Like teenagers with your front porch pumpkins, cybercriminals are smashing new records in scarily advanced ransomware campaigns, according to two recent research reports by Deep Instinct and Hornetsecurity. The data reveals that cybercrime is increasing in both sophistication and impact as cybercriminals take advantage of ransomware-as-a-service (RaaS) and large language model AI (LLMs).
One in five respondents said their company suffered an attack in 2023, according to Hornetsecurity’s annual ransomware survey. Yet only 54% claimed company leadership is “actively involved in conversations and decision-making” around attack prevention.
The stakes are high, and the consequences of inaction are disastrous. Use these compelling trends around RaaS and LLMs to open conversations with your clients about what’s going on in cybersecurity — it just might scare them into spending more on their cybersecurity defenses before a cyber-attack turns them into a ghost of their industry.
Ransomware-As-A-Service (RaaS) Unleashes Chaos This Year
Deep Instinct’s Bi-Annual Cyber Threat Report offers a spine-chilling revelation: During the first half of 2023 alone, there were a staggering 2,987 ransomware campaigns. This surpasses the entirety of 2022, which saw 2,835.
The rise of RaaS serves as a dark catalyst, allowing cybercriminals with limited experience or resources to obtain prefabricated ransomware tools from RaaS actors. These attacks impact many victims simultaneously, as demonstrated by the MOVEit vulnerability breach in May, affecting 62 million people.
The proliferation of RaaS only indicates that the threat is set to grow even more ominous.
Cybercriminals Use Large Language Models (LLMs) To Proliferate Attacks
The first half of 2023 also saw a significant increase in the use of powerful LLMs. Cybercriminals took advantage of ChatGPT and other generative AI tools by using numerous jailbreaking guides in underground forums to design their own LLMs like WormGPT, already used to expertly impersonate businesses in business email compromise (BEC) attacks, Deep Instinct reports.
ChatGPT isn’t even a year old yet, and it’s changing the face of cyber-attacks as we know them.
“This year feels different, like the start of a new era, as artificial intelligence quickly infiltrates the workforce,” said Mark Vaitzman, Threat Lab Team Leader at Deep Instinct, in a press release. “This report showcases how cybercriminals are adapting to these shifts and becoming more sophisticated in their approach. Prevention against these cyber-attacks is possible, but it requires a change from the reactive, ‘assume breach’ mentality that has plagued the industry for far too long.”
In turn, businesses must be more advanced and complex in prevention strategies.
Protection And Prevention Is A Multilayered Approach
As businesses grapple with this ominous landscape, they must recognize that protection and prevention require a multifaceted approach because attacks come from every direction.
The primary targets of ransomware attacks in Hornetsecurity’s report were server infrastructure and network storage (44.8%), followed by multiple endpoints (34.5%) and single endpoints (31%).
Data also showed that email and phishing attacks were the most common (51.7%), followed by compromised endpoints (20.7%) and social engineering and unknown (13.8%). Thanks to the sophistication of technology like RaaS and LLMs, these attacks are challenging to spot, especially if companies fail to have effective cybersecurity training and protection.
Reassuringly, Hornetsecurity reports a 4.2% decrease in companies falling prey to ransomware attacks in 2023 compared to the previous year, a testament to better vigilance across the board. However, many businesses are still missing critical components of their cybersecurity infrastructure.
Indeed, 12.2% of respondents said their company does not have a disaster recovery plan in place, and 19% do not provide any cybersecurity awareness training.
Deep Instinct and Hornetsecurity reports echo the same conclusion: Prevention is the linchpin of defense against ransomware attacks. This demands a multifaceted strategy incorporating advanced technology solutions, educational initiatives and a proactive mindset.
Talk To Your Clients Before They Become Ghosts
The eerie landscape of cyberthreats continues to cast its shadow over organizations in 2023. Engage your clients in conversations, making them aware of these reports’ urgent warnings and recommendations. Don’t let your client get caught off guard because, in the world of cybersecurity, it is better to be the ghostbuster than the ghost.
