It’s been said in so many ways: with the growth of the information technology world comes a growth of existing threats. Whatever the landscape was like ten, twenty, or even thirty years ago is drastically different from what we see now, and part of that is the number of ways in which we respond to cyber-attacks. We understand much of them now in a context that didn’t exist so many years ago; however, with this understanding comes the knowledge that our defenses weren’t the only thing that’s evolved. The threats we face have evolved numerous times over the years, as well, and so it’s only right that you understand what evolutions have occurred — especially if you plan to defend yourself against today’s cybersecurity threats.
It’s a simple conclusion to draw: with the advent of technologies in each new age come more tools to use and skills to learn. Attackers have grown more knowledgeable, more sophisticated, and more resource-rich, in that they have lots of ways to power their offenses: media like websites or DNS traffic, weapons like botnets or worms, and different skill sets to improve existing tactics like phishing. This particular evolution is what makes cyberterrorism today such a formidable force to contend with, and it’s because of this that cybersecurity tools today must update regularly with threat intelligence to inform them on new attack routes, methods, etc.
As people have grown more aware and more suspicious of online threats, so too have they learned more about what to avoid to keep themselves safe from the attacks that lie in wait. That doesn’t preclude users from still being victims, though. On the contrary, the fact that victims act on their knowledge about attacks can birth new routes of attack. For example the security differences of SentinelOne vs. Symantec, two leaders in cybersecurity, make it clear why users are still great targets: While SentinelOne is programmed to detect various types of threats, including advanced threat types and signatureless attacks, Symantec is limited in this regard, and those who use Symantec might find themselves victimized because of Symantec’s inferior protection, despite their efforts to defend proactively.
Thanks to the advances in automation and AI, not only have cybersecurity tools grown smarter — the attacks have, too. Many attack types now require minimal effort from actual attackers, whether because of botnets or scripted attacks, and so these occur more rapidly, more regularly, and in many cases, on behalf of someone else. Cybercriminals utilize the SaaS economy to offer their services to others, and cyber threats have evolved to be “packaged and sold” accordingly. There’s also no longer a need to target individuals in many cases, as groups can fall victim all at once, like when they are sent to a malicious site via a widespread link.
While the main motivation in many cases is still money, there is more at stake now with current cyber attackers. These criminals can be from different “activist” groups, looking to achieve anything from misinformation to corruption in order to achieve their own ends. It’s an advancement that has been proven even just some years back, and it’s only growing more prevalent as a goal. More than that, attackers no longer just steal data when it is money they’re after. They can make more from stealing your identity, hacking your very life through everything from bank accounts to social media, and when they’re done, they can do it all again with someone else in the same way, turning the cybercriminal landscape into a wealth of exploitative opportunities.
With the increasingly easy ways that attackers cross the boundary to become cybercriminals, be it through scripted events or an email that’s all too convincing, the attacks themselves have become far more prevalent. Again, this is also due to the fact that these attacks are now offered as an on-demand service. Consider also that with the increase of various technology uses, be it social media, entertainment portals, or even a traditional website, there are now more opportunities for attacks of various types. The attack surface of any given entity is now fairly larger. What’s more, an attacker can almost blindly send out a threat and wait for it to hit, rather than needing to focus specific attacks on specific people. While the latter is generally more effective, the former methodology allows for a lot of “bites”, such as in widespread phishing attempts or in drive-by attacks. Whatever is used to target groups of people, rather than individuals, acts like a marketing funnel — it draws in a specific crowd of responsive victims, and then, once they’re “hooked”, the rest of the attack takes place. This results in more attacks in general, and of course, with more attempts there come more successes, leading more attackers to continue their work.
The way that you respond to threats now will help define what the threat landscape looks like in twenty years — that’s just a fact. But just as important to eliminating these threats is understanding how different they are from those that started appearing years ago. Maintaining relevant knowledge but understanding the growth over time is key. In time, these threats will evolve again, and when they do, users and cybersecurity tools alike must understand these trends to think ahead and begin to defend against new attacks once more.