TL;DR
If you’ve been in the industry long enough, you’ll know how significantly cyber threats have changed over the past few decades. Remember when phishing attacks and malware like the ILOVEYOU worm were the worst we could imagine? Since those days, cyber attacks have continued to evolve, becoming more sophisticated and harder to detect. These include zero-day exploits, advanced persistent threats (APTs), and the emerging use of AI.
What hasn’t changed? The increasing costs of these attacks. In fact, Anne Neuberger, U.S. Deputy National Security Advisor for cyber and emerging technologies, estimates that the annual average cost of cyber crime will grow by nearly a multiple of four between 2022 and 2027 — from $8 trillion to $23 trillion. Bad actors will continue to adapt and change their methods in order to gain an advantage, which means the smartest thing you can do is to stay ahead of what is happening.
With that in mind, here are the modern threats our experts are keeping an eye on.
The evolution of ransomware
Ransomware may be one of the oldest forms of cyber attacks, but that doesn’t mean it hasn’t kept up with the times. Because it offers a quick way to extort people and organizations, new forms of ransomware continue to pop up. “As long as it’s still a viable path for profit,” said Alan White, author of the Forensic Team Field Manual, “you will see people using it in different ways.”
White highlighted how the emergence of cryptocurrency has given thieves new opportunities for their ransomware attacks. “More and more people have some form crypto,” he said. “It’s becoming another set of targets for them.” Even if they can’t take the cryptocurrency directly, they can use ransomware to hold a digital wallet hostage, forcing crypto holders to pay. “It’s become a lucrative business,” White said.
Clint Kehr, a Cybrary instructor and technical manager, also highlighted the continuing threat of ransomware, but specifically how it has transformed into a service. “Ransomware-as-a-service has been something that has come out in recent times,” he said. ““All these different marketplaces and vendors [on the dark web] are now selling it.” This has lowered the bar for many hackers and made launching ransomware attacks much more accessible. In many cases, it’s now as simple as making a purchase.
AI-enhanced threats
While AI hasn't come into its own in cybersecurity yet, it is empowering threat actors and will increase in significance through time. And how these bad actors are starting to use it is raising alarms.
“Many of the old malware techniques aren’t going away, but they’re starting to trend differently,” said Alan White. “They’re moving faster. And that’s because thieves now have AI to help them write code.”
What does this mean? For White, it means that threat actors now have an increasing ability to produce customized malware quickly. “They can just tell AI to build an exploit with this type of CVE,” said White. “Here’s the payload I want. Here’s where I want you to route it back to. The business of malware writing has transformed.”
Gina Cardelli, the Principal Security Strategist at Fortra, agrees that AI is helping give threat actors a leg up by doing the work for them. “They’re using technology like AI and machine learning a whole lot more,” she said. In particular, she emphasized how cyber criminals are developing service offerings around these technologies. “There’s malware-as-a-service, there’s phishing-as-a-service. They’re using AI to do the work for them, then turning around and selling it.”
Quantum computing and cryptography
Although it may still be on the horizon, many cybersecurity experts are becoming increasingly anxious about how quantum computing may disrupt the world of cryptography. “Quantum computing or quantum technology in general is going to be a game changer,” said Hugh Shepherd, a strategic cybersecurity consultant, as well as a Quality Engineer for Cybrary courses. “Once you have quantum computers, you will be able to bust the cryptography we use every day in a fraction of a second.”
The reason for this is tied to how quantum computing works. Unlike traditional computers, which use binary (ones and zeros) to conduct calculations, quantum computers take advantage of a property called quantum superposition, in which a quantum particle can inhabit two states at once. In practice, this means that quantum computers will not face the same limitation as traditional computers, allowing them to conduct many more calculations at once.
While this technology hasn’t reached maturity yet, experts like Shepherd worry that, once it does, it will be used to crack cryptographic codes in minutes that would otherwise take traditional computers years. “When quantum computing becomes more widespread or readily available,” he emphasized, “especially by people who have malicious intent, we'll all be at risk.”
Stay ahead of the cybersecurity landscape with Cybrary
There may always be new threats and vulnerabilities out there, but one you don’t have to worry about is how to stay current with all of them. Cybrary’s extensive course catalog gives you all you need to stay on track. Browse through our full catalog or request a demo for your team to start accessing our curriculum.
