That’s borne out by third-party data as well. Credential abuse (22%), exploitation of vulnerabilities (20%), and phishing (19%) were the main data breach attack vectors over the past year, according to Verizon. There was a 34% annual increase in vulnerability exploitation this year, while employees were involved in 60% of breaches, driven by credential compromise and social engineering.
While AI may play a role in these attacks (and especially in empowering less skilled actors to launch effective phishing campaigns in multiple languages), it’s much less prominent than you might expect. Why? Because the old ways are working just fine for the bad guys. Threat actors are often using AI in combination with tried-and-true tactics, like a phishing email designed to steal account credentials or deliver malware that exploits vulnerabilities on the victim’s machine.
The very fact that cybercriminals are still able to find enough low-hanging fruit to hit their revenue targets should be a wake-up call for network defenders.
Criminals Are Specializing
Where things are meaningfully changing is the way the cybercrime economy works. This is now estimated to be a multitrillion-dollar industry, and one that is increasingly driven by a service-based model. Whether they’re designed for ransomware, distributed denial-of-service (DDoS), phishing, infostealer malware, or another end goal, prebuilt packages provide everything the budding cybercriminal needs to launch effective campaigns. You can purchase specific modules or an entire attack chain depending on your needs. Everything is for sale.
While this commoditization of cybercrime is helping to lower the barriers to entry for novices, it’s also providing a lucrative market for increasingly specialized skills. They could be malware developers, money launderers, initial access brokers (IABs), social engineering experts, or specialists in other areas. Large criminal organizations are a rarity. Instead, this division of labor is making the cybercrime supply chain more streamlined and effective than ever. And for now, threat actors are largely content to stick to traditional techniques.
It’s Time for Proactive, AI-driven Security
This means there’s a great opportunity for network defenders to deter opportunistic criminals by using AI-powered tooling. The traditional siloed, layered model of cyber defense is clearly no match for this increasingly professionalized cybercrime industry. There were more than 1.3 billion data breach victims, for example, on the back of a near-record number of compromises.
Instead, security leaders should look for new ways to manage risk across an expansive corporate attack surface.
AI can help by continuously monitoring and flagging vulnerabilities, misconfigurations, and other security gaps — delivering risk scores, playbooks, and orchestrated remediation. It can also help SecOps teams to react fast to new threats, using automated workflows, context-rich detection and AI-driven threat hunting to contain breaches before they spread. Generative AI (GenAI) assistants empower security operation center (SOC) teams to close skills gaps and work more productively. And emerging agentic AI solutions could anticipate and prevent future security challenges.
Times Are Changing
Today’s threat actors may be sticking to tried-and-true TTPs (tactics, techniques, and procedures), but they’re changing in other ways. Not only are they more professional and specialized, but a new generation is increasingly indifferent to traditional cybercrime “norms.” Attacks on schools and hospitals are fair game — irrespective of the human cost. Breached ransomware victims are threatened with SWAT attacks. Some threat actors are even branching out into the disturbing “violence-as-a-service” sector.
What cybercriminals have learned over the years is that, despite occasional law enforcement wins, they can operate with impunity in certain regions. It’s up to defenders to be proactive and make them work harder.
Click Here For The Original Source.
