THREATS ARE CONVERGING, CYCLICAL
A growing body of evidence, outlined in this report, demonstrates just how extensively cyber threats are overlapping, intersecting, and relating. Furthermore, we examine why these threats—from the online spaces in which cybercriminals operate to the tactics, techniques, and procedures (TTPs) they use to execute their attacks—are cyclical and what that means from an intelligence and security perspective.
These two themes—convergence and the cyclical nature of cybercrime—are front and center in this report, Flashpoint’s inaugural “State of Cyber Threat Intelligence.” In the following pages, we examine the factors that feed these unending cycles, their evolving interconnectedness, the real impact they have on the effectiveness of cyberattacks, and the targets they affect.
Consider the cycle of illicit communities, which is marked by the motions of takedowns (Raid Forums),
resurrections (AlphaBay), and new venues (Libre) which may then be taken down. Call it a game of cat-and-mouse, of chicken-and-egg. To aim to understand where this cycle begins and ends, however, is to miss the point. Like other cycles in the threat landscape, the cycle of illicit markets should be viewed as a converged, self-serving mechanism whose continuity is fueled by competition, evolving technology, communication preferences, law enforcement partnerships, know-how and other intangibles, and much more. And, like most modern organizations, threat actors employ multiple teams or individuals, with varying motivations and targets, as well as various tools to streamline the tasks that contribute to their main goal—the compromise of a victim’s systems.
Our research and experience has demonstrated time and again that security practitioners seeking to better understand and protect their enterprises should think—and act—accordingly. Organizations cannot afford to view, prepare for, mitigate, and prevent these threats in silos, as though one threat (and the cycle it exists in) is separate from another. Multiple disjointed feeds and solutions make identifying, prioritizing, and mitigating persistent and evolving threats difficult and costly. Since threat vectors are converging, CISOs should aim to unify and rally their security and intelligence teams behind a single source of truth that integrates workflows between their Cyber Threat Intelligence (CTI), Fraud, Vulnerability Management (VM), and IT Security teams, as well as other functions.
It is through this lens that we examine the trends, data, analysis, strategies, and insights that will impact the ways in which security and intelligence teams tackle challenges in 2023.