Criminal wannabes are becoming increasingly sophisticated and effective cyber threats, threatening cybersecurity stability. According to Cynthia Kaiser, former deputy assistant director at the FBI's cyber division and now SVP of Halcyon Ransomware Research Center, these groups are emerging as a significant concern due to their rapid development and increasing destructive capabilities.
The world of cybersecurity is often dominated by the notion that professional hackers and cybercriminals are the most significant threats to online security. However, a recent interview with Cynthia Kaiser, former deputy assistant director at the FBI's cyber division and now the SVP of Halcyon Ransomware Research Center, reveals a different story. According to Kaiser, criminal wannabes, who lack the expertise and resources of professional hackers, are becoming an increasingly significant threat to cybersecurity stability.
Kaiser's assertion is based on her extensive experience in investigating and combating cyber threats over the past two decades. She spent 14 months working for Iran's Ministry of Intelligence and Security, conducting espionage and collecting emails before turning their information over to an attack group to operationalize it. This experience has given her a unique perspective on the evolution of ransomware threats.
"I was a latercomer to really wanting to focus on ransomware," Kaiser said in an interview at RSA Conference. "I was a Section Chief at the FBI, I was over in the nation state analysis - so North Korea, Iran, China, Russia - and at the time China was pre-positioning on our critical infrastructure, posing this existential threat."
Kaiser's shift towards focusing on ransomware threats is attributed to her realization that these groups were becoming increasingly sophisticated and successful. "Ransomware targets hospitals today, it kills people today," she emphasized, highlighting the devastating impact of these attacks.
In recent months, Kaiser's team has investigated a range of ransomware infections, from attacks attributed to an Iranian-government-linked group, Pay2Key, to intrusions carried out by much less sophisticated, newer ransomware-as-a-service operations like Sicarii. The latter group is notable for its flawed malware, which generates a new cryptographic key pair during every execution but discards the private key, making it impossible for victims to decrypt their files.
"You need three things to make ransomware successful," Kaiser said. "You need a lock, you need a key - that's what the victims pay for - and you need to be able to put the key in the lock." The Sicarii group failed to achieve this by discarding the private key, rendering their malware effectively useless.
Kaiser attributes the increased sophistication of these less experienced groups to the use of AI. However, she notes that the impact on the quality of their code has been minimal. "It didn't help them write better code or increase the sophistication of their attacks," she said.
The emergence of these less experienced groups highlights a significant shift in the ransomware landscape. While professional hackers and cybercriminals continue to pose a threat, it is now clear that even those with limited expertise can be effective in carrying out devastating attacks.
"The wannabes are getting better," Kaiser said. "They're getting faster, they're getting more sophisticated, and they're becoming increasingly destructive." This development has significant implications for cybersecurity professionals and organizations, who must now contend with a wider range of threats, from professional hackers to less experienced groups.
As the threat landscape continues to evolve, it is essential that cybersecurity experts and organizations remain vigilant and adapt their strategies to address this new reality. The emergence of criminal wannabes as a significant threat highlights the importance of staying informed and prepared for emerging risks in the world of cybersecurity.