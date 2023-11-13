In an age dominated by technology, cyber security has become a crucial battlefield. According to the Enterprise Strategy Group, it takes companies an average of 21 days to detect a cyber attack, with an average cost of $9.4 million per attack. However, other studies, such as those by IBM and Forrester, show smaller, but equally worrying figures. This reflects an increase in both the volume and complexity of cyber criminal campaigns. Recent attacks on large companies such as Endesa and the PSOE are a prime example. The situation has evolved dramatically over the last fifteen years. According to Derek Manky, vice president of Global Threat Intelligence at Fortinet, cyber criminal organizations have made their operations much more complex and refined, expanding them into activities such as money laundering. This and more was explained during the Convergence 2023 event in Monaco, where cybersecurity professionals discussed the global cybersecurity landscape.

Advanced persistent attacks (APTs) increased by 30% in the first half of 2023, and is expected to increase further in 2024. These groups are diversifying their objectives, targeting crucial sectors such as energy, health and industry. At the same time, ransomware is becoming increasingly destructive and selective. Instead of targeting data, attackers are now targeting services, with the aim of causing greater social impact. Fortinet revealed how the threat landscape has evolved over the past 12 months and will continue to evolve through 2024. As criminal groups increase in organizational complexity, some have partnered with nation states to plan and execute attacks, increasing the threat to critical infrastructures such as the healthcare and energy sectors.

Antoine D’Haussy, head of OT security practices for the EMEA region at Fortinet, expressed concern about the synergy between IT (Information Technology) and OT (Operational Technology, i.e. the use of hardware and software to monitor and control physical processes, devices and infrastructures): the security of this integrated system, he explains, could be compromised even if just a single piece of data were altered. He highlighted the challenge this represents, considering that many industrial control systems and equipment were not originally designed to operate over an extended Ethernet network.

D’Haussy also highlighted the need for a deeper understanding of the OT landscape and the shortage of professionals with knowledge in both IT and OT sectors. Filippo Cassini, Global Technical Officer of Fortinet, speaking on the same topic, highlighted how the attack area is expanding and that it is not possible to respond simply by increasing the number of firewalls. He explained that, for this reason, Fortinet is adopting a “zero trust” strategy, an approach in which the permissions assigned to each user are reduced and carefully monitored, as are their usual usage patterns.

Manky said that fifteen years ago there were no criminal companies specializing in the cyber field and those that did exist had neither funding nor the capacity to grow. Now, as a result of all these years of seeing how to make money through extortion, ransomware, and compromising email accounts, there are large corporations bent on evil. They have also become sophisticated, joining other activities such as money laundering and other crimes, while also creating a middle layer that earns commissions: the phenomenon of Ransomware as a Service (RaaS) is seeing an increase in use, with cyber criminals they compete for targets, sometimes attacking the same organization with multiple ransomware within a few days. This is due to the sale of online access by RaaS brokers.

During 2023, Fortinet leaders explained during the two-day keynote in the Principality, it emerged with increasing frequency how cybercriminals were using artificial intelligence to evade detection systems and to create messages used in phishing campaigns. It is a trend that will express itself with various threats to cybersecurity in 2024, in increasingly complex ways. For example, criminals could use deep-fake technologies to generate audio snippets featuring the voice of a company’s CEO asking an employee to make a payment transfer via an email the attackers just sent. Fortinet is working with MITER Engenuity, Center for Threat-Informed Defense, and various security vendors on the Attack Flow project. The goal of this project is to outline the processes used by cybercriminals, establishing a set of frameworks of tactics, techniques and procedures, to offer a clear view of the vulnerabilities and pain points in the techniques used by threat actors.