EDITOR ’ S QUESTION

DEREK MANKY , CHIEF SECURITY STRATEGIST AND GLOBAL VP THREAT INTELLIGENCE ,

FORTIGUARD LABS

Attackers will use automated output from LLMs to power CaaS offerings taking social media reconnaissance into packaged phishing kits .

From Cybercrime-as-a-Service , CaaS groups becoming more specialised to adversaries using sophisticated playbooks that combine both digital and physical threats , cybercriminals are upping the ante to execute more targeted and harmful attacks .

In recent years , cybercriminals have been spending more time on the reconnaissance and weaponisation phases of the cyber kill chain . As a result , threat actors can conduct targeted attacks quickly and more precisely . In the past , we have observed many CaaS providers serving as jacks of all trades — offering buyers everything needed to execute an attack , from phishing kits to payloads .

However , we expect that CaaS groups will increasingly embrace specialisation , with many groups focusing on providing offerings that home in on just one segment of the attack chain . must pay close attention to over the next few years : their cloud environments .

Although cloud is not new , they are increasingly piquing the interest of cybercriminals . Given that most organisations rely on multiple cloud providers , it is not surprising that we are observing more cloudspecific vulnerabilities being leveraged by attackers , anticipating that this trend will grow in the future .

An endless number of attack vectors and associated code are now available through the CaaS market , such as phishing kits , Ransomware-as-a-Service , DDoS-as-a-Service , and more . While we are already seeing some cybercrime groups rely on AI to power CaaS offerings , we expect this trend to flourish .

We anticipate that attackers will use the automated output from LLMs to power CaaS offerings and grow the market , such as taking social media reconnaissance and automating that intelligence into packaged phishing kits .

Cybercriminals continually advance their playbooks , with attacks becoming more aggressive and destructive . We predict that adversaries will expand their playbooks to combine cyberattacks with physical , real-life threats . We are already seeing some cybercrime groups physically threaten an organisation ’ s executives and employees in some instances and anticipate that this will become a regular part of many playbooks .

We also anticipate that transnational crime , such as drug trafficking , smuggling people or goods , and more , will become a regular component of more sophisticated playbooks , with cybercrime groups and transnational crime organisations working together .

While targets like Edge devices will continue to capture the attention of threat actors , there is another part of the attack surface that defenders

As attackers continually evolve their strategies , the cybersecurity community at large can do the same in response .

34 INTELLIGENTCIO MIDDLE EAST www . intelligentcio . com