Continuing our series on the most significant cyber-attacks this year, Integrity360's incident response team has turned its attention to the cyber security trends that we expect to surface in the latter half of the year.
The Rise of AI
With artificial intelligence (AI) technologies such as ChatGPT becoming more advanced and commonplace, the potential for their misuse in nefarious activities like creating malicious software and mobile applications has increased sharply.
ChatGPT and similar AI models are trained to generate human-like text, which can be manipulated to write complex codes. In the wrong hands, these capabilities can potentially be used to design malicious software like ransomware. Cybercriminals could exploit these tools to automate the development process of such harmful software, making the attacks more sophisticated and harder to detect.
The increasing sophistication of Ransomware attacks, potentially aided by AI technologies, poses a significant threat to businesses and individuals alike.
AI and Malicious Apps
These technologies can also be used to create malicious mobile applications. By using AI to automate the coding process, attackers could potentially flood markets like the Google Playstore with malicious apps at a scale and speed previously unimaginable. We’ve already seen an influx of such apps that often mimic legitimate ones, tricking users into installing them. Once installed, these applications could steal personal information, send premium-rate text messages, or even gain complete control over the user's device.
As AI continues to evolve, it's important to implement rigorous security measures, both in the development of these technologies and in the platforms where they could be misused. It's a balancing act to leverage the potential of AI for beneficial uses, while mitigating the risks it could pose to cyber security.
Increased number of DDoS attacks due to Russia/Ukraine war
The number of cyber-attacks linked to the ongoing conflict in Ukraine has increased dramatically. Initially, in the onset of the dispute, the brunt of incidents solely affected. However, there has been a sharp rise in conflict-related incidents in EU countries during the past six months (rising from 9.8% to 46.5% of global attacks).
According to research from Thales, in the summer of 2022, the number of conflict-related incidents within EU nations almost rivalled that in Ukraine (85 compared to 86). However in the first quarter of 2023, the vast majority of incidents (80.9%) have occurred within the borders of the European Union and that figure shows no sign of decreasing.
DDoS attacks now comprise 75% of the attacks launched by Russian linked attackers against western businesses and government organisations we can expect to see this trend continuing in the next few months as the war grinds on.
The reason for the increased use of DDoS attacks?
While DDoS attacks typically have a minor operational impact, they maintain a state of unease amongst security personnel and decision-makers. The intention is not necessarily to inflict significant operational damage, but rather to antagonise the targets and dissuade them from extending support to Ukraine.
Zero-Day Remote Code Execution Vulnerability on physical hardware
The discovered zero day vulnerabilities in numerous products from the likes of Barracuda, Fortinet, Sonicwall and Cisco SD-WAN pose a significant risk to all businesses and organisations. As more information is revealed we can expect a growing number of organisations to be targeted by malicious actors and unfortunately will likely learn of successful attacks. On what scale, however, is hard to guess.
Ensuring that the latest security patches are applied and software is kept up to date is a crucial aspect of maintaining a robust cybersecurity posture. Outdated software and unpatched systems are fertile ground for cybercriminals, who exploit known vulnerabilities to infiltrate networks and carry out malicious activities.
Security patches are created to fix vulnerabilities that have been identified in software. When software is not updated with these patches, it leaves the system susceptible to attacks. As such, maintaining up-to-date software is akin to keeping the doors and windows of a house locked - it's a basic, yet essential, measure to prevent intruders from gaining access.
Additionally, the latest versions of software often come with enhanced security features and improvements that increase their resilience against cyber threats. Therefore, regular software updates serve not only to patch vulnerabilities, but also to improve overall security.
Ransomware Resurgence will continue
Ransomware gangs have increased their activity in recent months with data showing that prominent gangs such as LockBit and Cl0p are responsible for nearly 40% of all ransomware attacks recorded in June. Their main target seems to be the USA with 47.5% of their attacks being aimed at US based organisations.
Cl0p claimed responsibility for the supply chain attack on the widely used MOVEit file transfer platform which has impacted scores of organisations worldwide. The attack also triggered a cascade of incidents following a breach at HR and payroll provider Zellis.
LockBit meanwhile has increased its aggressiveness after it attacked Taiwanese chipmaket TSMC and demanded a massive $70 million ransom payment. It has also continued to target healthcare sector and governmental targets.
In the first six months of 2023 security experts witnessed a 48% annual increase in the number of ransomware incidents and they show no signs of slowing for the remainder of the year. It seems ransomware criminals have returned to targeting larger organisations, after a period focused on smaller firms with less robust defences.
If you are worried about any of the threats outlined in this blog or need help in determining what steps you should take to protect yourself from the most material threats facing your organisation, please Get in touch to find out how you can protect your organisation.
