Another reason why threats keep growing is related to how threat actors evolve their capabilities.  Threat
            actors  are  good  at  advancing  their  capabilities  because  they  operate  as  a  syndicate.  The  level  of
            information sharing in the "threat community" is far higher than what we have on the defense side. Why?
            Threat actors do not have concerns about legal implications, mandates, privacy or IP protection. If sharing
            information  makes  sense  for them  to achieve their  goal, they  will do it, regardless  of the implications.

            Threat actors  also advance their capabilities  to counteract  the evolution of defense practices,  but they
            don't  necessarily  need  to  produce  more  advanced  attack  techniques.  They  need  to  produce  more
            effective  techniques.  If there's  low hanging  fruit, they  will go for it; no  need for a high  tech alternative
            when simple and manual will do it. They optimize towards their final objective, not towards a specific path
            to it. If they want to make  money, they can move  from trying to steal it directly from bank  accounts to
            simple extortion when that produces more money at a lower cost. They don't need to evolve to break all
            the barriers  put up by defenders  around those  bank accounts  if there  is a cheaper  and more  efficient
            manner to get money.


            Because  of  all points  above,  the threat  community  acquires  a certain  evolutionary,  Darwinian  aspect.
            Just  as species  will  not necessarily  evolve  towards  better,  advanced  eyesight,  speed  and strength  to
            survive,  threat actors  may not produce  more advanced  TTPs  either: They  just need to survive  - or, in
            their context, achieve their objectives. While objectives are easily reachable, no evolution is necessary.

            Finally, the potential  outcome  of threat activity  is also something  that grows  continually.  Cyber-attacks
            are one of the ways criminals can perform financial fraud, for example. If there is more money circulating,
            it will attract  more criminal  activity,  and criminal  activity  these days  is one of the major  drivers  behind
            cyberthreats. There are more potential targets, as the world becomes increasingly connected. It is natural
            to see more attempts to cause harm online when there are more things that can be harmed that way.

            The ability  of threat  actors to evolve  their practices,  more and bigger  targets available,  combined  with
            how limited the target organizations  are in affecting  threat presence or intensity are clear explanations
            about why it is so easy to predict that threats will keep growing. So don’t be surprised if you see it, but
            also there is no need for defeatism. Common criminal activity has been around for years, but it doesn’t
            mean that our law enforcement  does not work. Threats,  just like crime, are part of our existence  in the
            connected world. We must do as much as possible to keep the risk of suffering from those threats under
            control, but at the same time, keep in mind that it will be a continuous effort that will never reach a point
            where the problem is “solved”.

















            Cyber Defense eMagazine – January 2024 Edition                                                                                                                                                                                                          89
            Copyright © 2024, Cyber Defense Magazine. All rights reserved worldwide.