With new cyber threats constantly emerging and old ones evolving, the cyber threat landscape is constantly changing. A large number of them have recently been launched on critical infrastructures, impacting several sectors such as transport or health.
Furthermore, according to the reports and analyzes of criminal activities carried out by numerous experts and researchers, it is also to be expected that cybercriminals, hacktivists and state actors will continue to hone their skills and deploy even more techniques. progress in order to be able to prosper more. AIs like ChatGPT are among the next tools for cybercriminals.
Cybersecurity professionals will face new threats and cyberattacks all the time. Does this have a limit, and what are these new threats?
Hybrid threat tactics
Today, the boundaries that once separated different types of malicious actors have blurred, dramatically changing the cyber threat landscape and its actors. In parallel, domestic malicious actors have used cybercriminal tactics – such as ransomware attacks – to disrupt critical environments. It is becoming increasingly difficult to categorize criminal groups based on their tactics and motives or motivations.
While malicious actors use a technique consisting in storing the collected data while waiting to proceed to its quantum decryption later (“store now, decrypt later” or “SNDL”), governments are taking measures to defend themselves against this future threat in to prepare and protect critical business infrastructure. Also, at the same time, more organizations are now focusing on protecting their data, to reduce future risks of quantum decryption.
New target: exploiting vulnerabilities in medical devices
Many medical devices are susceptible to cyberattacks because the legacy systems they use are no longer manufactured and/or their software is no longer supported. Malicious actors now use scanners and other types of tools to identify and exploit vulnerabilities in these devices, and thus apply manipulation tactics and even launch cyberattacks. Additionally, these malicious actors can also gain access to medical systems tasked with aggregating device data for broader analysis and monitoring. Such manipulation could then lead to malfunctions, misreadings, or even overdoses in the automatic drug release.
Cyber insurance inflection point
In an overall cybersecurity strategy, cyberinsurance is one of the most essential elements. It is legitimate for companies to protect themselves against ransomware. However, cybercriminals are now reconnoitring insurance policies and tailoring their ransom demands to match the amount of a cyberinsurance payment. This could lead to a significant increase in premiums, or even a depletion of cyberinsurance resources, which would further complicate the filing of serious claims and the payment of indemnities. Also, it is necessary to keep in mind that cyber insurance is not a magic bullet against cyber attacks – it might even motivate some cyber criminals to act. Therefore, companies should build their first line of defense by focusing more on prevention, protection and remediation, and making the necessary investments.
Malicious chatbots with AI
The now famous ChatGPT is a variant of the Generative Pre-trained Transformer (GPT) language model, specifically designed to generate human-like text from a given query. Although ChatGPT can be used in a variety of situations and projects – such as generating chatbot responses or creating social media content – it can also be used in social engineering and phishing attacks. For example, a hacker might well use ChatGPT to generate a phishing email that appears to be from a legitimate company or individual, complete with personalized greetings and specific recipient details. As these systems become more sophisticated, malicious actors may use them to write malicious code or exploit device vulnerabilities. This could then reduce the time needed to develop targeted threat campaigns and thus increase the frequency of cyberattacks.
Sharpen your cybersecurity skills
As the cyber threat landscape evolves, organizations will need to turn to highly trained cybersecurity professionals and employ even more advanced cybersecurity solutions to defend against a wide range of attacks that are tending to grow in complexity. Thus, cybersecurity professionals must be able to adapt quickly to the emergence of new threats and find new ways to defend critical business environments. It is obvious that this technological one-upmanship by cybercriminals is not about to stop. Cybersecurity professionals must do everything to stay in the game.