Latest Cyber Security News

You are here: Home / General Cyber Security News / Activities in the Cybercrime Underground Require a New Approach to Cybersecurity
June 16, 2023


As Risk Actors Consistently Adapt their TTPs in Today’s Threat Landscape, So Must You

Earlier this calendar year, threat researchers at Cybersixgill unveiled the once-a-year report, The State of the Cybercrime Underground. The investigate stems from an investigation of Cybersixgill’s gathered intelligence products during 2022, collected from the deep, dark and clear web. The report examines the steady evolution of danger actors’ practices, resources, and treatments (TTPs) in the Electronic Age – and how companies can adapt to lessen risk and manage small business resilience.

This article summarizes a number of of the report’s conclusions, like trends in credit history card fraud, observations about cryptocurrency, AI developments and how they are decreasing boundaries to entry to cybercrime, and the rise of cybercriminal “as-a-service” things to do. Additional beneath, I also focus on the will need for a new security method, combining attack surface area management (ASM) and cyber danger intelligence (CTI) to beat danger actors’ at any time-transforming methods. The full Cybersixgill report is out there in this article.

✔ Approved Seller From Our Partners
Mullvad VPN Discount

Protect your privacy by Mullvad VPN. Mullvad VPN is one of the famous brands in the security and privacy world. With Mullvad VPN you will not even be asked for your email address. No log policy, no data from you will be saved. Get your license key now from the official distributor of Mullvad with discount: SerialCart® (Limited Offer).

➤ Get Mullvad VPN with 12% Discount


1 — Credit score card fraud is (mostly) on the drop

Credit card fraud has been a widespread and recurrent threat used by underground cybercriminals for many yrs. But several current developments are slowing the tide and substantially lessening credit score card fraud incidents. More not too long ago, we have viewed a sizeable drop in compromised credit score playing cards for sale on illicit underground marketplaces. For instance, in 2019, dark web marketplaces mentioned around 140 million compromised playing cards for sale. The number declined to all-around 102 million in 2020 and plummeted yet again by a further 60% to almost 42 million cards in 2021. Finally, in 2022, this whole plunged all over again to only 9 million cards. The sizeable decline in credit score card fraud is owing mainly to the subsequent:

  • Improvements in authentication and fraud avoidance – Banks and financial institutions are utilizing state-of-the-art authentication and “passwordless” strategies that make it tougher to compromise a card, this kind of as biometric authentication (e.g., fingerprints and facial area recognition), as very well as PINs, EMV chips, and multi-factor authentication (MFA).
  • Authentic-time fraud detection – Applied generally by credit score card companies, actual-time fraud detection methods that use device studying algorithms to review user behavior, spending styles, and geolocation data can detect anomalies or suspicious exercise. At the time a transaction is flagged as suspicious, the issuer might demand from customers extra forms of verification, these as inquiring a security question or sending an SMS verification, creating it additional demanding for fraudsters to use stolen cards.
  • E-commerce security enhancements – Because 2021, e-commerce websites have been utilizing much more robust security actions, this kind of as two-factor authentication (2FA), handle verification methods, and secure payment methods adhering to PCI DSS, producing it harder for cybercriminal threat actors to steal credit score card information from individuals.

    • 2 — Cryptocurrency: a software and a target

    A hallmark of cryptocurrency is that it can be decentralized, allowing buyers anonymity and privacy. No surprise, then, that cryptocurrencies are the payment system of option for cybercriminals to invest in illicit merchandise and services, launder proceeds from cyber attacks, and receive ransomware payments. As cryptocurrency has acquired broader adoption for authentic reasons, it is also develop into a target for danger actors, presenting new opportunities for “crypto-jacking,” electronic wallet takeovers, crypto-mining, and siphoning electronic belongings from crypto exchanges.

    Even with the fallout from the 2022 crypto crash, crypto’s value between cybercriminals has only amplified. As exposed in our report, we saw a 79% improve in crypto account takeover attacks in 2022. (In the long run, cybercriminals use crypto to transfer funds, not make revenue. While transactions on the underground are consummated in cryptocurrency, charges are listed in greenback worth.) However, threat actors may finally abandon cryptocurrencies if investors proceed to pull out because of to the market’s volatility, as much less crypto people make it less difficult for regulation enforcement to track illicit transactions and for legislators to enforce stricter regulation. We are continuing to watch this room to see how it evolves.

    3 — Democratization of AI

    In a lot less than a yr considering that it to start with arrived on the scene, cybercriminals keep on to display wonderful enthusiasm for ChatGPT – as properly as other newly unveiled AI resources – and its guarantee as a power multiplier for cybercrime. With its capacity to emulate human language for social engineering and even automate the improvement of malware code, with the ideal prompts and advice, danger actors can streamline the overall attack chain. ChatGPT enables beginner and considerably less advanced cybercriminals to carry out malicious functions faster, with relative ease. As talked about in our report, AI technology is building cybercrime much more accessible and reducing the barrier of entry by enabling threat actors to swiftly write destructive code and perform other “pre-ransomware” preparatory activities.

    4 — Commercializing Cybercrime with As-a-Provider Offerings

    The as-a-support small business product is increasing, specified its ability to assist cybercriminals commercialize their skills and scale operations. By paying for sophisticated hackers’ companies, infrastructures, or tools, threat actors can outsource the groundwork essential to launch a cyberattack with nominal hard work. In particular regarding is the continued rise of Ransomware-as-a-Support (RaaS). The RaaS organization model operates significantly like a fashionable enterprise, whereby ransomware builders and operators lease out their ransomware technology and infrastructure to a network of lesser competent ‘affiliates’ for distribution in return for a minimize of the ransom extortion gains, thereby scaling their functions. This as-a-provider supplying tends to make the extortion organization obtainable and lucrative to a much larger pool of cybercriminals – driving the speedy boost in ransomware attacks calendar year in excess of calendar year.

    ASM and CTI: A Impressive Cyber Weapon In opposition to Underground Cybercrime

    Every connected asset within just an organization’s sprawling attack surface presents cybercriminals with a likely entry position for attack. Currently, defending the expanding organizational attack area with cyber danger intelligence by yourself to examine publicity is a close to extremely hard undertaking. The modern-day attack surface area is ever more external, extending beyond the identified network perimeter to involve a wide ecosystem of unidentified property from cloud-dependent means, connected IPs, SaaS apps, and third party source chains. As a final result, most companies go through from important blindspots into their finish attacker-uncovered IT atmosphere, though struggling with overpowering portions of cyber danger intelligence facts. To proficiently defend towards cyber threats, security groups need comprehensive visibility into their distinctive attack area and actual-time insight into their threat publicity.

    Embedded with our indigenous, current market foremost Cyber Menace Intelligence (CTI), Cybersixgill’s Attack Surface Administration (ASM) resolution removes visibility blindspots by automating the discovery of the unseen. With this combined resolution, we consistently find out, map, scope and classify unidentified networked belongings that could expose your organization to risk, checking your full asset inventory in true-time across the deep, dark and apparent web. The integration of ASM refines our current market-leading risk intelligence to aim on every single organization’s unique attack surface area, providing the earliest feasible warnings of rising threats concentrating on their small business. With entire visibility into organizational menace exposure, security teams can confidently prioritize their attempts and resources where they are wanted most, considerably accelerating Indicate Time to Remediate (MTTR).

    Offered the at any time-increasing risk landscape of the Digital Age, the means to discover the highest precedence dangers dealing with their group and focus their initiatives appropriately offers huge gains to useful resource-constrained security groups.

    For additional information and facts, be sure to download The Condition of the Cybercrime Underground.

    To plan a demo, take a look at https://cybersixgill.com/book-a-demo.

    Notice: This short article was expertly composed and contributed by Delilah Schwartz, Security Strategist at Cybersixgill.

    Observed this post appealing? Comply with us on Twitter  and LinkedIn to read extra special information we publish.


    Some components of this write-up are sourced from:
    thehackernews.com

    Reader Interactions

    Leave a Reply

    Your email address will not be published. Required fields are marked *