Burgeoning cybercriminals wanting to make their debut attack will be happy to hear that, according to Cybersixgill’s assessment, the barriers to entry on the underground are fast dissolving. A key focus of our latest research report, The State of the Cybercrime Underground, is how technological advancements, as-a-service offerings, emerging attack vectors, and other tools are making it easier for less sophisticated threat actors to launch attacks and successfully exploit businesses and individuals for their profit.
For example, across the cybercriminal underground, malicious actors have engaged in discussions about the best ways to evade ChatGPT’s protective controls to “abuse” the tool’s capabilities for malicious purposes. From ‘get-rich-quick’ scams to spearphishing scripts and the generation of malware code, threat actors on the deep and dark web are actively embracing AI as a force multiplier for cybercrime.
As discussed in our report, other developments are also contributing to lower barriers to entry for cybercriminals. We are seeing rapid growth in the emergence of Ransomware as a Service (RaaS), which enables lesser-skilled threat actors to outsource expertise, licensing off-the-shelf ransomware infrastructure from highly-sophisticated hackers to launch successful attacks as part of an extended cybercriminal supply chain. RaaS makes profitable business extortion more easily accessible to a larger pool of cybercriminals, allowing ransomware groups to scale their operations - putting companies at greater risk of an attack.
Another factor is the continued rise of Initial Access Broker (IAB) marketplaces, where bad actors can purchase their first foothold into targeted systems through compromised endpoints, corporate logins, web shells, CPanels, or various remote protocols such as RDP and FTP. IABs provide threat actors with a beachhead from which they can deploy ransomware, siphon system resources, harvest confidential information, and assume control of logged-in financial accounts relatively easily.
Unfortunately, as cybercrime becomes more accessible to a wider pool of malicious actors, additional factors create challenges for cyber defenders to keep up.
Protecting your assets is more complex than ever before.
The rise in remote workers, combined with companies’ migration to the cloud and the proliferation of enterprise SaaS software, has culminated in a rapid expansion of organizations’ digital assets – many of which are externally facing or unmanaged by IT (and, in some cases, both). In addition, security teams are overwhelmed by continuous threat intelligence feeds that produce vast volumes of data but lack the necessary business context, making it difficult to ascertain what threats are actually relevant to their organization. In essence, every connected asset gives cybercriminals an opportunity for attack, and without complete visibility into their attack surface and threat exposure, businesses are at greater risk.
Proper defense requires Attack Surface Management + Cyber Threat Intelligence.
Security teams need complete visibility into the company’s assets and insight into their threat exposure to effectively protect the organization in this rapidly evolving threat landscape. In addition, cyber defenders must embrace automation to meet the pace of cybercriminals. Manual processes and outdated technologies simply can’t keep up. Proactive attack surface management strategies informed by real-time cyber threat intelligence from the deep, dark, and clear web are critical to defending against increasingly sophisticated attacks.
Security teams should look to Attack Surface Management (ASM) to provide the necessary visibility and focus. ASM combines the attacker’s view – looking from the outside in to find exploitable weaknesses and at-risk assets – and the internal defender’s view – looking at the importance of assets – to reveal an organization’s vulnerabilities and risk exposure. When combined with cyber threat intelligence (CTI), ASM uses the organization's unique context as a filter, refining threat intelligence data to deliver meaningful insights. By looking at CTI through an attack surface lens, security teams gain the context needed to focus their time and efforts on the most relevant threats to their unique environment.
Cybersixgill’s new ASM module, announced at this year’s RSA conference, enables the continuous discovery of unknown assets and systems to eliminate threat exposure blindspots and deliver complete visibility into an organization’s attack surface. ASM is embedded with our market-leading CTI. The combined solution continuously maps, scopes, and classifies all assets that could expose your organization to risk, monitoring your complete asset inventory in real-time across the deep, dark and clear web. We deliver the earliest possible warning of emerging threats targeting your business - allowing security teams to confidently prioritize their focus where it is needed most, according to threat urgency, impact severity, and business criticality.
More information about our new ASM module can be found here.
You can also read the complete State of the Cybercrime Underground by downloading the report here.