Threat researchers at Cybersixgill published their annual report, The State of the Cybercrime Underground, earlier this year. The study is based on an analysis of data that Cybersixgill gathered from the deep, dark, and clear web in 2022. The study looks at how threat actors' tactics, techniques, and procedures (TTPs) have evolved over time in the digital age and how organisations can adjust to lower risk and maintain operational resilience.
This article provides an overview of some of The report's key findings are briefly summarised in this article, covering trends in credit card fraud, cryptocurrency observations, improvements in artificial intelligence and how they are lowering the entrance hurdles for cybercrime, and the emergence of cybercriminal "as-a-service" operations. The necessity for a new security strategy that combines attack surface management (ASM) and cyber threat intelligence (CTI) to counter threat actors' constantly evolving tactics is covered in more detail below.
Decline in credit card scams
For many years, fraudsters operating underground have employed credit card fraud as a regular and recurrent danger. But a number of recent changes are halting the trend and sharply lowering the number of instances of credit card theft. In recent months, the number of compromised credit cards being sold on illegal underground markets has significantly decreased. For instance, in 2019 dark web shops offered for sale almost 140 million compromised cards. By 2020, the number had dropped to roughly 102 million, and by 2021, it had fallen again by another 60% to just under 42 million cards. The amount finally fell to just 9 million cards in 2022.
Clever use of cryptocurrency
The decentralised nature of cryptocurrencies gives users privacy and anonymity. Therefore, it should come as no surprise that cybercriminals prefer to pay using cryptocurrency to buy illegal goods and services, launder money obtained from cyberattacks, and get paid for ransomware. In addition to becoming more widely used for legitimate purposes, cryptocurrencies have also attracted the attention of threat actors, opening up new potential for "crypto-jacking," hacking of digital wallets, crypto-mining, and stealing of digital assets from cryptocurrency exchanges.
Even in the wake of the 2022 crypto meltdown, attackers continue to place a high value on cryptocurrency. In 2022, we observed a 79% increase in crypto account takeover attacks, as stated in our study. (In the end, fraudsters utilise crypto to shift money rather than to generate revenue. Prices are indicated in dollars even if subterranean transactions are conducted in cryptocurrencies.) However, if investors continue to flee the market because of its turbulence, threat actors may eventually give up using cryptocurrencies as fewer users make it simpler for law enforcement to detect illegal transactions and for lawmakers to enact stronger regulation.
Use of artificial intelligence
Less than a year after it first appeared on the scene, cybercriminals are still very excited about ChatGPT and other recently revealed AI tools because of their potential to be a force multiplier for online crime. Threat actors can automate the creation of malware code and even replicate human language for social engineering with the correct prompts and direction, streamlining the entire attack chain. ChatGPT enables less experienced and less skilled cybercriminals to quickly and relatively easily carry out destructive acts. As highlighted in the study, AI technology is decreasing the entrance barrier for cybercrime and cutting the time required for threat actors to build harmful code and carry out other "pre-ransomware" preparations.
Mitigation tips
Within an organisation's vast attack surface, every connected system offers possible attack entry points for cybercriminals. Today, it is nearly impossible to safeguard the growing organisational attack surface using only cyber threat intelligence to assess vulnerability. The modern attack surface is becoming more and more external, encompassing a wide ecosystem of unidentified assets from cloud-based resources, connected IPs, SaaS apps, and third party supply chains in addition to the known network perimeter.
As a result, the majority of organisations struggle with the copious quantities of cyber threat intelligence data and experience significant blindspots into their whole attacker-exposed IT system. Security teams require complete visibility into their individual attack surface and real-time knowledge into their threat exposure in order to effectively fight against cyber threats.
The Attack Surface Management (ASM) solution from Cybersixgill, which is embedded with native, market-leading Cyber Threat Intelligence (CTI), eliminates visibility blindspots by automatically locating the invisible. With this unified solution, security professionals can continuously find, map, scope, and classify unknown networked assets that can put your business at danger, while also keeping track of your whole asset inventory in real-time across the deep, dark, and clear web.
To focus on each organization's unique attack surface and provide the earliest possible alerts of threats targeting their company, the integration of ASM refines industry-leading threat intelligence. Security teams are reliably equipped to focus their efforts and resources where they are most needed thanks to complete insight of organisational threat exposure. This significantly reduces Mean Time to Remediate (MTTR) and speeds up remediation time.
