AI, accelerated cyber attacks, and ransomware-as-a-service (RaaS) are among the top threats to organisations, according to cyber security provider Nclose.
Threat actors are quickly moving from infiltration to exploitation, aiming for rapid financial gains, the company warns.
It adds that RaaS has enabled specialised cyber criminals to collaborate, making coordinated attacks faster and more impactful.
Stephen Osler, co-founder and business development director at Nclose, explains: “In this model, different cyber crime specialists handle various stages of the attack chain, including reconnaissance, password compromise, privilege escalation, and execution. This collaborative approach involves multiple specialists working together to expedite the attack process.”
Osler says during Q1 of 2024, there has been a significant increase in the volume of attacks, and cyber criminals are leveraging AI to amplify the scale and speed of their offensives. “We are also seeing more attempts in our managed detection and response. This increase in the volume of attacks might be due in part to attackers shifting their focus from nation-state type attacks back to traditional enterprises, which is worrying.”
At the same time, cyber defenders are using AI to support their efforts, he says.
According to Osler, dwell times (the critical period from breach to detection) have notably shrunk, and this could be because of advancements in detection technologies.
He cites Google Cloud-owned Mandiant’s 2024 M-Trends report: “The report highlights a significant decrease in the global median dwell time from 16 days in the previous M-Trends report to just 10 days last year, down from 101 days in 2017.”
However, cyber attackers continue to exploit major events to manipulate emotions and sow discord, says Osler.
“People should know the risk of fake news and the use of deepfakes to sway public opinion… With generative AI, it has become very easy to create fake pictures and videos. The shifting landscape of cyber warfare demands a heightened level of awareness and readiness to navigate the ever-changing digital security domain.”
Share