Cybercrime: it will get worse before it gets better

Online crime has been increasing by orders of magnitude for years now. Modern automation capabilities increasingly used by threat actors will hinder attempts to reverse the trend soon, says ESETs Chief Technology Officer Juraj Malcho.

With cyber-attacks increasingly automated, it's not impossible to see skyrocketing costs the world economy takes in due to online crime. Current estimates put the cost of cybercrime at $1 trillion, and that's likely just the beginning.

"I can say that the situation will definitely get worse before it starts getting better," ESETs CTO, Juraj Malcho said during the ESET World 2021 conference on Tuesday.

Extrapolating from a forecast that the volume of malicious samples online will likely grow tenfold in the next five years, he said that online criminals would cost the world up to 10% of global GDP if cybercrime grows at the same pace.

There is no limitation to the extent how bad actors are already using cloud computing and AI, and how they can use it even more in the future,

Juraj Malcho.

To make matters worse, as businesses are rapidly adopting cloud technologies, threat actors are doing so too. Criminals are going 'cloud native' while at the same time using automation capabilities allowed by advances in artificial intelligence hinders attempts to curb cybercrime.

"There is no limitation to the extent how bad actors are already using cloud computing and AI, and how they can use it even more in the future. And if you think of all the DDoS attacks, phishing attacks, stuff that can be automated and improved by these technologies, you get the picture," CTO said.

Quantity over quality

The new technologies do not necessarily improve the structure of the attacks, but rather allow one criminal to carry out far more attacks than ever before. Malcho claims that ESET data shows that only 0.005% of all attacks are considered advanced persistent threat (APT) attacks that usually require advanced technological capabilities beyond the scope of everyday cyber-thug.

The vast majority of attacks are neither advanced nor complicated or most costly. However, the scale of relatively rudimentary attacks does cumulative damage far greater than any single large attack. Threat actors are fully aware that the coronavirus pandemic forced millions of people online and made the world even more digitally interconnected than it ever was.

"That is something that we need to address if we want to keep up with the bad guys because whenever there's a new trend, there's a new idea. They seize the opportunity very quickly because, on the one hand, they're lazy. On the other hand, they like to try new things," ESETs Chief technology officer said.

Accessibility of tools that criminals use to attack people and companies is best illustrated by the fact that cybercrime reached news headlines almost every day in the last few months. In contrast, a decade ago, online crime was mainly reserved for people within the information security community.

Cybersecurity issues are something the White House addresses since attacks penetrate food and fuel supply, critical necessities for a country to function.

Follow the money

According to Malcho, threat actors have noticed that there are more targets online with a volume of remote desktop protocol (RDP) attacks increasing by almost 800%. Since money flows are increasingly transferring online, it's only natural that robbers follow the trail.

It's no longer hooded hackers that carry out cyberattacks – cybercriminals increasingly use AI-powered tools they did not make themselves. Since the darknet is full of people supplying Ransomware-as-a-service (Raas) technology, criminals only need to know how to use it.

I can say that the situation will definitely get worse before it starts getting better,

Juraj Malcho.

There are professional, business-oriented criminals exploiting the same tools on a completely different end of the spectrum. According to Malcho, these people are law-abiding citizens, some even in the military. States they live in, however, require carrying out financially motivated cyber-attacks.

"And here I question whether this is the progress that we wanted to see, is this where humankind was heading to when talking about all of the advancement of technology and computing and everyone connected. Hopefully not," Malcho said during the conference.

Unsurprisingly, the only feasible way to combat threat actors who employ tech to commit a crime is to use better technology to strike back or, even better – to prevent the damage from happening in the first place.

Full throttle

The last several months were particularly intense for anyone monitoring cyberspace. From the infamous Solarwinds hack, through hacking of Ireland's health system, ransomware attacks against Colonial Pipeline, and meatpacker JBS, the criminals have been keeping themselves busy.

Even though recent attacks sparked interest by the White House, US politicians aren't immune to attacks themselves. For example, unidentified hackers carried out a ransomware attack against an email vendor providing services for the US House.

Research by CyberNews shows that increased activity encourages criminal groups to expand, actively recruiting new 'employees.' Our researcher even tricked ransomware operators into revealing the payout structure, cash-out schemes, and target acquisition strategies.

Ransomware groups advertise online, claiming the successful candidate would get up to 80% of any successfully paid ransom. Criminals could even prove they have $1 million worth of bitcoin in one of their digital wallets.

More from CyberNews:

RockYou2021: largest password compilation of all time leaked online with 8.4 billion entries

Email vendor for the U.S. House hit by a ransomware attack

Banning crypto to stop cybercrime: would it really help?

The US is going “hunt-forward” for cyber adversaries – what does it mean for you?

Back-to-office security: what you need to know

Subscribe to our newsletter

Leave a Reply

Your email address will not be published. Required fields are markedmarked