As we reflect on 2022, we've seen that malicious actors are constantly coming up with new ways to weaponize technologies at scale to cause more disruption and devastation. The dangers are showing up everywhere - and more frequently. The volume and variety of threats, including Ransomware-as-a-Service and novel attacks on previously less conventional targets, are of particular concern to CIOs and CISOs. Increasingly, cybercrime is big business run by highly organized groups rather than individuals. Much like the mythological hydra, cutting off the head of one of these organizations isn't going to solve the problem; the key is to disrupt the networks themselves. That's a tall order - one that's going to require widespread collaboration. We anticipated that in 2022 there would be an increase in pre-attack reconnaissance and weaponization among attackers. This would open the door for the growth of Crime-as-a-Service to accelerate even faster. That prediction of cybercrime proved to be accurate. The FortiGuard Labs team documented 10,666 new ransomware variations in the first half 2022 compared to just 5,400 in the second half of 2021. That's an almost 100% increase in the number of new ransomware variants found. The rise in popularity of RaaS on the dark web is the main cause of this sudden increase of new ransomware strains. RaaS is mostly to blame for the explosive growth in ransomware variants, and ransomware payments are also rising. U.S. financial institutions spent close to $1.2 billion on likely ransomware payments in 2021, according to the Financial Crimes Enforcement Network of the U.S. Treasury. That was more than double the prior year, and if that trend continues, results from 2022 will be even higher. We're also predicting that threat actors will soon have access to more readymade, "As a service" products. This means even more cybercriminals of all levels will be able to launch more complex attacks without first devoting time and money to creating their own strategy. Producing and offering "AaS" attack portfolios is a straightforward, efficient, and repeatable way for seasoned hackers to make money, meaning the business model pays. Prepare yourself for an enhanced CaaS catalog to appear in 2023 and beyond as a result. It can't be emphasized enough: the key to disrupting cybercrime networks is collaboration across the private and public sector. One illustration is what the World Economic Forum's Partnership Against Cybercrime is doing. In response to the pandemic's unparalleled and exponential development in cybercriminal activity, PAC has concentrated on fusing the digital know-how and data of the business sector with the threat information of the government sector to help disrupt cybercrime ecosystems. It will be simpler to overcome the restrictions that protect hackers if a worldwide strategy and coordinated effort are used to remove communication barriers. It is everyone's duty to disrupt bad actors and destroy the attack infrastructure, and this calls for solid, reliable partnerships with other organizations. Cybercriminals run their operations like businesses; therefore, the more we can make them rebuild, change their strategies, and start over, the better off digital assets will be. Not only do we want to stop attacks from happening, but we also want to take down cybercriminals and make them modify how they operate, which costs them effort, time and resources. Sharing actionable threat intelligence among organizations and influencing how cyberthreat mitigation will be done in the future are crucial. An example of how this kind of collaboration can be used to disrupt cybercrime networks is the recent African Cyber Surge Operation. The collaboration between INTERPOL, FortiGuard Labs and other INTERPOL private partners resulted in the successful Cyber Surge operation and the dissemination of intel to several law enforcement organizations in the Africa region. Partners such as FortiGuard Labs offered actionable threat intelligence based on infrastructure research of malware, botnets and command and control, including C2 and malware victims across Africa. The Africa Cyber Surge Operation, which began in July 2022, has brought together law enforcement officers from 27 nations. They collaborated for almost four months on actionable intelligence provided by INTERPOL private partners. Through a coordinated effort between INTERPOL, AFRIPOL and the participating nations, this operation targeted both cybercriminals and compromised network infrastructure in Africa. Member nations were able to identify more than 1,000 malicious IP addresses, dark web marketplaces and specific attackers. The Africa Cyber Surge Operation is a great example of how joint operations and sharing threat intelligence on threat actors among reliable partners can increase an entire region's cyber resilience. It also demonstrates the need of cybersecurity education and training in bridging the cyberskills gap and effectively combating cybercrime on a large scale. No one combatting cybercrime knows everything, but everyone in the battle has some intelligence to contribute to the larger knowledge base. Just as cybercrime networks are getting stronger and larger, so too must collaborative strategies between private companies and law enforcement agencies. Disrupting cybercrime networks is going to take collaboration on a large scale.
This Cyber News was published on www.securityweek.com. Publication date: Wed, 01 Feb 2023 15:33:02 +0000