Jimmy Fong, CCO at SEON, explores…
Terrifying cybercrime statistics are so ubiquitous nowadays that it鈥檚 easy to become blind to them. However, ignoring them is something that no business or individual can 鈥 quite literally 鈥 afford to do.
In January 2023, the World Economic Forum (WEF) . Global cybercrime losses are estimated to reach $10.5 trillion by 2025. This is a figure greater than the GDPs of Japan, Germany and the UK.
Here we鈥檒l look at some key trends in cybercrime and online fraud and discuss what can be done to make digital ecosystems more resilient.
Exploring the Trends
Various consistent themes emerge when looking through pundits鈥 predictions of emerging cybercrime trends. Unsurprisingly, the rise of widespread artificial intelligence factors heavily; we鈥檒l cover that later.
First, let鈥檚 check out a few other fraud and cybercrime trends that are provoking widespread concern.
Phishing
Described by Forbes as 鈥渟till the tool of choice for many hackers鈥, phishing continues to be where many cybercrimes originate. Phishing via mobile devices is a rising trend, with hackers going beyond email messages and extracting information via voice calls, SMS messages and even QR codes (techniques respectively known as 鈥渧ishing鈥, 鈥渟mishing鈥 and 鈥渜uishing鈥).
Cybercriminals are very much aware of human 鈥渟ingle points of failure鈥.
They exploit people鈥檚 naivety and lack of technical awareness, and this manipulation continues to work. Anybody in doubt of this only need notice how many individuals still blindly share obvious social media scam posts and willingly divulge their date of birth and the name of their first pet.
Meanwhile, 鈥渙ld school鈥 email phishing techniques still reap rich results for hackers. Posing as big-name tech firms remains popular. Last year over 30 million messages were sent out purporting to come from Microsoft.
Ransomware
Nowadays, having to deal with a ransomware attack is more a question of 鈥渨hen鈥 than 鈥渋f鈥 for businesses. A recent survey revealed that 73% of its responding organizations had been the target of a ransomware attack in the previous 24 months.
With 49% of affected businesses handing money to hackers, this is clearly a cybercrime that pays. It also suggests that many companies have shortcomings in their backups and recovery processes 鈥 given that they feel forced to comply with their attackers in order to resume operations.
Internet of Things (IoT) Cybercrime
In a world with an ever-increasing number of internet-connected devices, hackers now have targets far beyond people鈥檚 computers and cell phones. IoT devices are often neglected in terms of technical precautions, left running with default authentication details and behind on firmware updates.
Back in 2016, the Mirai Botnet incident created an army of IoT devices for a DDoS attack. Now, there are millions more IoT devices, ranging from video doorbells to smart speakers. Reported incidents include hackers gaining access to video and audio feeds, attempted exploitation of smart meters, and even hacks on cardiac devices.
Supply Chain Attacks
Supply chain attacks, such as the SolarWinds hack of 2020, have demonstrated to businesses that their risk management must go much further than managing direct suppliers and partners. It鈥檚 not just that a business could be hacked 鈥 they could be equally affected if their vendor鈥檚 (or even vendor鈥檚 vendors) are hacked.
Supply chain attacks increased by 600% in 2022. However, businesses are very much behind the curve in tackling related risks. The UK government鈥檚 data suggests that only 7% of businesses manage risks created by their 鈥渨ider supply chain鈥.
The Rise of AI
Mainstream use of artificial intelligence has now hit its tipping point, with increasingly widespread use of systems like ChatGPT and Google鈥檚 Bard.
Businesses and individuals are rapidly discovering ways to use AI to streamline workflows and operate at an unprecedented scale.
Cybercriminals are doing the same. And it鈥檚 not only about the ability to use AI to help with technical tasks such as coding malware, cracking passwords and finding software vulnerabilities.
Systems like ChatGPT allow hackers to quickly scale up practices such as social engineering and phishing attacks. Cybercriminals can now instantly create phishing emails without telltale spelling mistakes and grammatical errors. They can use chatbots to create communications that imitate the style of the people or companies they鈥檙e impersonating.
Basic failsafe mechanisms exist in these systems: They will typically object to commands like 鈥渨rite me a virus鈥 or 鈥渃reate a deepfake ID verification video鈥. However, it requires only minimal lateral thinking to convince an AI system to create something for fraudulent purposes, such as saying it is 鈥渏ust for research purposes鈥.
More from Cybersecurity
- ShinyHunters Just Hacked Rockstar Through A Supplier 鈥 Every Business Using Third-Party Software Should Pay Attention
- Is Vibe Coding Safe Or A Cybersecurity Disaster Waiting To Happen?
- Anthropic Is Taking On Cybersecurity With AI, And It Has Brought Apple and Amazon Along For The Ride
- External Attack Surface Management And Why It Matters For Startups
- SpyCloud鈥檚 2026 Identity Exposure Report Reveals Explosion Of Non-Human Identity Theft
- The Aura Data Breach Exposed 900,000 Users 鈥 Here Is What Every Business Needs To Know
- How AI And Hacking Professionalism Are Overwhelming Endpoint Security
- Navigating The Hidden Dangers Of USB Devices In The Modern Workspace
How to Respond
Responding to the ever-evolving threat landscape requires a combination of old and new techniques, and strategies that encompass both technical solutions and improvements to business processes. As ever, when it comes to cyber security, user education is also critically important.
Taking AI as an example, many security products already work to 鈥渇ight AI with AI鈥. Machine learning can spot fraud patterns that humans are more likely 鈥 or even unequipped 鈥 to miss. This is something sorely needed when the hackers themselves can use AI to constantly refine their methods and create ever more convincing traps for unsuspecting users.
Companies should also think about security layers that provide protection beyond the first line of defense. For example, fraud detection techniques such as device fingerprinting can raise red flags even if users appear to have the right credentials.
Despite cutting-edge improvements in security software, that human point of failure remains hugely significant. For example, less tech-savvy users must be helped to understand that information they鈥檙e naively giving away on a Facebook quiz might be part of a scam.
An estimated 90% of cyber attacks originate from human error 鈥 and there鈥檚 only so much software can do when the criminals are handed authentication details 鈥渙n a plate鈥.
Similarly, company executives must understand the importance of business processes. Layers of technical security are crucial too, and are becoming increasingly sophisticated. But not all cybersecurity risks can be mitigated by throwing money at them.
Take the example of supply chain fraud discussed above. Addressing this is more about risk management than software. It鈥檚 a task that IT teams should be involved in, but it also requires commitment and effort from the wider business.
If organizations are going to truly address the staggering income of the cybercrime industry, they need to fight back on multiple fronts. With that in mind, it鈥檚 essential that management teams understand that the word 鈥渃yber鈥 doesn鈥檛 mean that mitigation is a purely technical task.
Policymakers should also take note of this 鈥 and throw money at both technical evolution and user education.
Digital ecosystems will always be under attack. They encompass the people, as well as the products and services. It鈥檚 not just about making sure people change their passwords and update their IoT doorbells 鈥 it鈥檚 about helping them to understand why it鈥檚 so important.
