A growing body of evidence, outlined in Flashpoint’s State of Cyber Threat Intelligence: 2023 report, demonstrates just how extensively cyber threats are overlapping, intersecting, and relating.
The risk intelligence firm examines why these threats—from the online spaces in which cybercriminals operate to the tactics, techniques, and procedures (TTPs) they use to execute their attacks—are cyclical and what that means from an intelligence and security perspective.
These two themes—convergence and the cyclical nature of cybercrime—are front and centre in this report, which examines the factors that feed these unending cycles, their evolving interconnectedness, the real impact they have on the effectiveness of cyberattacks, and the targets they affect.
“Consider the cycle of illicit communities, which is marked by the motions of takedowns (Raid Forums), resurrections (AlphaBay), and new venues (Libre) which may then be taken down,” according to the report’s intro. “Call it a game of cat-and-mouse, of chicken-and-egg. To aim to understand where this cycle begins and ends, however, is to miss the point. Like other cycles in the threat landscape, the cycle of illicit markets should be viewed as a converged, self-serving mechanism whose continuity is fuelled by competition, evolving technology, communication preferences, law enforcement partnerships, know-how and other intangibles, and much more. And, like most modern organisations, threat actors employ multiple teams or individuals, with varying motivations and targets, as well as various tools to streamline the tasks that contribute to their main goal—the compromise of a victim’s systems.”
Last year, 4,518 data breaches were reported, according to Flashpoint’s collections. Threat actors exposed or stole 22.62 billion credentials and personal records, ranging from account and financial information to emails and Social Security numbers.
Flashpoint’s research and experience have demonstrated time and again that security practitioners seeking to better understand and protect their enterprises should think—and act—accordingly.
Organisations cannot afford to view, prepare for, mitigate, and prevent these threats in silos, as though one threat (and the cycle it exists in) is separate from another.
Multiple disjointed feeds and solutions make identifying, prioritising, and mitigating persistent and evolving threats difficult and costly.
Since threat vectors are converging, CISOs should aim to unify and rally their security and intelligence teams behind a single source of truth that integrates workflows between their Cyber Threat Intelligence (CTI), Fraud, Vulnerability Management (VM), and IT Security teams, as well as other functions.
You can read the full report here.