What are the new trends in cybersecurity? What new challenges and objectives does this imply? Laurent Vromman, Coordinating Director for IT Practices and ALTEN Cybersecurity Practice Manager, explains this little-known discipline and offers an overview of the major cyber trends for the coming months.
The best way to understand cybersecurity is to start by understanding what it provides a response to: a growing threat. The term ” threat ” covers two distinct concepts: “ attackers ” – the subject of this first part – and attack techniques (see Part 2).
Groups of cyberattackers can be classified into three broad categories:
- Large groups of hackers who are often “sponsored” by states
- Cyber-mafia organisations
- Individual hackers, sometimes in small, loosely organised groups. The current trend is towards increasing professionalism in the sector: as defence methods become more organised, with increasingly complex protection capabilities, attackers need to be structured and innovative in order to be able to circumvent it.
State or state-like threats target other states, directly or indirectly, via their industrial infrastructure, for various reasons, including destabilisation, sabotage, espionage, etc. These are often sophisticated, ongoing, multi-vector attacks (i.e. using several cyberattack techniques together) and yet are very discreet. Among the most famous examples are the SolarWinds attack – a computer infiltration that targeted the US government in 2020 – and 2021’s attack on Colonial Pipeline, a US group managing almost half of the fuel consumed on the East Coast, who were forced to pay a ransom of 4.4 million dollars to hackers (the Russian government has announced that its FSB have dismantled the group behind this attack, known as REvil). This constant and sustained state pressure is also known as “cyber-coercion”.
At the non-state level, a twofold trend is apparent.
Firstly, the growing professionalism of certain attack groups , made up of individuals organising themselves into gangs or cartels. They see everyone as potential targets – from large companies to individuals – for money laundering, extortion, theft and fraud. Their attacks are shorter and more direct, but their impact is no less significant. What characterises these groups? The fact that they are pooling their resources and infrastructures in order to be more efficient and to offer new services. The business model of “IT as a service” tools – such as “platform as a service”, “software as a service”, etc., is now being extended to include cyberattacks; for example, with “Ransomware as a Service” (RaaS). A third party chooses a target and the attack is carried out by the RaaS platform. The gains are then shared with the infrastructure provider. These services are increasingly varied, including not only ransomware, but also phishing and DDoS…
Secondly, this increasing professionalism has led to the emergence of a new category of cybercriminals , much less technically expert than a few years ago because they are able to use these off-the-shelf “as a service” offerings. The result? Anyone is now capable of controlling a large-scale cyberattack, despite the increased complexity of attack methods. Outsourcing the technical side to specialised service providers provides access to potentially (and increasingly) important technical know-how to detect security flaws and vulnerability combinations that the opposing side tends to solve as it goes along.