The rise of cyber gangs and GenAI: Will tighter security controls be needed in 2024?
While technological innovation typically means progress, cybercrime is a different story. As this illicit sector rapidly expands, powered by technologies such as AI, we need to urgently focus on the crucial security measures needed to combat these evolving challenges.
Ulrich Kohn
The recent ENISA “Threat Landscape Report 2023” and BSI’s “State of IT Security in Germany in 2023” paint a challenging picture. Both reports agree that ransomware is the most serious security threat. Amidst political unrest, nation-state cyber activities are on the rise. Hacktivism, driven by ideology, not only targets key institutions and government bodies but also aims at swaying public and personal opinions, undermining societal stability. With the growing dependency of businesses and governments on digital services, attacks on network and service availability have significantly increased. Furthermore, the advancement of AI is enhancing cybercriminals’ arsenal, accelerating the commercialization of illegal cyber activities.
There is no doubt that the challenges will grow in 2024. Let’s look at emerging threat vectors and how to safeguard against them.
Generative AI and social engineering
Social engineering is still the prominent entry strategy for cybercriminals and is frequently the first infiltration step. Simple phishing emails are being replaced by malicious GenAI-created attacks. AI-based information manipulation makes it much more difficult to separate true from false. In addition, AI voice cloning generates convincingly genuine speech. Backed up with deep fake videos based on rich background information, individuals are pushed for action with little chance of detecting the deception. Such GenAI-created information manipulation has the potential to not only influence individual perceptions but, on a larger scale, sway public opinion, and destabilize societies.
Moreover, all of this can happen in a highly automated way. This will make it attractive to target lower-gain victims and extend the number of attacks.
Countering controls
There are a range of ways to protect against social engineering. Awareness creation is a sensible first step. But due to the increased sophistication, additional technical controls are required. Identifying the authorship and integrity of any human artifact must be easily possible, minimizing the risk of falling prey to manipulated information. What’s more, zero-trust principles need to be extended from protecting devices and resources to safeguarding any piece of data, including personally created data.
Implementing hardware-based security is essential for protecting hosting platforms at the edge.
Cybercrime-as-a-service
Cyberattack services have become a highly profitable business, targeting a market worth billions of euros. Cyber gangs run their operations with business-like efficiency, navigating a competitive landscape similar to legitimate enterprises.
An ecosystem of malicious organizations addresses every step of the attack chain from intrusion, lateral movement and privileged access to exploitation and extortion. Illicit providers of criminal services have begun to specialize in offering distinct tools, software and services on the dark net. Phishing-as-a-service is used to drop initial malware provided by a specialized supplier of criminal software. In the next step, criminal cyber experts make crypto and exfiltration software invisible to commonly used intrusion detection systems and upload it into the target network. The monetization phase is often supported by additional threat actions such as DDoS, which detracts the attention of any overloaded cybersecurity team and puts extra pressure on the victim.
In short, sophistication and the number of attacks increase while the cost decreases. This will lead to targeting smaller companies, which might be suppliers of a small piece of a solution. Supply-chain attacks are rising, as those vendors might apply less stringent security controls. A prime example is the attack on MOVEit file transfer software in May 2023, which demonstrated how supply-chain attacks can easily multiply their impact by compromising many downstream companies.
Countering controls
To effectively counter these threats, it’s essential to augment security controls that prevent intrusions with strategies that minimize their impact. Implementing access controls with least-privilege principles becomes significantly more effective when combined with pragmatic on-premises network segmentation, backed up with separating flows also in the wide area network. Zero-trust (ZT) network designs will steer the implementation of those safeguards, strengthening the end-to-end network by micro-segmentation.
It’s important to recognize that zero-trust frameworks are not replacements for traditional firewalling but rather serve as vital complements, fortifying the overall security posture.
Please also consider connecting your networked devices to a connection-oriented wide-area network rather than the internet. After all, why provide access to billions of internet users worldwide when your only relevant endpoint is just some kilometers away? Yes, internet connectivity is very convenient, but operators might be more inclined to offer these secure, connection-oriented services if sufficient users request it.
The cloud is moving to the edge
Companies and public authorities are eager to host their workloads closer to where they operate. This need comes from latency, scale and efficiency requirements. This however creates several challenges. As appliances move from the protection of centralized data centers into the wild, the need for robust hardware-based security controls at the edge becomes critical. Firewalls and intrusion detection/prevention appliances running on-premises in virtual machines can only provide security if the underlying network operating system and hypervisor are well protected.
Countering controls
Implementing hardware-based security is essential for protecting hosting platforms at the edge. This includes utilizing lower-layer encryption to ensure integrity and privacy of the communication from the edge to the cloud. Such encryption serves as a protective layer for servers, network operating systems and any virtualized network functions hosted within these environments. Additionally, in scenarios involving multiple-tenant hosting at the edge, data streams should be transported separately in a segmented wide area network.
Summary
As we look ahead, it’s clear that our security teams will be kept busy in the coming year. The good news is that we are equipped with potent protection tools. Applying security on all network layers in combination with restrictive access controls is an efficient barrier to the malicious activities of cyber criminals. At Adva Network Security, we remain committed to partnering with you to ensure your network is an impenetrable fortress against these evolving threats.