AI Threats on the Rise: Accelerating the Pace of Learning in Cybersecurity
This week’s cybersecurity news has been abuzz with alerts on major studies revealing government-funded research on the thinking of hackers and targeted attacks, scary reports on threats from artificial intelligence, and a looming shortage of IT skills.
Indeed, with growing ransomware attacks and the presence of increasingly sophisticated AI-powered attacks, stronger cybersecurity is needed more than ever. Here are this week’s in-depth insights on cybersecurity that your need to know.
Government Study Aims to Thwart Hackers by Exploiting Their Biases
The Intelligence Advanced Research Projects Activity (IARPA), part of the Office of the Director of National Intelligence, has launched a government-funded study to better understand and exploit hackers' biases and vulnerabilities to improve cybersecurity.
Five research teams, led by Charles River Analytics, GrammaTech, Peraton Labs, Raytheon Technologies Research Center, and SRI International, are involved in this project.
Approximately 150 experts, including scientists, software engineers, psychologists, and social scientists, are working to develop tools that predict and influence hacker behaviour.
"We think we can affect the attackers’ judgment and reaction and behavior to the benefit of the offenders,” said Kimberly Ferguson-Walter, program manager.
Researchers face the challenge of studying hackers, who are not easily accessible subjects. To overcome this, they will analyse white-hat hackers and simulate hacker environments using employees and students with advanced computer skills.
The project's first phase, lasting about 18 months, aims to identify key decision-making biases and human limitations relevant to cybercriminals.
The subsequent phases will focus on understanding and measuring ways to alter hackers' behaviour, developing software tools to counteract these biases, and integrating artificial intelligence to enhance these defences.
Ferguson-Walter hopes to create "an arsenal of new kinds of defences" for the US intelligence community and potentially for commercial use.
AI-Related Security Concerns Among Experts: “Generative AI in Cybersecurity: Friend or Foe?”
A new report from Deep Instinct reveals that 97% of senior cybersecurity experts believe their organisations will eventually face an AI-driven security incident.
The "Voice of SecOps" report, which surveyed 500 senior cyber experts from various industries including finance, healthcare, and critical infrastructure, highlights the growing concern over AI-powered attacks.
These experts are witnessing an escalation in the sophistication and frequency of AI-related threats, prompting an urgent need for robust cybersecurity strategies.
Identity-Related Breaches: A Growing Concern
In parallel, a report by CyberArk underscores the critical issue of identity-related breaches, with 93% of organisations experiencing two or more such incidents in the past year.
The report highlights that machine identities are the primary drivers of identity growth and are seen as the riskiest type of identity. Alarmingly, only 38% of organisations classify all human and machine identities with sensitive access as privileged users, pointing to a significant gap in security practices.
Critical Tech Skills Shortage Looms
A recent IDC Research survey warns of an impending IT skills shortage that is expected to affect 90% of organisations within the next two years.
This shortage is obstructing digitization projects and the adoption of new technologies, including generative artificial intelligence (genAI).
The survey, which included over 800 North American IT leaders, revealed that nearly two-thirds have experienced missed revenue growth objectives, quality problems, and a decline in customer satisfaction due to a lack of skilled personnel.
Overcoming Skills Shortages
"Getting the right people with the right skills into the right roles has never been so difficult," says Gina Smith, PhD, research director for IDC's IT Skills for Digital Business practice.
"As IT skills shortages widen and the arrival of new technology accelerates, enterprises must find creative ways to hire, train, upskill, and reskill their employees. A culture of learning is the single best way to get there."
However, organizations are facing significant challenges in expanding their employees' skills, including resistance to training.
Common complaints include that courses are too long, learning options are too limited, and there is insufficient alignment between skills and career goals. Addressing these issues is crucial to overcoming the skills crisis and ensuring long-term business success.
Massive Data Breach at Frontier: Over 2 Million Affected by RansomHub Cyberattack
The recent cyberattack on Frontier Communications by the rising ransomware gang RansomHub, posted this week on its leak site, casts a dark shadow over the telecommunications industry.
With over 2 million individuals' sensitive information compromised, this incident underscores a grim reality: even large, well-resourced companies are vulnerable to the relentless and evolving threats posed by cybercriminals.
Despite implementing containment measures and reporting the breach to the SEC, Frontier’s inability to prevent such a significant data compromise highlights critical weaknesses in cybersecurity defences that many companies continue to face.
An April cyberattack on a large telecommunications company has been claimed by a ransomware gang that is gaining steam as a cybercriminal operation.
Experts from NCC Group said RansomHub was the third most prolific ransomware gang that operated in March, with at least 27 attacks.
The group’s emergence has reinforced a longstanding assertion by security researchers that ransomware gangs are nebulous operations, with affiliates moving between different operations and selling stolen data or access to different groups.
This attack is indicative of a broader and more troubling trend. RansomHub, which has already claimed several high-profile victims, including Change Healthcare and Christie’s, represents a new breed of ransomware gangs that are not only sophisticated but also aggressive and opportunistic.
Their ability to exploit the shutdowns or failures of other ransomware groups, like LockBit and AlphV, by recruiting their displaced affiliates, signals an adaptive and resilient threat landscape.
Google Mandiant Latest Insights: Surge in Ransomware Activity in 2023
Mandiant's latest report reveals a significant uptick in ransomware activity in 2023 compared to the previous year. The analysis shows a 75% increase in posts on data leak sites (DLS) and over a 20% rise in Mandiant-led ransomware investigations.
The resurgence in ransomware incidents is primarily driven by the profitability of these operations, with over $1 billion USD paid to attackers in 2023.
Notably, about one-third of new ransomware families identified were variants of previously known ransomware, indicating an evolution in existing threats rather than the emergence of entirely new ones.
Attackers are increasingly using legitimate remote access tools instead of traditional malware like Cobalt Strike BEACON to facilitate their operations.
Ransomware Deployment Tactics and Patterns
Mandiant's observations highlight that ransomware is often deployed rapidly, with almost one-third of incidents seeing ransomware deployed within 48 hours of initial access.
The majority of these attacks occur outside of regular work hours, predominantly in the early morning. This trend suggests attackers are strategically timing their operations to maximise impact and minimise the likelihood of detection.
The report emphasises the need for robust cybersecurity measures and offers practical guidance in its white paper, "Ransomware Protection and Containment Strategies," to help organisations harden their defences and protect critical infrastructure, identities, and endpoints.
Dynamics and Future Outlook
The ransomware landscape in 2023 saw the highest volume of posts on shaming sites since tracking began in early 2020, with Q3 2023 alone breaking records with over 1,300 posts.
Despite significant law enforcement actions against prolific RaaS groups like ALPHV and LOCKBIT in late 2023 and early 2024, threat actors continue to demonstrate resilience.
New ransomware groups, such as RansomHub, are actively recruiting affiliates from disrupted operations, mirroring tactics used by LockBit RaaS.
While the full impact of these law enforcement actions is yet to be seen, the immediate aftermath indicates a temporary reduction in activity from some groups and the rise of new entrants eager to capitalise on the void left by dismantled networks.
