Securing Tomorrow: Lessons Learned and Future Challenges from ISTARI’S CHARTER 2024

In late March, I took part in the CHARTER event that was hosted by ISTARI in Singapore. The event included discussions on various issues – from the geo-political situation between the US and China, to advances in artificial intelligence (AI).

The panel I participated in focused on two questions:

• What are the most important trends in cyber – and specifically ransomware?
• What types of threats are organizations likely to face in coming years?

Both questions are complex: the first is an area where just about everything has already been said, and trying to predict the second will naturally result in failure – looking back five years today, no expert would have been able to forecast the state we are in now.

Starting with the easier question first, today there are two major trends in cyber: cybercrime as a service and evolution in ransomware.

Cybercrime as a Business

Looking at the incidents that have emerged over the last few years, a trend that is often overlooked is that cybercrime has become a business into itself!

This is evidenced in multiple ways:

• Development of novel business models – Ransomware as a Service (RaaS), Initial Access Brokers, Affiliates, and other terms taken from standard business practices, are constantly being developed by threat actors. And like in the corporate world, goals vary.  Sometimes money – and sometimes, it’s other, more strategic goals.

• Leveraging technology to gain advantage – Like any other business, threat actors use advances in technology to their advantage. Sometimes it’s cloud technologies, other times, it’s Internet of Things (IoT) – and in an increasing number of cases, AI is involved. Today we’re seeing only glimpses of what threat actors can do with AI to initiate attacks – from deep fakes to machine-automated phishing; but we also know that attackers are using AI for operational efficiencies for activities such as sifting through leaked materials and increasing automation capabilities.

• Seizing opportunities – Like any business, cyber criminals use any opportunity to advance their goals. The most cynical example is threats of whistleblower type of attacks, where attackers threaten to expose compliance weaknesses to regulators.,. In this sense, ‘platformization’ is a huge opportunity for attackers. Simply put, once cyber criminals exploit a single vulnerability (or a very small number of vulnerabilities), they can then use the same vulnerability to gain access to numerous organizations and extort enormous sums of money.

Ransomware Trends

We saw quite a few ransomware trends in 2023, many of which were already discussed. Below are some trends that are more obvious, and some that shed new light on current threats.

• Exfiltration without encryption – In the last few months, we have noticed a new trend – the mere threat of data exfiltration is taken so seriously that encryption is no long necessary. Many organizations have invested heavily in protecting systems, without identifying lacked good data storage hygiene, meaning they did not know what data was stored where or how it was protected.  Sometimes critical data was not even protected, let alone identified.  the  The result – a very attractive target for attackers. These situations, make taking an organization’s data and threatening to leak it is much easier for the attacker, and while making it much more difficult for the defender to protect the organization against the cyber criminals.

• Operational networks and critical infrastructure – For years, the OT domain was neglected by the cyber security industry, with security approaches to critical Infrastructure primarily focused on ‘safety’. We are now paying the price for this approach. Air-gapping, the paradigm on which this focus on ‘safety’ and ‘protection’ was built –– disappeared into thin air. Nowadays, few organizations can keep their operational technology from connecting to cloud-based services. As a result, these organizations are the highly targeted, with frightening potential impact on the environment, people and overall civilization.

• Supply chain and third parties – While definitely not a new area, we have recently seen major developments in attacks on supply chains and third parties. Paradoxically, the important work organizations are doing to protect themselves, the use of third-party connections, technologies and services opens the doors to third parties. This trend is hugely beneficial for threat actors, who can exploit less well-protected third parties to reach their primary targets.

• Exploitation of client trust – One of the most interesting developments is that threat actors are leveraging organizations’ fear of reputational damage to blackmail them via their clients. Threatening a client that their data will be exposed if their supplier does not pay a ransom is an almost fail-safe technique, which has been shown to work time and again.

What to do in the face of these threats? There is a lot that we can do, but without going into specific details, the advice will sound fluffy, so I’ll leave that topic for another discussion.

Five Years From Now

The second question I was asked was: “What does the future hold?”

To be fair, if I had that kind of talent for prophecy, I’d be lying on a beach somewhere, after making vast sums of money by predicting stocks.

There is no doubt that cyber wars will become increasingly vicious in the coming years. I’m sympathetic to the people who believe that AI will assist in ensuring that good will prevail in these wars, but if history has taught us anything, an attitude is too optimistic and not grounded in reality.

• Cyber as a business –Continuing on what I mentioned above, cyber is becoming a major business, and we are moving from an era of cybercrime to ‘organized cybercrime’, or ‘cyber syndicates’.

• Technology as an attacker’s advantage – Threat actors are always a few steps ahead of defenders in adopting technology advances, constantly seeking to gain and maintain an advantage. Our lives are depend on devices – from computers and cell phones to medical implants and devices that are intended to protect our health and safety. Although we should not and cannot go backwards in time, it’s worth keeping in mind that while a car from the 1960s could not be hacked, today our cars are sophisticated computers on wheels where even braking systems are connected to a system of some kind – even if we don’t know it. And if we’re talking AI – and most of us are – threat actors are exploiting it to compromise those same devices, and systems.

• Cyber war – Cyber is the great democratizer in nation-state warfare. Countries that lack traditional military might are using cyber-attacks.  Although kinetic war is still favored by many nation states, it is highly dependent on cyber. The aftermath of this combination will probably be even more dramatic than anything we’ve seen to date: in parallel with the cybercrime syndicates and organized cybercrime, cyber threats from nation-states will push us towards more difficult challenges.

Despite these new and increasing threats, there is cause for optimism. The main hope is around the newly emerging buds of international efforts against cybercrime. In the last few months, we have seen several takeovers of threat actors’ infrastructure by law enforcement agencies; the UN is progressing in the battle against cybercrime, some barriers against operations are removed, and almost all countries and international unions understand the increasing risk of cyber attacks. Collaboration is key in the journey to cyber security. Let’s move fast together so that good may prevail over evil!