From small-time scams to billion-dollar threats. [Research Saturday]
Feb 22, 2025
auto_awesome
Selena Larson, a threat researcher and lead for intelligence analysis at Proofpoint, dives into the evolving landscape of cybercrime. She highlights how ransomware groups now rival state-sponsored threats in sophistication and impact. Larson argues for a shift away from an APT-centric view towards one that equally addresses cybercrime risks. The discussion also emphasizes the urgent need for enhanced cybersecurity protections for individuals and the critical implications of cyberattacks on services like healthcare.
The rise of ransomware has created an urgent need for the cybersecurity industry to prioritize cybercrime alongside traditional Advanced Persistent Threats.
Shifting the focus from attacker identities to cybercriminal tactics can enhance overall security and protect organizations from diverse threats.
Deep dives
Underestimating Cybercrime Impacts
Ransomware attacks have significant real-life consequences for individuals and organizations, affecting essential services like healthcare, education, and community safety. Historically, the focus on advanced persistent threats (APTs) has overshadowed the immediate dangers posed by cybercriminals, especially ransomware actors. The speaker emphasizes that the disruption caused by these criminals often goes unrecognized and underfunded in terms of defense resources. This imbalance leads to a false sense of security about cyber threats, overlooking the widespread impact of cybercrime on everyday life.
The Evolution and Bias towards APTs
The term 'advanced persistent threat' (APT) originally described state-sponsored cyber actors, leading to a bias that has prioritized these threats over conventional cybercrime. Historically, APTs were more prominent because they were tied to high-stakes espionage, while the rise of ransomware and banking trojans was often marginalized. The speaker highlights that sophisticated cybercriminal operations have evolved, especially with the introduction of cryptocurrencies, which facilitated larger and more complex attacks. This historical focus on APTs may have inadvertently allowed cybercriminals to operate with less scrutiny and consequences.
Shifting Mindsets for Effective Cyber Defense
A shift in discussion is needed within the cybersecurity community to emphasize the tactics and techniques used in cybercrime rather than the identities of the attackers. By understanding the methods employed by cybercriminals, organizations can better protect themselves regardless of whether an attack originates from a nation-state or a traditional hacker. The speaker also points to successful cooperation between international law enforcement and private sectors, as seen in operations targeting cybercrime infrastructure, underscoring the need for collective action. Broadening the perspective on cyber threats to include empathy for victims and practical defense strategies is essential for improving overall security.
This week, we are joined by Selena Larson from Proofpoint, and co-host of the "Only Malware in the Building" podcast, as she discusses the research on "Why Biasing Advanced Persistent Threats over Cybercrime is a Security Risk." The cybersecurity industry has historically prioritized Advanced Persistent Threats (APTs) from nation-state actors over cybercrime, but this distinction is outdated as cybercriminals now employ equally sophisticated tactics.
Financially motivated threat actors, especially ransomware groups, have evolved to the point where they rival state-backed hackers in technical capability and impact, disrupting businesses, infrastructure, and individuals on a massive scale. To enhance security, defenders must shift focus from an APT-centric mindset to a broader approach that equally prioritizes combating cybercrime, which poses an immediate and tangible risk to global stability.