The Rise of the Rookie Hacker – A New Trend to Reckon With

The Rise of the Rookie Hacker – A New Trend to Reckon With

The trends and predictions for 2022 and 2023 include an increase in zero knowledge assaults, leaked credentials, and Gen-Z cybercrimes.

Cybercrime continues to pose a serious threat to people, companies, and governments all around the world. The availability of digital gadgets and the internet continue to be used by cybercriminals as a means of committing their crimes.

ALSO, READ 2023 predictions for cybercrime (and security)

Cybercriminals will have access to more vulnerable devices as the internet of things develops, giving them the ability to launch more complex attacks. As entrance barriers to cybercrime continue to decrease, it is anticipated that this type of crime will become more and more profitable as thieves discover new and improved ways to monetize their attack.

Several major tendencies that we identified in 2022 and that will probably persist in 2023 are covered in this article. We’ll go into more detail on these themes in the upcoming webinar “The Rise of the Rookie Hacker – a New Trend to Reckon With” on January 11th.

Leaked credentials will continue to be the main attack vector for initial access

Use of stolen or compromised credentials remained the most frequent reason for a data breach, according to IBM’s cost of a breach 2022 report.

In 2022, Info-Stealers, malware that can steal stored credentials from browsers, cookies (used for session hijacking and to get around MFA), crypto wallets, and more, was the leading source of stolen credentials. A number of other thieves, such the “Luca stealer” and the “eternity stealer,” were developed as a result of Redline Stealer’s enormous popularity with threat actors. The latter is a component of the eternal project, an all-inclusive service that enables threat actors to purchase or rent every instrument they require to execute an attack against a target of their choosing.

The Rise of the Rookie Hacker – A New Trend to Reckon With

In the 2022 survey as well as the 2021 report, stolen or compromised credentials were the main attack vector in 19% of breaches. Given that a staggering 59% of firms don’t use zero-trust, which results in average expenses per breach of $1 million USD higher than those who do, this trend is most likely to continue on an increasing trajectory. The frequency and expense of breaches will increase until firms’ cybersecurity capabilities become more developed.

A rise in zero-knowledge attacks

The entry hurdle into cybercrime has been lowered by the availability of subscription services for DDoS, malware, and ransomware. For instance, the dark web sells phishing kits for as cheap as $6 and DDoS attack subscriptions for as little as $500, according to the Microsoft Digital Defense Report 2022. Ransomware-as-a- Actors prefer to offer services under an affiliates model, which entails “renting” a finished product and dividing the proceeds according to activity and income. A cybercrime campaign or operation can be set up more easily thanks to the advent of “clearnet malware,” or malware that can be acquired on common platforms like Telegram (hello, again, eternity project!). The rise of cryptocurrency payment systems has facilitated the trading of goods and services used in cybercrime, pushing the entire cybercrime ecosystem even further.

ALSO, READ How Organizations Can Secure Clients’ Data From Hackers.

Younger threat actors – average age will continue to drop

In terms of cyberattacks, 2022 was the year of Gen Z. Lapsus$, a group of British teenagers, led the way with a hacking blitz against major giants like Microsoft, Nvidia, Samsung, Ubisoft, and Okta. The largest generation on the planet right now is Generation Z. They are “digital natives,” having grown up in a world of the internet, smartphones, cloud computing, and social networks, in addition to their strength in numbers. Being young, they have a natural desire for social affirmation, which they can find online. The primary driving force behind Lapsus$ was “Kudos”; they were “doing it for laughs.” The ease with which zero-knowledge assaults can be launched, along with Gen Z’s digital nativeness and their need for social validation online, will probably contribute to the continued decline in the average age of cyber criminals.

We’ll still need humans in the loop

Businesses spend billions of dollars implementing multi-layered security frameworks, platforms, and software, but in the end, businesses are made up of people, and people are susceptible to being duped.

Cyberattackers are using social engineering more and more frequently to get sensitive data. It entails taking use of psychological flaws in people to trick victims into divulging private information or performing specific tasks in order to obtain access to a system or network.

The Rise of the Rookie Hacker – A New Trend to Reckon With

The operating method of LAPSUS$ was based on a sim swapping scam from a textbook. They purchased the credentials of the person who had access to the necessary resources within an enterprise, reported the phone as stolen, rerouted the sim to their own phone, activated multi-factor authentication on an enterprise access point (such as the Office365 login page), and reset their password. It was both laughably easy and horrifyingly effective.

Even the most advanced technologies cannot entirely eliminate the possibility of human susceptibility. You’ll need additional people who have that training for that. Enterprises were forced to outsource this aspect of their cybersecurity to a managed detection and response (MDR) service due to the shortage of cybersecurity professionals. In fact, at a Compound Annual Growth Rate (CAGR) of 16.0%, the global MDR market size is predicted to increase from an anticipated value of 2.6 billion USD in 2022 to 5.6 billion USD by 2027. Although technology and machines are fantastic, we still require people.

On January 11 at 10 AM ET / 15:00 GMT, join Ronen Ahdut, Head of Cyber Threat Intelligence at Cynet, for a webinar titled “The Rise of the Rookie Hacker – a New Trend to Reckon With.” The webinar will go in-depth on the trends, risks, and technologies in cybersecurity for 2023, as well as the necessity for human oversight and how to find these new threats.