A few weeks ago, we told you about the latest cybersecurity trends noted by security reports. Among the latest round of studies published recently, three other trends are particularly concerning to us.
Cybercriminals are now employing artificial intelligence (AI) to carry out attacks. The group Indrik Spider, for example, allegedly used ChatGPT to make requests at the same time as they exfiltrated sensitive information from the Azure Key Vault.
They also consulted Google and Bing to determine how to navigate Azure Portal more efficiently and searched GitHub for methods to exfiltrate credentials.
This use of AI and other intelligence sources is proof of the increasingly sophisticated nature of attacks targeting Cloud infrastructures.
The speed at which cybercriminals are exfiltrating data has increased significantly. In 2021, the average time from asset compromise to data exfiltration was nine days. In 2023, this could be achieved in just two days. In 45% of cases, in fact, data was exfiltrated in under 24 hours, underlining how urgent it is that organisations act fast to fortify their defences.
There has been a notable change in the sources of data leaks. In the 90s, attacks originated mainly from outside of organisations. Over the years, the number of outside attacks has continued to fall. Around 2010, for example, only 20% of data leaks came from an internal source. However, there seems to have been a backslide in 2023.
In fact, inside sources are now responsible for 35% of leaks. Worse still, in 70% of cases, these leaks were down to human error rather than malicious intent. This trend emphasises the importance of educating and training staff on cybersecurity within businesses.
Cybercriminals are increasingly interested in the assets distributed in the Cloud. The complexity and potential vulnerabilities of Cloud deployments are well understood by attackers. They are now using sophisticated and automated methods to carry out their attacks.
The speed with which these attacks are happening is as impressive as it is alarming. Organisations must adopt automated and high-performance detection and response tools if they want to counter these threats.
The complexity of the digital solutions deployed and their intensive integration are causing an increase in the risk of human errors, increasing cyber risk tenfold. It’s now more important than ever to continually educate and train staff on cybersecurity tools.
At MCG, we continually monitor these developments so that we can best advise our clients and help them strengthen their resilience to cyber threats, while supporting their growth and innovation.
Let's assess your Cyber Security together