The global risk of cyberattacks on businesses and the emergence of dark web ‘cyber mercenaries’ who target executives is spiralling out of control, with a deficit of at least three million cyber security professionals that are needed worldwide to deal with the growing crisis threatening infrastructure and supply chains.
This is according to the World Economic Forum’s latest Global Risk Report 2022 that was released yesterday.
The WEF research report indicated that there had been a startling 358% increase in malware and a 435% spike in ransomware in 2020 – and that a total of more than US$406 million worth of cryptocurrency had been paid out to ransomware addresses in 2020.
This was a fourfold increase in funds paid out to ransomers compared to 2019.
It also noted that 95% of cyber security issues could be traced to human error and that insider threats (intentional or accidental) represented 43% of all security breaches.
There was a need for a further three million cyber professionals to combat the growing cybercrime threat that was now also opening up to common criminals, the WEF report warned.
“Ransomware as a service” allowed even non-technical criminals to execute attacks, a trend that might intensify with the advent of artificial intelligence-powered malware, it stated.
“Profit-seeking groups of cyber mercenaries stand ready to provide access to sophisticated cyber-intrusion tools to facilitate such attacks.
“Furthermore, cryptocurrencies have also allowed cybercriminals to collect payments with an only modest risk of detection or monetary clawback.
“Attacks themselves are also becoming more aggressive and widespread.
“Cyberthreat actors using ransomware are leveraging tougher pressure tactics, as well as going after more vulnerable targets, impacting public utilities, healthcare systems and data-rich companies,” the report found.
For example, before it disbanded, DarkSide – the group accused of being responsible for the Colonial Pipeline attack – offered a suite of services (“triple” or “quadruple” extortion) to clients beyond simply encrypting files.
These services included data leaks and distributed denial-of-service (DDoS) attacks.
Hacker groups also contact victims’ clients or partners to get them to urge the victims to pay ransoms.
Among the services offered is the collection of top executive information for blackmail.
“Sophisticated cyber tools are also allowing cyberthreat actors to attack targets of choice more efficiently, rather than settling for targets of opportunity, highlighting the potential to carry out more goal-oriented attacks that could lead to even higher financial, societal and reputational damage in the future. Increasingly sophisticated use of spyware technologies, for example, has allowed for targeted attacks against journalists and civil rights activists across geographies,” the report found.
The ability to tailor attacks includes timing them for when cybersecurity teams and leadership could be distracted by other priorities, such as during peak Covid-19 outbreaks or a natural disaster.
Cyberthreat criminals are also accessing higher-quality and more sensitive information from victims, while “deepfake technology” is allowing cyberthreat actors to improve social engineering ploys, proliferate disinformation, and wreak societal havoc.
In one case cited in the report, cybercriminals cloned the voice of a company director to authorise the transfer of US$35 million to fraudulent accounts.
Global Risks Perception Survey (GRPS) respondents reflected these trends, ranking “cybersecurity failure” among the top-10 risks that had worsened most since the start of the Covid-19 crisis.
“Moreover, 85% of the Cybersecurity Leadership Community of the WEF have stressed that ransomware is becoming a dangerously growing threat and presents a major concern for public safety,” the report noted.
It added that as business’s reliance on digital technologies grew and Internet 3.0 became a reality, global efforts aimed at building norms and defining rules of behaviour for stakeholders in cyberspace were intensifying.
“Initiatives should focus on emerging technologies, such as blockchain, quantum and artificial intelligence, as well as the modes of digital exchange they facilitate, like the metaverse.
“At the organisational level, upskilling leaders on cybersecurity issues and elevating emerging cyber risks to board-level conversations will strengthen cyber resilience. In a deeply connected society, digital trust is the currency that facilitates future innovation and prosperity,” the report advised.