Cybercriminals like secret services, insufficient resources for specialists and cryptocurrency exchanges as targets of attacks - cybersec 2024 trends

The number of cyberattacks increased by an average of 25 percent year-on-year, according to data prepared by ComCERT from the Asseco Group. Despite the fact that criminal groups are increasingly better organized, with improved tools and larger budgets, individual cybercriminals were responsible for as much as 75 percent of security breaches. In 2023, the most common threats were phishing, ransomware and DDoS. There was also an increase in attacks on supply chains and critical infrastructure. Organizations in the public sector, healthcare, finance, as well as technology companies were frequent targets of cybercriminals. Configuration errors and software vulnerabilities were a significant vector of attacks.

ComCERT experts from the Asseco Group point out that the number of known vulnerabilities (Common Vulnerabilities and Exposures - CVEs) has been growing year-on-year. According to data from the Statista platform, there were 22,514 CVEs in 2021 compared to 20,171 in the previous year. This translates into an increasing number of attacks, as cybercriminals exploit vulnerabilities to break through security and gain access to users' resources. Not insignificant is also increasing digitization, which involves more and more people and processes. This includes a citizen, a market and a state administration. Given the magnitude of this phenomenon, it is reasonable to assume that there will always be an unwary user or a poorly secured device which will make a successful attack possible. Cybercriminals and bots they have created are relentless in their efforts to find "weak points" (backdoor) that can be exploited.

The most important trends in the area of cybersecurity according to experts from ComCERT, from the Asseco Group:

1. Professionalization of criminal groups - Although most attacks are carried out by individual cybercriminals, organized groups will grow in strength. According to Krzysztof Dyki, President of ComCERT from the Asseco Group, they will become even more professional, and the ways they operate will make them similar to special forces. This is evidenced, among other things, by the fact that in order to avoid detection by law enforcement agencies, criminal groups are creating their own proprietary communication systems and other specialized and advanced tools. Since they are not widely available, unlike applications such as Signal or Telegram, they are difficult to surveil. In addition, the ComCERT President points to the consolidation of cybercrime groups. This involves the absorption of weaker organizations by stronger and more elaborate ones, which tempt with their prestige and the vision of greater profits from illegal activities.

2. Supply chain attacks - Because large organizations have budgets, resources and knowledge to better defend themselves against attacks, cybercriminals are increasingly taking aim at smaller, less secure entities such as service providers. The goal of these attacks is infiltration, which allows them to take control of technological processes implemented for the benefit of the end customer, who is the actual victim. According to the President of ComCERT of the Asseco Group, this is a particularly dangerous type of threat, as organizations often don't even realize that, for example, the software they offer to their customers has been infected at some stage of production. This happens by inserting a virus, or a remote communication module, into any of the components provided by a previously trusted partner.

3. Cybercriminal R&D - In the past, cybercriminals, like technology companies, used to develop software using largely open source solutions. Today, they are increasingly more often writing their own transmission protocols, encryption and compression algorithms, which are more efficient than those available on the market and harder for antivirus software to analyze. As Krzysztof Dyki points out, decoding proprietary protocols developed by cybercrime groups is difficult and time-consuming. The largest of them allocate resources for research and development similar to those of professional IT companies.

4. Cryptocurrency exchanges a target for attacks - As the ComCERT expert from the Asseco Group notes, it is increasingly unprofitable for cybercriminals to take on classic financial institutions such as banks as it often takes a long time from the moment of the attack until the funds are obtained. This is due, among other things, to the fact that many processes in banks are still analog. It is much easier and faster to get rich by attacking cryptocurrency exchanges, which rely entirely on digital processes. An example is the attack on the Ronin Network platform in 2022, which resulted in USD 620 million being stolen.

5. Widening gap between salaries of cybersecurity specialists and cybercriminals - According to data published by The Register, a monthly salary of a hacker developer is USD 20,000 net. According to Krzysztof Dyki, this is an amount that a specialist cannot be guaranteed by a legitimate company. The ComCERT expert from the Asseco Group points out that the salaries of cybersecurity specialists have been increasing year-on-year, while the amounts that can be obtained through illegal activities are much higher. However, money is not the only motivator for cybercriminals. These individuals also have certain personality predispositions. Cybercriminals often reject the norms operating in society, are characterized by anti-systemic attitude, and resentment towards corporations and state institutions. Only the effective identification of these individuals at an early stage of their activities, the creation of appropriate conditions for their development and honest work will allow them to be properly guided, so that they contribute to increasing the security of the digital world, rather than destabilizing it.