The current landscape of cybersecurity and the major cybersecurity threats and their impact on organizations and users
Abstract
The hallmark of the current cyber security landscape is the rapid development of new digital technologies being put into practice without a full understanding of their potential threats and ways to mitigate them. In addition, IT affects every aspect of modern life and provides a vast opportunity for cyber-attacks of various kinds. What could help mitigate current (and future) cyber threats is society's awareness of cybersecurity and the nature of cyber threats.
Key words
Cyber-attacks, cybersecurity, ransomware, cybercrime, crime as a service
Introduction
The current landscape of cybersecurity is characterized by fast shift to new technologies, digitalization of business as well as private life (public services, social networks, healthcare) accompanied by large-scale and sophisticated attacks and development of AI. In accordance with the European Union Agency for Cybersecurity report on the threat landscape 2023 (ENISA 2023 report [1]) the major threats are:
- Ransomware
- Malware
- Social engineering
- Threats against data
- Threats against availability (Denial of Service (DDoS) and Internet threats)
- Information manipulation and interference
- Supply chain attacks
The Landscape
The shift in management of companies, especially since coronavirus 2019 time, took place instantly from office (onsite) type of work to remote access to software and data. Previously all the data, IT infrastructure were located at the companies’ premises under control of IT specialists, but now IT systems moved to cloud services, where many employees can simultaneously reach (shared) access to files and software of the company while seating at home with their own wi-fi (not always secured) networks. Such disperse of cybersecurity underpinned by human vulnerabilities created positive environment for rise of cyber-attacks.
One of the problems of the current landscape is the global shift of responsibility for cybersecurity from the specialists to average users not quite well acknowledged on cyber threats and making human-related mistakes. There is an inequality between the sophisticated hackers that have deep and professional background in their activity and average people accessing company’s information from home that results in many vulnerabilities and mistakes of users (and companies not always able to control and manage it).
Besides the social engineering techniques (helped by wide spreading and freely-accessible AI) exploit human nature of emotions and mistakes and make it easier to destroy cybersecurity shield. If some 20 years ago it was enough for the user to install licensed software on the personal computer and use an anti-virus program that signaled security alerts and deleted viruses, today it simply does not work. Criminals use different tactics to get access to the smartphones, to steal passwords, bank card details, to receive access to professional accounts of employees or laptops interconnected to the smartphones. Today there is no more need to get through sophisticated IT security system, it is enough to compromise person’s gadgets containing lots of information.
Professional and international scale of attacks
Another problem is a professional and international scale of cyber-attacks. Professional actors offer their criminal services like data and email compromising, malware and ransomware, DDoS attacks, etc. The ‘crime as a service’ market is vastly spread and easily accessible: even unsophisticated user can find an executor for the crime. Today it is possible to make a request for such a ‘service’ (f.e. through darknet forums, telegram channels) and wait for proposals, or just look through advertisements with different types of security crimes with an option to see a reputation of an actual service provider (by stars ratings and feedbacks). Anonymity is one of the core issues that allow cybercriminals to freely advertise their services on different forums, which are hard to close. This easily and instantly accessible market creates a large scale of cyber threats (with no equal amount of cybersecurity specialists to stand against this market).
Another factor that allowed this phenomenon to quickly appear and extend its influence is a secure and reliable financing options of such activities and high profits for the executors. In case there is no opportunity to receive a fair payment for illegal service it would not be so attractive for the actors to advertise and execute their services. But blockchain technologies and anonymous finance transactions made money receipt fast and easy, while hard to trace, so high cash flows attract more hackers to the black market proposing high salaries.
In addition, the work itself is not labor-consuming, as the typical patterns (software) could be developed once and replicated for many times in the future (scalable product). So once the executor put an effort to create a product or service, he can sell it several times (which leads to large scale of attacks), with no need to create individual services every time. Besides, the work can be done from anywhere in the world with the internet connection and this international character of the cybercrime is another specific feature of the current landscape. E.g. in order to attack the USA energy sector there is no need to be necessarily placed within the territory of USA, as has been done by Russian hackers in 2023 [2]. The investigation of the cybercrimes takes time and efforts [3], it is not easy to deal with international legal systems of other countries in order to establish a fact of lawbreaking and to extradite the criminal for proper prosecution, which make the criminals more secure about their safety [4]. Which means they can afford more efforts for sophisticated cyber-attacks and search of vulnerabilities of cybersecurity systems which exist in organizations.
There is also a need to mention a trend of setting up a state-backed (and financed) groups of professional hackers that work in the interests of governments and are acting against other targeted countries or foreign critically important structures. Organized government-backed activity provides a ‘license’ to break the law and allows hackers to have more capabilities to break through even advanced cyber security systems. Usually it follows political tensions.
Corporation related threats
Talking about specifically corporate threats a supply chain method of breaking cybersecurity of big corporations should be mentioned. Today there is no need to spend hours for searching of vulnerabilities in security system of ‘big target’ or to accelerate passwords to accounts, when there is an option to target a much smaller company with poorer IT security system and hack it. Option of sending a malware from hacked suppliers to target company is often used and lead to large-scale failures (NotPetya ransomware, CCleaner malware, SolarWinds Orion breach).
Probably the most financially efficient, and for this reason, one of the most vastly spread corporate-related cybersecurity threats is ransomware. Attack is targeted at information of the user which becomes encrypted resulting in loss of whole access to data and operability of device with no opportunity to continue daily routine of the company. This may lead to instant and huge losses in case the company has to operate its orders, service activity, etc. There is no effective measure against ransomware and that is why many people prefer to agree to the request of payment in return of restoration of immediate data access. But it does not solve the problem, since the files are compromised and would be leaked to darknet, or could be targeted repeatedly. Besides payment to criminals is also a criminal offence (e.g. grounding on the financing of terrorism). So, ransomware is dangerous for company because once it has happened there is no remedy against it and no options to restore the data (not to mention reputational loss).
DDoS attacks also have become more popular against important public, social and governmental resources. It presents a risk of unavailability of the service for an indefinite time with huge potential losses and public resonance, like blocking of telecommunication services.
Public-related threats
Misinformation and manipulation of information became also a very high-scale public problem since it allows to manipulate peoples’ opinion (in the interests of the attackers) and raise social dissatisfaction or panic, and influences collective mind. The AI generated messages, or videos of public persons, especially the political ones pronouncing destabilizing speeches, can disorient and nudge to some impulsive actions [5]. The positive thing about misinformation is that it could be confuted swiftly (but not always, especially during terrorist attacks and wars). The negative thing is a massive and fast speed of spreading of information between the people, through messengers (resending with no check of the source) and reposts in social networks. Social engineering (especially with the use of AI, false voices and videos) is also dangerous.
Conclusion
The featuring trait of the current cybersecurity landscape is prompt evolution of new digital technologies that are put into practice while there is still no full understanding of its potential threats and ways of its mitigation, like AI, quantum computing, and Internet of Things. What could help to mitigate current (and future) cyberthreats is society’s awareness on cyber security and types of cyberthreats. If at least majority of active users of all the gadgets, platforms and information technologies is able to detect cyber threats they would be able to protect themselves and corporates accordingly.
[1] https://www.enisa.europa.eu/publications/enisa-threat-landscape-2023
[2] On 16 June 2023 Russia-linked criminal gang exploited a security flaw in MoveIt Transfer software and compromised the US Department of Energy, British energy giant Shell, University System of Georgia, Johns Hopkins University, and Johns Hopkins Health System - https://www.theguardian.com/technology/2023/jun/16/moveit-transfer-hack-department-of-energy
[3] Example is infamous LockBit with ‘ABCD’ ransomware that operated from 2019 to 2022 and took 10 countries to cooperate for capture of the criminals, with 2 arrests and some criminals are still hiding - https://www.europol.europa.eu/media-press/newsroom/news/law-enforcement-disrupt-worlds-biggest-ransomware-operation
[4] Example is Pegasus software of Israeli-related NSO Group - https://en.wikipedia.org/wiki/NSO_Group
[5] F.e. 2023 fake news on USA President death (https://www.theguardian.com/technology/2023/may/08/ai-generated-news-websites-study )
Darina Shamatonova