“The most prevalent cybercrime worldwide is Ransomware as a Service (RaaS), with the most common infection vectors being the exploitation of vulnerable public applications, followed by compromised and forced credentials. An emerging threat that needs to be considered is the compromise of supply chains and trust relationships – half of these cases were observed after the attack was successful. In terms of targets, the most attacked sectors were government entities, financial institutions and manufacturing companies,” Igor said.
The summit also highlighted the growing role of AI in cybercrime, which is capable of enhancing social engineering attacks by creating more natural emails and inputs for phishing attacks, generating passwords, helping to code malware and even performing password-based attacks.
The advent of artificial intelligence also means that cybercriminals can potentially target potential victims with adversarial attacks, making small changes to files so that AI systems can be manipulated to misclassify malware as safe. To further improve security and detection rates, Kaspersky mimics adversarial attacks on its own malware detection models.
“AI attacks are growing rapidly these days. Some of them still require highly skilled data scientists and considerable effort, but others are already implemented in publicly available tools. We can highlight two main parts. The first is offensive AI, where adversaries use advanced techniques to speed up their routine or find new threat vectors to implement it. Deep fakes, which have been widespread this year, are just one example. The second is AI vulnerability, where some AI models can be forced by adversaries to do restricted or unexpected things. As an example, a number of rapid attacks on large language models have emerged in the last year.
“At Kaspersky, we have been studying all these issues for many years in order to create reliable protection for our customers,” said Alexey Antonov, Chief Data Scientist at Kaspersky. Kaspersky is also leveraging AI to detect malicious attacks and emerging threats, particularly seeing the number of potential malware detected with 411,000 unique malware samples detected daily in 2024 alone and over 403,000 per day in 2023.
One of the most pressing issues highlighted at the summit was how supply chain attacks could potentially damage critical infrastructure such as hospitals, banks, airlines, etc. This issue was highlighted when a faulty software update from Crowdstrike, a US-based cybersecurity company, caused a deadly reboot spiral, leading to the Blue Screen of Death for over 8.5 million Windows machines worldwide and causing unprecedented financial damage.
“Supply chain attacks on machine learning models could involve manipulating training data to introduce biases and vulnerabilities into the model or modifying AI models with modified versions to produce incorrect results. With AI here to stay, such attacks could have an unprecedented impact, similar to the one we recently experienced due to a software bug or a backdoor issue in SSH that was fortunately avoided earlier this year,” said Vitaly Kamluk, GReAT Cybersecurity Expert at Kaspersky.
The attack on Linux XZ utilities that became a required dependency of the Secure Shell (SSH) service could potentially turn into a backdoor into millions of Internet of Things (IoT) devices, servers, and network equipment that depend on it, was successfully detected and thwarted in time.
Ultimately, organizations must plan and ensure cyberattack mitigation strategies are in place, including cyber resilience plans, ensuring staff are trained against potential cyberattack avenues such as phishing attempts, implementing cybersecurity best practices, and ensuring up-to-date threat intelligence by partnering with trusted cybersecurity partners who can also provide defense-in-depth and preventative protection.
