By Sharon Atieno

The cybercrime landscape is changing with threat actors focusing on a smaller range of targets with higher victim profiles for maximum gain with minimum effort. Previously, the focus was on large-scale attacks.

These new patterns in the cybercrime landscape are highlighted in the Trend Micro 2023 Annual Cybersecurity Report.

Between January and December 2023, Trend Micro Incorporated , a global cybersecurity company, revealed that it blocked around 37 million email threats, more than half a million malicious URLs and over a million malicious mobile apps targeted at Kenyan businesses and consumers.

The report notes that though there is a global decrease in ransomware detections such as spam campaigns with malicious links, security operation centres and decision-makers should not let their guards down.

In 2023, several ransomware families across the world were observed maximizing remote and intermittent encryption, as well as abusing unmonitored virtual machines to bypass Endpoint Detection and Response. Because there is less content used during intermittent encryption, for example, there is less chance of triggering detection.

Research shows that a continued increase in Trojan FRS threat detections could suggest that attackers are using more effective ways to evade preliminary detection by focusing on arrival and defense evasion techniques, such as Living-Off-The-Land Binaries and Scripts. These computer files are non-malicious in nature and local to the operating system thus, can be used to cover up attacks.

According to the Trend Micro report, though email threat detections in Kenya decreased from more than 66 million in 2021 to 37 million in 2023, the increase in malware detection count over the same period suggests a shift in the threat landscape that finds attackers making use of more sophisticated ways to avoid detection.

The data also shows a decrease in malicious URL detection in Kenya from 2021 to 2023, indicating that instead of focusing on malicious links to randomly victimize users, criminals are using more targeted operations, such as BEC schemes, where emails are less likely to undergo scrutiny because of how legitimate they look.

Instead of launching attacks on a wider range of users and relying on victims clicking on malicious links in websites and emails, more sophisticated attacks are launched using specificity to trick a narrower field of high-profile victims. This also allows them to bypass early detection layers like network and email filters.

“Looking at the overall trend in decreasing ransomware threats, it might be tempting for local organisations to develop a false sense of security and lower their defenses. However, our research shows that these increasingly sophisticated attacks are going to become more and more difficult for businesses to detect and that they will be increasingly costly when they succeed. IT leaders must refine their processes and protocols to enable their defenses to combat persistence with efficiency,” said Zaheer Ebrahim, Solutions Architect, Middle East and Africa at Trend Micro.

The report also notes that imminent danger in emerging threats lies in innovations that enable day-to-day enterprise transactions and processes. Application programming interfaces (API) face several security challenges that can be leveraged by malicious actors.

Artificial intelligence (AI) is also one area that has been found to be useful to cybercriminals as it breaks barriers of language and coding skill. Its automation proved useful in mining datasets for actionable information, while generative AI have made phishing virtually effortless with error-free and convincing messages as well as persuasive audio and video deepfakes.