Internet network and cybersecurity company Cloudflare recently took to its blog for its yearly threat report, and things are looking… not amazing. The headline news is that threat actors are getting more complicated, and cybersecurity has to get better to match it.
It opens: “Today’s threat landscape is more varied and chilling than ever: Sophisticated nation-state actors. Hyper-volumetric DDoS attacks. Deepfakes and fraudsters interviewing at your company. Even stealth attacks via trusted internal tools like Google Calendar, Dropbox, and GitHub.”
After following reports over the last year, Cloudflare claims there’s been a change in how threat actors operate. It says, “The era of brute force entry is fading. In its place is a model of high-trust exploitation that prioritizes results at all costs.”
One key focus, and something we’ve seen a lot of recently, is the implementation of AI. Cloudflare says it is “automating high-velocity attacker operations” and has been used for real-time network mapping, the development of exploits, and deepfakes.
Just last month, researchers spotted a scam that used deepfake technology to pose as a CEO, only to catch people out with a fake Zoom call and spoofed troubleshooting software. In that same month, Google published a long list of ways AI is being used by threat actors, so AI (and both its negative and positive effects) seems here to stay. AI is effective too, with a study showing people falling for AI phishing attempts 4.5x more often than human ones last year.
AI is not the only trend, according to Cloudflare. The company reports that state-sponsored threat actors are wreaking havoc on telecommunications, and third-party API integration compromises are popping up more and more.
A peculiar recent surge is the use of legitimate cloud tools like Google Calendar, Dropbox, and GitHub to sneak in malicious actions. Hackers have also found ways around the likes of multi-factor authentication with cryptotokens, thanks to infostealers, and cryptobros are particularly targeted by threat actors. Not only are they expected to have a volume of currency, but cryptocurrencies’ ability to effectively disappear through complex transactions makes hiding that money a tad easier than traditional scams.
One threat of particular note to Cloudflare is the introduction of more hyper-volumetric distributed DDoS attacks, effectively massive but short-lived botnets that can break traffic and close sites without adequate infrastructure. Cloudflare has been fighting against DDoS attacks for a long time, so this is a natural extension of that.
This is all to say that threat actors are getting smarter, more complicated, and the likes of AI only make the skill floor a little lower for them. As always, don’t interact with accounts you don’t recognise, don’t click on unfamiliar links, and stay sceptical of anyone (or any bot) reaching out.
