In an era dominated by rapidly evolving technology and digital interconnectedness, the landscape of cyber threats is constantly shifting.
We have witnessed a surge in the sophistication of traditional threats, such as ransomware, and the emergence of new risks associated with cutting-edge technologies like Artificial Intelligence (AI) and phenomena like the Massive Internet of Things, for example, in smart cities.
As we delve into the most pressing and emerging threats of this year, it becomes evident that the future of cybersecurity is a complex and ever-changing battleground, where staying ahead of adversaries is of paramount importance.
Stay Ahead of the Curve with UN1QUELY
As a company at the forefront of the cybersecurity domain, we understand the importance of staying ahead of the curve.
UN1QUELY has been actively researching these new cyber threat trends, and we are fully equipped to assist other organizations in bolstering their defenses.
Through our vCISO (Virtual Chief Information Security Officer) program, exceptional security management and SecOps teams, and an elite offensive security team, we stand ready to collaborate with businesses to fortify their cybersecurity posture.
This article serves as a window into the evolving world of cyber threats, and a testament to our commitment to safeguarding the digital landscape.
From Data Breaches to National Disasters: The Devastating Impact of Ransomware on the US
In a landmark move, the White House unveiled its National Cybersecurity Strategy in early 2023, officially reclassifying ransomware attacks as a national security threat.
This pivotal decision by the world’s leading cybersecurity authority underscores the urgent need to address the ever-evolving landscape of cyber threats.
If the United States, the global powerhouse in the realm of cybersecurity, acknowledges ransomware as a matter of national security, it serves as an unequivocal wake-up call, emphasizing the critical importance of taking the issue with the utmost seriousness.
Every year, large economies like the United States are hit by tens of thousands of ransomware attacks that impact business operations, disrupt financial activity, and sometimes even cause critical parts of the infrastructure to go out of service.
Ransomware is a kind of malware that involves the encryption of files in breached networks/computers, making all data and apps inaccessible. The attackers then demand a ransom payment in exchange for a decryptor program.
Data restoration takes time, even if backups are available, so the disruption is bound to be lengthy and financially harmful.
The Colonial Pipeline attack in May 2021 is a prominent example of a nationwide disruption, forcing the company to halt all pipeline operations, resulting in 17 states and Washington, D.C., entering a regional emergency status to keep fuel lines open.
During the days that followed, airlines in the USA had to reschedule flights due to fuel shortages.
At UN1QUELY, we not only recognize the severity of this threat but also possess the capabilities to combat it head-on.
With both defensive and offensive capabilities at our disposal, our security experts can not only protect other corporations and companies from ransomware attacks but also simulate these very threats in red team engagements, ensuring that our clients are fortified against the most advanced and insidious cyber adversaries.
The Dark Side of AI: The Latest Weapon in Cybercriminals’ Arsenal
With innovations in 2023, such as ChatGPT and other AI solutions becoming readily available, there is now greater awareness and acceptance of the use of artificial intelligence in achieving various objectives.
Given the widespread availability of tools for crafting artificial intelligence (AI), along with accessible sources and tutorials in the public domain, it is expected that AI crafted for offensive purposes may surpass the prevalence of those developed for defensive objectives.
We are well aware of the disruptions caused by ransomware attacks, and their widespread occurrence. What remains unknown now is the potential escalation of the situation when cybercriminals opt to incorporate a dash of AI into the mix.
By way of illustration, AI-based chatbots could automate ransomware attacks by communicating with victims to facilitate ransom payments easily. These chatbots could even conduct a detailed assessment of the potential value of the encrypted data, ensuring that the ransom amount aligns appropriately.
Deepfake Attacks: The Disturbingly Realistic New Form of Social Engineering Plaguing Financial Institutions
Deepfake technology combines “deep learning” and “fake media,” enabling the manipulation of audio/visual content to appear authentic.
Cybercriminals have already exploited this technology, crafting non-consensual p*rnography and spreading political misinformation.
Additionally, they successfully tricked a UK-based energy firm into transferring €220,000 to a Hungarian bank account in 2019.
Example Scenario: Corporate Enhanced Social Engineering Attacks using Deepfake
In this scenario, the malign actor decides to employ a deepfake audio to attack a financial institution for financial gain.
The actor starts by conducting research on the dark web and obtaining sensitive information such as names, addresses, social security numbers, and bank account numbers of several individuals.
By analyzing their TikTok and Instagram profiles, the actor uses the videos posted on these platforms to train a deepfake model and create realistic audio of the targeted individuals.
To exploit the financial institution’s security measures, the actor investigates their verification policy to discover the presence of a voice authentication system.
Successfully passing voice authentication, the actor speaks with a representative and utilizes the customer proprietary information acquired from the dark web.
Claiming inability to access their account online, the actor requests a password reset and is provided with a temporary password. This grants them access to the target’s financial accounts, enabling the transfer of funds to overseas destinations.
The Rise of AI-Driven Password Cracking: A Threat to Online Security
Cyber adversaries are employing machine learning (ML) and AI to improve algorithms for guessing users’ passwords.
While there are already existing password-cracking algorithms, the use ofML enables the analysis of vast password datasets and the generation of various password variations.
PassGAN, a machine learning-based AI password cracker, relies on neural networks to eliminate manual efforts in password analysis for password cracking or guessing.
The PassGAN paper highlights the limitations of current password-guessing tools like HashCat and John the Ripper, stating that expanding their capabilities to model additional passwords is a laborious task requiring specialized expertise.
The real question is not whether AI-driven tools can crack user passwords, but rather how long it will take for these tools to succeed.
In an attempt to answer this question, Texas-based cybersecurity startup Home Security Heroes conducted research. They trained PassGAN on 15,680,000 passwords from the 2009 RockYou dataset, which was leaked online.
The findings by Home Security Heroes are as follows:
- 51% of common passwords can be cracked by PassGAN in less than one min
- 65% of common passwords can be cracked in less than one hour
- 71% of common passwords can be cracked in less than one day
- 81% of common passwords can be cracked in less than one month
“PassGAN represents a concerning advancement in password-cracking techniques. This latest approach uses a Generative Adversarial Network (GAN) to autonomously learn the distribution of real passwords from actual password leaks, eliminating the need for manual password analysis. While this makes password cracking faster and more efficient, it is a serious threat to your online security”.
AI-Powered Malware
A proof-of-concept, artificial intelligence (AI)-driven cyberattack that changes its code on the fly can slip past the latest automated security-detection technology, demonstrating the potential for creating undetectable malware.
AI can allow the malware to dynamically modify benign code at runtime without any command-and-control (C2) infrastructure.
An AI-generated malware dubbed BlackMamba was able to bypass cybersecurity technologies such as industry-leading EDR (Endpoint Detection and Response) in an experimental project led by researchers at Hyas.
While the BlackMamba malware was only tested as a proof-of-concept and does not live in the wild, its existence does mean that the threat landscape for individuals and for organizations will be unequivocally changed by the use of AI.
The trick is to fight fire with fire!
AI-driven cyberattacks may seem unstoppable, but they’re not completely unbeatable. The trick is to fight fire with fire. Cybersecurity is evolving with AI as well.
To stay ahead of cybercrimes in this new frontier, businesses must adopt a comprehensive strategy that combines AI capabilities with human expertise. In addition, organizations should implement strong security measures, specifically utilizing advanced AI-driven cybersecurity solutions for detecting and responding to threats in real-time.
To achieve this, businesses can delegate time-consuming low-risk tasks to AI software, allowing experienced personnel to focus on the more critical security aspects.
Massive IoT (Internet of Things) Security
According to Ericsson’s recent mobility report, it is projected that 52% of cellular Internet of Things (IoT) connections will be Massive IoT connections by 2025. But what exactly is Massive IoT, and what does this mean for the future of your business? Now is the perfect time to find out.
Massive IoT refers to the Internet of Things on an unprecedented scale. It is a term used to describe hundreds of billions of devices that are connected to the internet and collecting and transmitting small amounts of data from sensors.
Many wireless technologies can be used for IoT connectivity, but only 5G cellular technology can connect IoT objects at this scale with an ultra-reliable, fully secured connection, anywhere in the world. The ability of 5G networks to support a massive increase in low-cost devices that consume minimal energy and can reliably send small amounts of data at regular intervals will result in big opportunities for businesses that are already using IoT.
Smart cities use IoT devices such as connected sensors, lights, and meters to collect and analyze data. The data is used to improve infrastructure, public utilities and services, and more. Their dense urban environments are a key target for MIoT deployments.
Moreover, this sector is expanding, according to UN-Habitat’s World Cities Report 2022, global city population share doubled from 25% in 1950 to approximately 50% in 2020 – and over the next 50 years, it is projected to increase to almost 60%.
Europe is leading the world in smart city development. The EU has been proactive in encouraging its member nations to develop smart cities.
Smart city devices make everyday tasks easier and more efficient while relieving pain points related to public safety, traffic, and environmental issues. Managing traffic flow and transportation is one of the greatest challenges that smart cities face and IoT provides practical solutions. By generating real-time data, solutions for traffic monitoring can optimize traffic flow by adjusting the timing of traffic signals.
IoT, in general, poses security challenges by its very nature of connecting numerous devices to the Internet. Massive IoT can exemplify those challenges in a few ways.
- Massive IoT applications are likely to use lower-complexity devices. These types of devices wake to take a reading, transmit the data to the network, and return to sleep mode. This helps keep costs down in these Massive IoT use cases because data and power usage are low. However, because of the low complexity of the devices, there is minimal hardware for security purposes.
- The deployment of these devices in insecure areas exposes them to physical security risks. Devices attached to streetlights in smart cities applications, placed on livestock in agriculture use cases, and outdoor meter readers in smart metering – these are just a few examples of how these devices can be exposed.
The fact that the devices might be widely distributed makes it hard to monitor and protect.
Finally, because of the number of devices deployed in Massive IoT, as the name suggests, this, by its very nature, broadens the attack surface by having so many endpoints. With these considerations, it raises the question of what measures can be adopted to secure Massive IoT applications.
Securing Massive IoT applications is a complex task, given the sheer volume of devices and their potential vulnerability to attacks. In a smart city ecosystem, IoT devices can serve as entry points for infiltrating critical infrastructure with malware, posing significant risks. As smart cities continue to evolve and shape urban living, it is crucial to address the interconnectivity challenges they present.
Smart cities are the next big thing, and they’re going to take urban living to the next level. However, the interconnectivity in smart cities is their greatest strength and greatest weakness, so, at UN1QUELY, we are researching those trends as we prepare our cybersecurity assets for the future.
About Author
Miroslav Milicevic, an Offensive Security Engineer at UN1QUELY, brings 5+ years of software engineering expertise. Specializing in red teaming and offensive security software development, Miroslav has a keen interest in drones, critical infrastructure, and telecommunications cybersecurity. Driven by a passion for learning and growth in the cybersecurity industry, he is committed to staying at the forefront of emerging technologies. Join him on a journey of innovation, as he contributes to securing digital ecosystems and critical infrastructure worldwide.