Cybersecurity: good things can come from bad
Every year, ENISA, the European Union Agency for Cybersecurity, publishes a status on the evolutions of cybersecurity issues. The 2023 edition, titled "ENISA Threat Landscape 2023" is just out.
The document presents lots of interesting conclusions: "DDoS and ransomware rank the highest among the prime threats," which demonstrates that it is not the most elaborate threats that are the most effective. Quite the opposite, the most basic attacks on systems, such as ransomware and DDoS, remain the most harmful. ENISA adds that several threat actors further developed their "As-a-Service" programs, making it always easier for criminals to perpetrate their attacks. Hackers-for-hire demonstrate the professionalization of the cybercrime market, with typically Ransomware-as-a-Service (RaaS).
ENISA also establish that "public administration is the most targeted sector," which is consistent with all we can read in the press since EU and other legal entities have made it mandatory for victims to report cyberattacks.
ENISA insists that information manipulation has been "a key element of Russia’s war of aggression against Ukraine." This statement was obviously written before the ongoing Israel – Hamas war. Propaganda is as old as the Art of War. Typically, diabolizing the enemy while pretending our camp is saving the world and acting right, using manipulated images and showing support from the population have always been used as propaganda in every war. Nowadays techniques, such as AI, just make it more efficient. In relation with the previous topic, "geopolitics continue to have a strong impact on cyber operations," says ENISA, and it is always difficult to identify the origin of attacks and to sort out who among hacktivists are working for governments or independently. However, ENISA demonstrates that financial gain is by far the prime motivation of cyberattacks, well ahead of any political, espionage or ideological goal.
Social engineering encompasses a broad range of activities that attempt to exploit a human error or human behavior with the objective of gaining access to information or services, it includes phishing and its variants (Whaling targeting high level executives, Smishing using SMS, Vishing using voice, Scareware building upon fears, etc.). Phishing and its variants are identified as an initial access vector in 41% of incidents, according to IBM and 82% of breaches involved the human element according to Verizon research. Social engineering is bound to grow even faster as AI resources are increasingly twisted in providing phishing attacks: Europol issued a warning about the potential use by cybercriminals of ChatGPT in March 2023. Vishing attacks are becoming easier to perpetrate thanks to AI-based voice-cloning. A few seconds could be enough to create a reasonable fake voice. The US Federal Trade Commission issued a warning about calls where attackers pretend to be a family member who is in trouble and is asking for money.
The positive aspect of the report is that more legal actions are taken against cybercrime actors. For instance, one may remember that, in January 2023, the German, Dutch and US authorities publicly released they were taking down the infrastructure of the prolific HIVE ransomware, involving authorities from 13 countries in total. More recently, earlier this month, Ragnar Locker ransomware gang was taken down by an international police action coordinated by Europol and Eurojust: the head of Ragnar Locker was arrested in Paris, France, after searches conducted in Czechia, Spain and Latvia.
In addition, the increase and the evolution of cyberthreats is the best fuel for growth for the cybersecurity market. Reports announcing the fast surge in cybersecurity needs abound and are used in our industry to demonstrate market opportunities. For instance, McKinsey & Company establish that "organizations around the world spent around US$ 150 billion (EUR 142 billion) in 2021 on cybersecurity, growing by 12.4% annually," and that "the global cybersecurity total addressable market may reach US$ 1.5 to 2 trillion (EUR 1.4 to 1.9 trillion), about ten times the size of the vended market."