Worldwide cybercrime was estimated to cost $8.2 trillion USD in 2023, a sevenfold growth since 2019. During his keynote speech at Luxembourg Internet Days on 8 November, PayPal CISO Assaf Keren outlined their MO and speculated on the impact that Generative AI will have on the cyberattacks. Here are 6 takeaways.
Cyber criminals target the weak
Cyber criminals target the elderly, people with disabilities and people who have recently gone through loss and grief. And a large chunk of the cost of cybercrime comes from ransomware. According to Statista data, in 2021 a record 623.3 million ransomware attacks were reported worldwide, up from 304.6 the year before. Among the most high-profile infrastructure targets were the Colonial Pipeline attack. This American oil pipeline system which originates in Houston, Texas, and carries gasoline and jet fuel mainly to the Southeastern United States, was shut down for five days causing localised shortages of diesel and jet fuel.
Keren speculated that the 2021 spike was related to a shift in consumer habits as a result of the covid pandemic. “There was a big shift in the number of people using ecommerce and online payments during the pandemic and that means there are more targets for cyber criminals. So, companies have started becoming more targeted as part of that as well,” Keren said.
2023’s attacks were a wake-up call
After the 2021 spike in cyber crime, in 2022 the global number of ransomware attacks fell to 493.3 million. Keren explained that a number of law enforcement agencies had helped to bring down ransomware gangs. Nevertheless in 2023, attacks continued, this time targeting companies like MGM resorts. The attack led to an estimated $100 million loss in earnings, and $10 million costs in expenses for risk remediation, legal fees, third-party advisory, and incident response measures.
“I think MGM Resorts is one of the best examples […] We see the physical impact when people try to get back into the room. We are also seeing a lot of these are attacks against companies,” said Keren.
Phishing is the leading cause of data breaches
Phishing emails, which engage with a person and convince them to share credentials, play a significant role in cybercrime. According to Keren, more than three quarters of cases of company breaches are through phishing or a social interaction with a hacker. In Europe, that proportion rises to 82%. “There is also a big growth in phishing attacks against consumers since Covid-19,” said Keren. This has worsened since the Russia-Ukraine war as actors exploit consumers’ willingness to donate to a cause.
“There was a big shift in the number of people using ecommerce and online payments during the pandemic and that means there are more targets for cyber criminals.”
PayPal CISO Assaf Keren
It has never been easier to be a cyber criminal
The underground marketplace for cyber attack tools has become increasingly sophisticated and organised. Today cyber criminals do not need to be expert at phishing, engaging users, accessing credentials and moving money. There is no limit to what they can buy on the underground market. “We’ve seen people selling API SaaS access to fraud tools that they have created because they don’t want people to download their code. So it is major and it’s becoming much easier to become a cyber criminal,” said Keren.
Blurring the lines between nation states and criminal actors
Cyber security weaknesses are also being exploited by nation states. While in the past, such attacks were motivated by intelligence services to extract secrets, data and intellectual property, today the MO has changed.
Keren said: “We are seeing nation state actors attacking companies and doing ransomware attacks, to get the money to bypass sanctions to fuel things like weapons programmes and sanctioned research that they can’t do because of where they are.”
Nation state-led cyber attacks on Paypal dropped at the start of the 2022 Russian invasion of Ukraine, Keren speculated because resources became consumed by the conflict.
However, since then, Western companies have increasingly become the target of influence debates and information warfare. August 2022 saw a spike in Distributed Denial-of-Service (DDoS) Attacks, a type of cybercrime in which the attacker floods a server with internet traffic to prevent users from accessing connected online services and sites. Keren believes the goal was to impact the availability and the trust that people have in the western financial peace. “That is something that we haven’t seen before,” he said, adding: “We’ve seen very clearly that nation states now utilise their criminal actors to attack. And they use the technology and knowledge that they haven’t had in the past: criminal actors are becoming more and more aggressive.”
Generative AI is doping cyber attacks
Generative AI tools like ChatGPT make it easier for hackers to write more effective phishing emails, to spoof someone’s voice and create deep fakes. “And we are seeing those things happening in attacks,” said Keren. Elevating security and collaboration are essential to confront this new trend, the CISO said. As a company, Paypal has forged partnerships and built platforms with governments and global organisations to identify and bring down fraudsters and cybercriminals. According to Keren, it took down on average 2,000 Paypal phishing websites per month. He said: “Some things, like giving back your money when you get defrauded, are easy. The hard things involve going underground to look for people’s credentials in data dumps.” IT leaders, meanwhile, should focus on investing in the basics. He said: “98% of ransomware attacks will not be successful if you just patch and manage your systems.”
This article was first published in the Silicon Luxembourg magazine. Read the full digital version of the magazine on our website, here. You can also choose to receive a hard copy at the office or at home. Subscribe now.
