Trend Micro: Unpacking the shifts in cyberthreats and what you can do about them
By Ryan Noik 24 May 2024 | Categories: feature articlesThe shocking growth of the number of cyberthreats, an increasing usage of deep fakes and a pressing need for robust security measures to handle an expanding threat landscape. These were a few of the engaging, sometimes frightening topics explored by Trend Micro at a recent media briefing.
Gareth Redelinghuys, Country Managing Director, African Cluster at Trend Micro began by noting that there were already hundreds of millions of threats daily and these were growing. "The reason for this is simply due to all the connected devices and touchpoints that connect to servers and large-scale infrastructure, containing data that needs to be protected," he said.
Added to this is the proliferation of cybercrime orginsations, that run as complete an operation as many legitimate companies, with their own HR and finance teams, and even a help desk for victims of ransomware who have paid the ransom and need help getting access to their data.
That is not all adding fuel to the cyberthreat fire. There is the use of AI, also on the rise, and being used by cybercriminals to create phishing attacks that are now nearly indistinguishable from the genuine article.
Gareth Redelinghuys
Ransomware exposed
Yash Pillay, the senior sales engineer at Trend Micro, explained that banks topped the list of industries targeted by ransomware. Alongside this, it is small businesses continue to be the prime target for ransomware groups.
''8Base Ransomware targets small businesses in particular. The group claims to be teaching businesses a lesson about data privacy for employees and customers while also turning a profit,'' he elaborated.
In response to the question whether ransomware was employed by hacktivists, he noted that it ranges, from groups that claim to conduct ransomware for a cause, to highly sophisticated state funded syndicates. As well, cybercriminals appear to be changing their tactics. While ransomware is on the decrease, that doesn’t mean they are giving up on trying to compromise individuals and organizations’ security. Far from it.
“Our latest data shows that threat actors are fine-tuning their operations, shifting away from large-scale attacks, and instead focusing on a smaller range of targets but with higher victim profiles for maximum gain with minimum effort. As they continue to double down on tried and tested techniques, they are also delegating and streamlining operations — resulting in bolder, more effective strikes,” he continued.
And, just because ransomware as a tactic wasn’t as prevalent in 2023 as it was in 2021 - Trend Micro reported that worldwide detections from 2021 to 2023 averaged less than half of the recorded detections in 2020 - this does not mean that organisations no longer need defences against the scourge.
In fact, it reveals an interesting trend in how attackers are changing. Trend Micro explained that historically, ransomware attacks were launched in “bulk,” such as spam campaigns with malicious links. However, attacks that focus on quantity can more easily be blocked, as evidenced by the fact that Trend Micro blocked almost 40 000 ransomware attacks last year.
Now, cybercriminals and ransomware groups are going for quality instead of quantity, prioritising high-value targets where they can reap maximum reward.
Yash Pillay
Boldly going
Furthermore, threat attacks are showing an increased boldness in the attacks that they launch. For example, Clop exploited major vulnerabilities, and BlackCat launched a new variant, while also making its extortion public by leveraging the U.S. Security and Exchange Commission’s four-day disclosure requirement to incentivise its victim to communicate more quickly with them.
This trend towards cybercriminals opting for quality over quantity is equally present in the patterns observed around email threats, noted Emmanuel Tzingakis, Technical lead for Sub Saharan Africa at Trend Micro.
He explained that email threat detections in South Africa decreased from almost 250 million in 2021 to 159 million in 2023, while spam attachments decreased from 77 million in 2018 to 16.8 million in 2023. However, the increase in malware detection count over the same period suggests a shift in the threat landscape that finds attackers making use of more sophisticated ways to avoid detection.
Instead of launching attacks on a wider range of users and relying on victims clicking on malicious links in websites and emails, more sophisticated attacks are launched using specificity to trick a narrower field of high-profile victims. This also allows them to bypass early detection layers like network and email filters.
Emmanuel Tzingakis
Prime targets
As well, email attacks are frequently aimed at CEOs and CFOs, and business email compromise (BEC) are becoming more popular. Stories abound about attackers compromising a C-level executive's email and emailing a co-worker with a story of a desperate situation and ordering a staffer to send them funds.
''Organisations shouldn’t use email to release funds in my opinion. Rather confirming requests for funds should be done using other, verifiable channels," he stressed.
Tzingakis also urged organizations to protect against BECs by educating and training employees and scrutinising all emails more carefully.
As Trend Micro laid out the state of the cybersecurity landscape, it become increasingly clear that in an era of digital everything, too often trust has become a casualty in the cyberwar. Whether we can actually trust what we are seeing, or hearing is valid or whether that is a scam, has become more difficult.
AI to the rescue – or not
This is only exacerbated by AI, which cybercriminals are using to their own ends in a number of ways. For example, they are using AI to mimic people's natural voice to subvert live voice authorisation, while audio and deepfakes are growing in prominence.
Ultimately, this means that just because it might look like and sound like a recognisable person doesn't necessarily mean it is actually them speaking.
One example given was a deepfaked ''interview'' with Elon Musk, offering citizens of South Africa a ‘once in a lifetime investment opportunity’ (yeah, right). On careful examination, you can see that the words of the news anchor and Musk don't quite match up with their facial expressions. Nor are the Taylor Swift videos asking for donations genuine.
The problem with the democratisation of AI is that everyone can use it, and that includes threat actors. The company reported that over the course of 2023, AI showed great promise in social engineering attempts globally: its automation proved most useful in mining datasets for actionable information.
Generative AI is equally as useful to cybercriminals and syndicates, making phishing on mass scale virtually effortless with error-free and convincing messages. The use of generative AI in phishing attempts is already branching beyond emails and texts to include persuasive audio and video ‘deepfakes’ for an even more business-affecting threat.
Expanding on the BECs and deepfaked threats mentioned earlier, we can see a scenario straight out of the Black Mirror series become a reality. Take, for example, a company that requires live voice authorisation for purchases above a million dollars. An attacker could send a real-seeming email request with a rigged phone number embedded and answer the confirmation call with a deepfaked voice to validate the transaction.
These new tactics introduce the possibility of everything from stock market manipulations to democratic or wartime disinformation campaigns, or smear attacks on public figures. Furthermore, the barriers to entry for techniques like these have fallen away radically with the rise of readily available app-style interfaces like HeyGen. Cybercriminals with no coding knowledge or special computing resources can produce customised high-resolution outputs that are humanly undetectable.
So, what exactly can individuals and organisations do to strengthen their cybersecurity? The Trend Micro team offered a few suggestions:
1. Enable multifactor authentication
2. Backup your data - create three copies of your data, store it in two different formats and store one copy offline
3. Keep systems up to date, ensure you are patched. Patching is a big problem in the enterprise space
4. Verify emails before opening them - always check that it is coming from who they say it is
5. Follow established security frameworks
“Our research shows that these increasingly sophisticated attacks are going to become more and more difficult for businesses to detect and that they will be increasingly costly when they succeed. IT leaders must refine their processes and protocols to enable their defences to combat persistence with efficiency,” concluded Zaheer Ebrahim, Solutions Architect, Middle East and Africa at Trend Micro.
Most Read Articles
Have Your Say
What new tech or developments are you most anticipating this year?