As threat actors continually adapt TTPs to today’s threat landscape, so should you
Earlier this year, Cybersixgill threat researchers released their annual report: The State of Underground Cybercrime. This research is based on Cybersixgill’s analysis of intelligence items collected from the Deep, Dark, and Clear Web throughout 2022. This report examines the continued evolution of threat actor tactics, tools, and procedures (TTPs) in the digital age and how organizations can adapt to mitigate risk and maintain business resilience. I’m here.
This article discusses trends in credit card fraud, observations about cryptocurrencies, AI developments and how they are lowering the barriers to entry for cybercrime, and an overview of cybercrime “as-a-service” activities. It summarizes some of the report’s findings, such as the rise. Further below, we discuss the need for a new security approach that combines Attack Surface Management (ASM) and Cyber Threat Intelligence (CTI) to combat the ever-changing techniques of threat actors.of Read the full Cybersixgill report here.
1 — Credit card fraud is (almost) on the decline
Credit card fraud has been a common threat frequented by underground cybercriminals for many years. However, some recent developments have slowed this trend and significantly reduced credit card fraud incidents. Recently, we have seen a significant drop in compromised credit cards being sold on fraudulent underground markets. For example, in 2019, approximately 140 million compromised cards were listed for sale on dark web markets. That number will drop to about 102 million in 2020, and will drop another 60% to about 42 million in 2021. Ultimately, in 2022, this total plummeted again to just 9 million. The significant decline in credit card fraud is primarily due to:
- Improved authentication and fraud prevention – Banks and financial institutions are using biometrics (e.g. fingerprint and facial recognition) and PINs, EMV chips, and multi-factor authentication (MFA).
- Real-time fraud detection – Mainly implemented by credit card companies, real-time fraud detection systems use machine learning algorithms to analyze user behavior, spending patterns, and geolocation data to identify anomalies and suspicious activity. increase. If a transaction is flagged as suspicious, the issuer may ask for additional verification, such as asking a security question or sending an SMS verification, thus allowing fraudsters to use stolen cards. becomes more difficult to do.
- Improved e-commerce security – From 2021 onwards, e-commerce sites will adopt more robust security measures such as two-factor authentication (2FA), address verification systems, PCI DSS compliant secure payment systems, and cyber The threat of crime has become more difficult. Attackers steal credit card data from consumers.
2 — Cryptocurrencies: Tools and Targets
A feature of cryptocurrencies is that they are decentralized, ensuring user anonymity and privacy. It is therefore surprising that cryptocurrencies are the payment method of choice for cybercriminals to purchase illicit goods and services, launder cyberattack proceeds, and receive ransomware payments. not. While cryptocurrencies have become widely adopted for legitimate purposes, they have also become a target for threat actors, using “cryptojacking”, hijacking of digital wallets, cryptocurrency mining, and exfiltration of digital assets from cryptocurrency exchanges. is bringing new opportunities such as siphoning.
Despite the impact of the 2022 cryptocurrency crash, the value of cryptocurrencies among cybercriminals is only increasing. As our report reveals, there will be a 79% increase in cryptocurrency account takeover attacks in 2022. (Ultimately, cybercriminals use cryptocurrencies to move money, not to make money. Underground transactions are completed in cryptocurrencies, but prices are expressed in dollars. .) However, threat actors may eventually abandon cryptocurrencies if investors continue to pull out due to market volatility. This is because fewer cryptocurrency users make it easier for law enforcement to track down illegal transactions and easier for legislators to enforce stricter regulations. We continue to observe how this field evolves.
3 — Democratizing AI
Less than a year after its first appearance, cybercriminals continue to show great enthusiasm for ChatGPT and other newly released AI tools, citing them as doubling the power of cybercrime. We continue to live up to those expectations. The ability to emulate human language for social engineering and automate malware code development with appropriate prompts and guidance allows threat actors to streamline the entire attack chain. ChatGPT makes it quicker and relatively easier for even novice and less sophisticated cybercriminals to perform malicious acts. As we discussed in our report, AI technology can make cybercrime more viable by enabling threat actors to rapidly create malicious code and perform other “pre-ransomware” preparatory activities. It’s easy to access and lowers the entry barrier.
Four — Commercializing Cyber Crime with As-a-Service Services
As-a-service business models are on the rise as cybercriminals can commercialize their expertise and expand their operations. By purchasing sophisticated hacker services, infrastructure, or tools, attackers can outsource the groundwork necessary to launch cyberattacks with minimal effort. Of particular concern is the continued rise in Ransomware-as-a-Service (RaaS). The RaaS business model is much like modern business, where ransomware developers and operators use ransomware technology and infrastructure as part of their ransom profits. In exchange, you lease it to a network of less skilled “affiliates” for distribution, thereby expanding your business. Ransomware attacks are surging year after year as this as-a-service service allows more cybercriminals to access and profit from their extortion business.
ASM and CTI: Powerful Cyber Weapons Against Underground Cyber Crime
All connected assets within an organization’s vast attack surface provide cybercriminals with potential entry points for attacks. Protecting an organization’s expanding attack surface with cyber threat intelligence alone and assessing exposure is now a near-impossible task. The modern attack surface is increasingly externalized, extending beyond known network boundaries to a vast ecosystem of unknown assets from cloud-based resources, connected IPs, SaaS applications, and third-party supply chains. extended to include As a result, most organizations struggle with overwhelming amounts of cyber threat intelligence data, plagued with significant blind spots across their IT environments exposed to attackers. To effectively defend against cyberthreats, security teams must have complete visibility into their unique attack surface and real-time visibility into threat exposure.
Cybersixgill’s attack surface management (ASM) solution, which incorporates Cybersixgill’s native, market-leading cyber threat intelligence (CTI), increases visibility by automating discovery of the invisible. Eliminate blind spots. Use this combined solution to continuously discover, map, scope, and classify unknown network assets that could put your organization at risk, with a full real-time inventory of assets across the deep, dark, and clear web. to monitor. ASM integration refines our market-leading threat intelligence to focus on each organization’s specific attack surface and provide the earliest possible warning of emerging threats targeting your business. With complete visibility into an organization’s threat exposure, security teams can confidently prioritize efforts and resources that are most needed, significantly reducing mean time to repair (MTTR) .
Given the ever-expanding threat landscape of the digital age, being able to identify the top risks facing your organization and focus your efforts accordingly can provide tremendous benefits for resource-constrained security teams.
Download for more information The State of Underground Cybercrime.
To schedule a demo, please visit https://cybersixgill.com/book-a-demo.
Note: This article was professionally written and contributed by Delilah Schwartz, Security Strategist at Cybersixgill.