"All organizations are susceptible"

In a context where cyber threats are becoming increasingly common, Advanced Persistent Threats (APTs) are raising concerns, complicating the work of cybersecurity teams globally. Dmitry Volkov, CEO of the cybersecurity firm Group-IB, shared recent findings suggesting that 2024 will be an "escalation year for cybercriminals," with a 10% increase in ransomware attacks compared to the previous year and a 22% rise in phishing attacks. This growth indicates a notable advancement in cybercriminal infrastructure.

Volkov stated that significant changes are being recorded. "Last year, we detected over 5,000 attacks on data leak sites operated by ransomware groups. This is a large increase." Artificial intelligence (AI) also plays a crucial role for both security teams and criminals, facilitating more sophisticated attacks and access to more efficient tools. "AI is now an essential part of everything we do [in cybersecurity]," Volkov added, explaining that without this technology, it is difficult to analyze large volumes of data, which are often unstructured.

However, trust in AI is not yet complete. According to Volkov, it is still not a "miracle cure" because security experts do not use it for advanced automation due to these doubts. "At the current level of development, it is not mature enough. We will need time to develop more precise technologies." Despite this, AI will improve efficiency, raising the levels of criminal activity due to its capacity to make fraudulent operations more effective.

In 2024, ransomware continues to be one of the most relevant threats in cybersecurity. The Ransomware-as-a-Service (RaaS) model has rapidly expanded through affiliate networks, refining methods of encryption and extortion. Group-IB's research identified 39 advertisements for RaaS programs on dark web forums, with a 44% increase in offers seeking new affiliates. Volkov noted that ransomware groups are evolving quickly and becoming more disruptive. Thanks to 'deglobalization' strategies implemented by governments, attackers are focusing on critical infrastructure.

Volkov mentioned that "we concentrate all services in one place. Therefore, if threat actors manage to carry out a successful attack, many government services become inaccessible." Ransomware attacks have reached record levels, driven by the diversification of RaaS groups and the strengthening of tactics. In 2024, some reports suggest a 56% increase in active ransomware groups compared to the previous year.

Despite these challenges, there have been significant advancements due to high-profile disruptions and emerging regulations prohibiting public services from paying ransoms. Additionally, cybercrime is increasingly motivated by political interests. Group-IB indicates that state-sponsored actors have intensified their attacks in Europe, influenced by the ongoing conflicts between Russia and Ukraine, using cyber operations as tools for influence and destabilization.

Experts warn that state-sponsored actor groups pose a real threat not only to government agencies but also to private companies offering essential services. Numerous attacks have been recorded against the healthcare sector and large telecommunications companies in the United States.

Among the concerns is the possibility that a state-backed attack could cause widespread devastation by cutting submarine cables and attacking satellites simultaneously, which would have catastrophic consequences. The threat of malicious actors targeting critical infrastructures like the internet and GPS is a cause for alarm across all industries.