The cyber security landscape is undergoing a fundamental transformation. No longer is there a simple escalation in the number of attacks, but a strategic shift in their nature, driven by the commercialisation of hacking tools and the growing role of artificial intelligence. Geopolitics and ubiquitous digitalisation are only widening the battlefield, presenting companies with challenges that require new approaches to defence.
A new paradigm: AI and the economics of cyber services
A key change is the maturing of the Cybercrime-as-a-Service (CaaS) model. Specialised groups are offering off-the-shelf tools, vulnerabilities and even full service attacks on the black market. This lowers the entry threshold for less tech-savvy criminals while increasing the scale and sophistication of operations.
In this ecosystem, generative artificial intelligence becomes a powerful force multiplier. It is being used to create highly personalised and convincing phishing campaigns or deepfake scams. While mass video attacks may not yet be viable, real-time voice cloning is becoming a real threat in targeted scams, such as those designed to defraud companies. AI is also being used to automate reconnaissance and create malware that can dynamically adapt to the victim’s environment to avoid detection.
The evolution of tactics: Attackers rely on cunning
We are seeing a clear shift away from simple, high-profile attacks to more subtle and harder-to-detect methods.
- ‘Living off the Land’ attacks and evading detection: Cybercriminals are increasingly keen to use legitimate, built-in tools in operating systems (so-called ‘living off the land’ techniques). The surge in the use of PowerShell scripts shows that attackers prefer to mask their activity in normal network traffic, rather than introducing easily identifiable foreign software into systems. At the same time, malware capable of evading security systems is growing in popularity, with detection rates increasing by 80% in the last quarter of 2023.
- Ransomware ‘on a large scale’: Ransomware attacks are evolving towards a ‘big game hunting’ model. Instead of hundreds of attacks on small businesses, criminal groups are focusing on critical sectors – healthcare, finance, transport or public administration. A successful attack on such infrastructure not only guarantees a larger ransom, but also creates social chaos, which increases the pressure on the victim. Double and triple extortion techniques (data theft and threat of publication, combined with DDoS attacks) are becoming standard.
- The return of Zero Day and the commercialisation of vulnerabilities: The increase in the number of platforms and applications is creating new opportunities for the exploitation of as yet unpatched vulnerabilities (zero-day). The market for zero-day brokers – groups specialising in finding and selling such vulnerabilities on the Darknet – is forecast to grow. This poses a huge risk, as even companies with robust update policies can be targeted.
- Supply chain and attacks from within: As perimeter security is becoming tighter, attackers are looking for weak links elsewhere. One of these is the software supply chain, where CI/CD (automating development processes) systems and third-party components are becoming targets. A second and increasingly worrying trend is the recruitment of employees from target organisations to gain initial access to the network.
Expanded field of attack: New targets, new risks
Digitisation and new technologies are opening more doors for cyber criminals.
- Cloud, containers and 5G: Cloud misconfigurations remain one of the main attack vectors, as the recent data leak of more than 65,000 companies using Microsoft services proved. Experts warn of a new threat in the form of cloud worms, specifically designed to spread autonomously in Kubernetes environments. At the same time, with the development of 5G networks, its infrastructure is becoming an attractive target, and a successful attack could paralyse key sectors of the economy.
- Specialised systems: MFT, XIoT and Blockchain: File transfer management (MFT) systems have proved vulnerable to large-scale attacks. The number of connected devices within the Extended Internet of Things (XIoT) is also growing rapidly – from industrial control systems to medical devices. The number of IoT connections is forecast to exceed 80 billion by 2024, most of them in critical infrastructure. Even private blockchain networks are not secure – there have been ideas of attacks involving encrypting the entire network and demanding a ransom.
Resistance over defence
In the face of such complex and dynamic threats, traditional approaches to cyber security are no longer sufficient. Building organisational cyber resilience – the ability to function even during an attack and quickly return to normal operations – is becoming crucial.
A fundamental defence strategy is becoming a Zero Trust architecture, which assumes that the threat may already be inside the network. Every attempt to access resources, regardless of origin, must be verified. Equally important is cooperation between the public and private sectors to share threat information and continuous education of employees, who are the first line of defence against socio-technical attacks. Without a holistic approach, combining advanced technology with a culture of security, winning this never-ending battle will be impossible.
