The prevalence of hacktivism and cybercrime has dramatically increased in recent years, driven by the growing sophistication of cybercriminal tactics. This surge is evident in the rising number of cyberattacks targeting cloud services, Internet of Things (IoT) devices, and critical infrastructure. Experts predict that cybercrime will cost the US $10.5 trillion annually by 2025.

What Are Some Attack Methods Cybercriminals Use?

Ransomware

Ransomware is the most prevalent cyberattack, with 73% of small to medium-sized businesses (SMBs) and enterprises reporting experiencing such attacks in the past year. But, ransomware has long been a leading cyberthreat. During his RSAC™ 2024 Conference Keynote, Mikko Hypponen, CRO at WithSecure, reviewed the evolution of ransomware over the past decade.

Hypponen explained that in 2012-2013, ransomware primarily targeted individual users through their home computers. Cybercriminals would infect these computers, encrypt files, and demand ransom payments. But a significant vulnerability for these criminals was the payment method. Initially, victims were directed to pay via credit card or prepaid cards, which made tracing and apprehending the criminals relatively easy for law enforcement.

The adoption of cryptocurrency as a payment method marked a major shift in the ransomware landscape, according to Hypponen. Cryptocurrency allowed criminals to obscure the movement of funds, effectively eliminating the previous payment traceability issue. This development fueled a significant surge in ransomware attacks and then they began targeting larger organizations to demand higher payments.

As Hypponen also noted, some ransomware groups seek notoriety. They establish brands with names, logos, and websites to cultivate a reputation. This branding serves to establish credibility. When an organization is targeted by a well-known ransomware group, they are more likely to perceive the attackers as sophisticated, competent, and,  'trustworthy'--meaning that victims believe that they will return the stolen data upon payment of the ransom. As cybercriminals have had to overcome obstacles and enhance their effectiveness, organizations have also had to adapt defenses.

Application Programming Interface (APIs)

APIs have become crucial to the modern digital supply chain, but this reliance also makes them attractive targets for cybercriminals. APIs are ubiquitous and their use is only increasing. During his RSAC™ 2024 Conference presentation, Rupesh Chokshi, SCP & GM Application Security at Akamai, reported that 23% of web attacks in 2023 targeted APIs.

Chokshi explained that attackers have thoroughly analyzed this threat landscape and developed effective hacking techniques. He identified the three most common tactics used in API attacks:

• HTTP (43.8%): Cybercriminals exploit HTTP by manipulating headers to bypass security controls, perform cross-site scripting attacks, and poison the cache.
• Active Sessions (25%): Criminals intercept or steal user session IDs after authentication, allowing them to gain unauthorized access and control of the victim's session.
• SQLi (14.1%): Hackers inject arbitrary code into SQL queries, enabling them to modify data, access sensitive information, and gain control of organizational databases.

To mitigate API risks, Chokshi emphasized that organizations need to proactively discover vulnerabilities, maintain comprehensive visibility into their systems (a common weakness), and have robust remediation plans. A well-defined incident response plan is critical for both preventing and recovering from cyberattacks.

Advanced Persistent Threats in MacOS Security

Although Apple implements strong security defenses against cybercriminals, these criminals are resilient and constantly find ways to bypass them.

Kseniia Yamburh, Malware Research Engineer at Moonlock Lab (MacPaw), discussed how cybercriminals attack macOS in her RSAC™ 2024 Conference webcast. Yamburh reported a 162.5% increase in the number of new macOS malware families from 2021 to 2023.

Below are two examples of malware families Yamburh used to illustrate how these malware families bypass a user’s Mac:

• APT28 (Fancy Bear): This group uses phishing emails with malware attachments as their initial access method. They then employ encrypted communication as a defense evasion technique.
• APT29 (Cozy Bear): This group uses spear phishing with malicious websites that hide files in folders and leverage legitimate cloud services to appear official.

Most APT families, according to Yamburh, focus on government entities, aerospace, healthcare, and media sectors, highlighting their geopolitical motives and pointing to espionage activities. However, APT groups like Lazarus focus on individuals. Which is why vigilance and proactive security measures are crucial for all macOS users, regardless of perceived risk, as even seemingly secure systems can be targeted by sophisticated threat actors.

What do New Attacks Techniques Look Like?

During their RSAC™ 2024 Conference Keynote, the SANS Insititute panel discuss new dangerous attacks. Let’s take a look at a few of them:

1. Exploitation of Technical Debt

Johannes Ullrich, Dean of Research at SANS Technology Institute, discussed how technical debt affects enterprises and their security posture. Technical debt results from outdated code and neglected updates, increasing the risk of exploitation by attackers. 

Technical debt creates vulnerabilities because code maintenance costs increase, making future security reviews prohibitively expensive and harder for organizations to accurately update, patch, and document their systems, further increasing their vulnerability to cyberattacks. Ullrich recommends that organizations use AI to accelerate code maintenance, improve retention and documentation, and transcribe old code, thereby strengthening their security posture.

2. Deepfakes and Identity Verification

“Attacks like business email compromises have demonstrated the vulnerability of digital identity,” Ullrich stated. In the age of AI, organizations face a significant challenge in accurately identifying individuals, given the advanced capabilities of tools such as deepfakes, phishing, and smishing. These AI-powered tools have significantly altered the threat landscape, enabling cybercriminals to deploy sophisticated attacks at a fraction of the cost compared to previous years.

Without robust identity verification in the AI era, organizations are highly susceptible to cybercriminals bypassing initial login procedures and gaining unauthorized access to sensitive data and information.

Ullrich recommends investing in strong identity verification measures, emphasizing that initial access control is paramount. He also advises organizations to enhance their understanding of their customers, enabling them to leverage AI to identify and flag unusual user behavior, thereby mitigating risk.

3. AI/LLMs Hyper-Accelerate Exploitation

Stephen Sims, Offensive Operations Curriculum Lead and Fellow at SANS Institute, discussed how AI and automation are significantly increasing the capabilities of offensive cyber operations. Sims stated that tools like Shell GPT integrate AI elements into command-line interfaces such as PowerShell, enabling attackers to automate their coding tasks.

The rapid pace at which AI allows cybercriminals to discover vulnerabilities gives an advantage in exploiting them before organizations can address them. Sims recommended that organizations leverage automation and intelligence on the defensive side, using them to analyze threat intelligence and enhance their security posture.

Staying Ahead of the Curve

Users and organizations need to stay updated on the latest attacks, tactics, and techniques employed by cybercriminals to remain informed and improve their defenses.

To learn more about hacktivism and cybercrime, we invite you to visit our library and to tune in to our upcoming webcast, From Hack to Sale: The Journey of Stolen Data.