By Staff Writer.
Speaking on the sidelines of the Indo Pacific 2022 event in Sydney last week, Glenn Maiden, Director of Threat Intelligence at cybersecurity company Fortinet, said a distinct shift was underway regarding cyber-threats. That shift is the growing sophistication of financially motivated cyber-criminals who have traditionally lurked in the shadows while nation state threat actors took centre stage.
Profit-orientated cyber-criminals pose a bigger threat to targeted organisations and cybersecurity companies than nation-state threat actors, according to one top cybersecurity executive. He also says that quick-learning cyber-criminals are fast matching the threat capabilities of the most well-resourced nation-state backed attackers.
“Nation-state threats probably account for only about 5% to 10% of the threats you see. It’s the criminal threats that are the scourge of the internet,” said Fortinet’s cybersecurity expert. “What we’ve seen in the last 12 to 24 months is a level of sophistication on the cyber-criminal side. Maybe it doesn’t yet match nation-state sophistication, but it’s heading up to that kind of zone.”
Mr Maiden says that historically, cyber-criminals have primarily operated on a volume model, casting their nets wide. He says cyber-criminals will still pick up a few victims that way and that it can still be a viable way to run a cyber-criminal mission. But now, the trend is towards using more complex strategies and software.
“Cyber-criminals are becoming more sophisticated in terms of the modules they are using and some of the capabilities they are using. The level of tradecraft among affiliates running some cyber-criminal campaigns is becoming quite sophisticated.
“Cyber-criminals are finding that if you go and ransom somebody’s network and everything on that network, and then burn it to the ground, that can be really good. But maybe the target will get their network back up.”
Fortinet’s Director of Threat Intelligence says smart cyber-criminals are instead penetrating and moving laterally through networks, identifying the most important personally identifiable information to steal from that organisation, and then burning or threatening to burn everything.
The cyber-criminals can then not only extort a ransom for the physical damage posed to networks, but they also have proprietary information that they can threaten to sell or release.
“It’s a whole new level of sophistication beyond what we have historically seen where you got phishing email. Now, cyber-criminals are socially engineering and spear phishing.”
Mr Maiden says these kinds of cyber attacks are becoming more prevalent. Fortinet’s recent Global Threat Report revealed the volume of sophisticated ransomware attacks is up 10.7 times over the last year. He also says the speed of weaponisation is also increasing.
Formally, it could be months before bad actors exploited a discovered vulnerability. Now, it is only days or weeks before cybersecurity companies see the exponential exploitation of vulnerabilities.
“Once we see a vulnerability, trying to get patches and mitigations out in time and in place starts getting challenging.”
But Mr Maiden says while cyber-threats are changing and the bad actors are getting better at what they are doing, most organisations are also getting better at defending their networks.
“There’s a very good appreciation of the challenge now. While organisations don’t necessarily have every single solution, I think they’ve got a good appreciation of the problem.”