The Rise of the Rookie Hacker – A New Trend to Reckon With

More zero-knowledge attacks, compromised credentials, and cybercrimes committed by Generation Z – trends and forecasts for 2022 and 2023.

Cybercrime continues to pose a significant threat to individuals, businesses, and governments worldwide. Cybercriminals continue to exploit the pervasiveness of digital devices and the internet to commit crimes. As the internet of things continues to evolve, cybercriminals will have access to an increasing number of vulnerable devices, enabling them to launch more sophisticated attacks. As entry barriers to cybercrime continue to fall, it is anticipated that cybercrime will become more lucrative as cybercriminals find new and improved ways to monetize their attacks.

This article discusses key trends we’ve observed in 2022 that are likely to continue in 2023; we’ll elaborate on these trends in the January 11 webinar “The Rise of the Rookie Hacker – a new trend to consider.”

The primary attack vector for initial access will continue to be stolen credentials

According to IBM’s report on the cost of a breach in 2022, stolen or compromised credentials continue to be the leading cause of data breaches.

Info-Stealers, malware that can steal stored credentials from browsers, cookies (used for session hijacking and bypassing MFA), crypto wallets, and more, were the primary source of compromised credentials in 2022. Redline Stealer, in particular, gained a great deal of popularity among threat actors, which led to the development of several other stealers, including the “Luca stealer” and the “eternity stealer.” The latter is a component of an end-to-end offering known as the eternity project, which permits threat actors to purchase or rent any tool necessary to launch an attack against a target of their choosing.

The primary attack vector in 19% of breaches in the 2022 study and the leading attack vector in the 2021 study were stolen or compromised credentials. 59% of organizations do not deploy zero-trust, resulting in average breach costs that are one million dollars higher than for organizations that do deploy. As long as organizations’ cybersecurity remains immature, the frequency and cost of breaches will continue to increase.

The escalation of zero-knowledge attacks

As cybercrimes such as DDoS, malware, and ransomware are offered as subscription services, the entry barrier to cybercrime is lowered. According to the Microsoft Digital Defense Report 2022, phishing kits are available for as little as $6, and DDoS attack subscriptions for as little as $500 on the dark web. Ransomware-as-a- Actors prefer a service model based on affiliates, which entails “renting” a pre-existing operation and dividing revenue based on income and activity. The proliferation of “clearnet malware” – malware that can be purchased on common platforms such as Telegram (Hello again eternity project!) – facilitates the establishment of cybercriminal campaigns and operations. The proliferation of crypto payment platforms facilitates the trade of cybercriminal goods and services, thereby bolstering the cybercriminal ecosystem as a whole.

Younger threat actors; the median age will continue to decline

In terms of cyberattacks, 2022 belonged to Generation Z, led by the UK teen group Lapsus$, which went on a hacking spree against tech giants such as Microsoft, Nvidia, Samsung, Ubisoft, and Okta. Currently, Generation Z is the largest generation on earth. In addition to their numerical strength, they are “digital natives,” having been born into a world with the internet, smartphones, cloud computing, and social media. Being young, they crave social approval, which they find in the digital realm. The primary motivation for Lapsus$ was “Kudos” – they were “doing it for the lulz.” The simplicity of launching zero-knowledge attacks, combined with Generation Z’s digital native status and their need for social validation in the digital sphere, will likely contribute to the steady decline in the average age of cyber criminals.

Humans will still be required in the loop

Enterprises invest billions of dollars in deploying multilayered security frameworks, platforms, and programs, but at the end of the day, enterprises are comprised of people, and people are susceptible to deception.

Cyberattackers increasingly employ social engineering to gain access to sensitive information. Utilizing human psychology to coerce victims into divulging sensitive information or performing specific actions to gain access to a system or network.

LAPSUS$’s mode of operation consisted of a standard sim-swapping scam. They obtained the credentials of a user with access to enterprise resources, reported the phone as stolen, rerouted the SIM card to their device, triggered multi-factor authentication on an enterprise access point (e.g. Office365 login page), and reset the password. It was absurdly straightforward and devastatingly effective.

Even the most advanced technology cannot eliminate human vulnerability. For that, you need other trained humans. The lack of qualified cybersecurity personnel compelled businesses to outsource this aspect of their cybersecurity to a managed detection and response service (MDR). In fact, (according to Reportlinker.com) the size of the global MDR market is anticipated to increase from an estimated $2.6 billion in 2022 to $5.6 billion in 2027, at a Compound Annual Growth Rate (CAGR) of 16.0%. Technology and machines are wonderful, but we still require humans.

Join Ronen Ahdut, Head of Cyber Threat Intelligence at Cynet, on January 11 at 10 AM ET / 15:00 GMT for a webinar titled “The Rise of the Rookie Hacker: A New Trend to Consider.” The webinar will provide an in-depth examination of 2023 cybersecurity trends, threats, and technology, as well as the need for human oversight in cybersecurity and how to detect these new threats.

Why Trust Us?

Best Top Reviews Online was founded in 2018 to provide our readers with thorough, unbiased, and independent advice on what to buy. We now have millions of monthly users from all over the world and evaluate over 1,000 products per year.

The article above was written by the BestTopReviewsOnline team, which includes many of the US’s most knowledgeable technical experts. Our team includes well-known writers with extensive experience in mobile phones, computing, technology, photography, and other fields.

Related Stories

  • All Post
  • Best Picks
  • Explainers
  • How To
  • News
  • Versus

Get more info

Deals

Reviews

Best Products

Buying Guides

Contact Us

About Us

We provide a platform for our customers to rate and review services and products, as well as the stores that sell them. We research and compare the most popular brands and models before narrowing it down to the top ten, providing you with the most comprehensive and reliable buying advice to help you make your decision.

Disclaimer

BestTopReviewsOnline.com is a participant in the Amazon Services LLC Associates Program, an affiliate advertising program designed to provide a means for sites to earn advertising fees by advertising and linking to Amazon.com. As an Amazon Associate I earn from qualifying purchases.

 

Address & Map

20 S Santa Cruz Ave, Suite 300, Los Gatos, CA 95030, United States

© 2022 BestTopReviewsOnline.com Pty. Ltd. All Rights Reserved. Licensing: All third-party trademarks, images, and copyrights used on this page are for comparative advertising, criticism, or review. As this is a public forum where users can express their opinions on specific products and businesses, the opinions expressed do not reflect those of BestTopReviewsOnline.com.