Ransomware, crypto and AI: known threats and new dangers 2023

There was no shortage of spectacular hacks last year. We present some of the most relevant incidents for IT security managers and also what they should prepare for now.

Security specialists had a lot of work to do last year and will not be bored this year either. The Log4J security vulnerability received attention beyond the IT security scene. Supposedly secure cryptocurrencies are showing weaknesses, as is the particularly sensitive healthcare sector. Artificial intelligence in the wrong hands could change the playing field, because cyber criminals are ruthless, ethical concerns do not matter.

The last year started with a security problem that overshadowed the whole of the year, but occurred as early as December 2021. One of the most catastrophic bugs of all time set server operators around the world into a panic: The security vulnerability in the widely used open source software Log4j caused unrest. Since then, hackers have been constantly tapping internet servers of all companies for it. Security companies are constantly busy removing attackers from affected systems, administrators have a good job finding vulnerable systems and installing updates.

The largely unknown but nevertheless very widespread use of Log4j in companies provides a massive attack surface for attackers. Often Log4j libraries are embedded in other software systems, making it difficult for IT managers to determine whether their infrastructure is affected by the vulnerability. The so-called supply chain attacks are likely to continue to keep IT security managers on their toes.

Numerous contributions at it-sa 365 highlight the Log4J security vulnerability. 

The hunt for a quick buck

For many cryptocurrency owners, the past year began with a nasty surprise. Right in January 2022, an attack on the crypto.com platform captured cryptocurrency wallets with bitcoins worth around USD 18 million and Ethereum worth around USD 15 million. The attackers managed to bypass two-factor authentication and access users' crypto wallets unhindered. Last year was not at all a good year for crypto-money owners. In addition to massive price drops, they face an additional risk to their already very risky money option, as this security incident was not the only one in the crypto sector. The hacker group Lazarus, which originates from North Korea, is said to be responsible for another incident. In the process, the video game company Axie Infinity was relieved of cryptocurrencies amounting to around 620 million US dollars. Meanwhile, it is speculated that revenue from cybercrime has become a relevant factor for North Korea's state budget. But while the ransom paid by companies may be a bubbling source of revenue for North Korea, companies are struggling with Bitcoins, which is why the Federal Criminal Police Office (Bundeskriminalamt, BKA), for example, offers help in obtaining them should a company feel compelled to pay a ransom.

Cybercriminals: old acquaintances and new players

Another group called Lapsus also attracted attention with spectacular cyber attacks. This new gang is said to be mainly made up of teenagers. They mainly target the big technology companies, including Microsoft, Samsung, Nvidia, Ubisoft. They have all been affected by serious data thefts. The suspected ringleader, a teenager from the UK, was arrested back in March, but still not much is known about the group and none of its members have been identified. Meanwhile, the attacks attributed to this hacker group continue.

Another group dominated the headlines of security media for a while. The Conti Group had long made a lot of money with large ransomware attacks and bullied the health sector, among others. It has now become a victim itself. Shortly after the start of the Ukraine war, it was targeted by Ukrainian hacktivists who had apparently previously worked in the group. They published internal chats and other information from the ransomware group, which provided comprehensive insights into the Conti group's workings. Numerous conclusions about their lucrative business and cooperation with other groups became visible. 

Later in autumn, a spectacular attack on the health sector caused a stir. It affected Australia's largest private health insurance company, Medibank. The Australian police suspected Russian hackers behind the attack. Patient data amounting to 200 gigabytes was stolen and Medibank was blackmailed with it. In addition to names and addresses, diagnoses, therapies and data on treating doctors and institutions appeared on the darknet shortly afterwards. This included such explosive information as abortions or addiction problems. As a result, trading in Medibank shares was suspended. The attack once again highlighted the ruthlessness of cyber criminals and the sensitivity of the health sector. At the same time, it also points to its high need for protection.

AI becomes a gamechanger

From the events of the past year the high level of professionalism of the groups becomes clear once again, and they now even act as service providers among themselves. This can be explained by lavish incomes. As a rule, it's all about making a quick buck. Ransomware attacks, for which there are now plenty of ready-made modules, are therefore at the forefront. They can often be used even by criminals with little expertise. Crypto-money plays a major role here, because it serves as a means of payment, but increasingly also as a target for attacks. In particular, the category of perpetrators who want to capture money with cybercrime without IT know-how is also likely to benefit from another trend that will become highly relevant this year: Malware can be created by means of artificial intelligence (AI), even by laymen. The ongoing debate about the AI showpiece ChatGPT provides numerous examples. Professional attackers will probably be able to do far more with this AI than amateurs. AI and machine learning are likely to be of increasing importance for IT security. The extent to which they can also be used to make systems more secure remains to be seen.

Author: Uwe Sievers