Cybercrime: the new side hustle?

Overwhelmed by bills, the usual 9-to-5 grind and looking for a way to supplement your income? You're not alone. With the cost-of-living skyrocketing, some are turning to unconventional methods to make ends meet. And as it turns out, cybercrime is becoming an increasingly popular side hustle.

From teenagers with impressive programming skills to laid-off tech workers, the world of cybercrime has become more accessible than ever. In fact, a recent survey found that two-fifths of UK parents are worried about their children turning to cybercrime. And who can blame them? With structured social engineering scams and ransomware-as-a-service (RaaS) on the rise, it's becoming easier than ever to participate in cybercriminal activities.

Even the dark cyber world has its specialists

Hybrid working has no doubt driven a wedge between employees and employers. Colleagues just no longer have that strong emotional camaraderie they once had from being bundled together in an office all day every day. Plus, the great resignation has meant many staff are fresh to their roles and are without any existing loyalty to their employer.

For the tech industry specifically, things are particularly bad, especially since layoffs increased by 649% in 2022, with no signs of stopping. So, what will happen to all these tech pros leaving the workforce in droves? (Many of whom will be desperate to bolster their income in the face of hefty living costs).

Turning to cybercrime is a dark, risky and desperate decision, but some may look at it as a necessity. There are many of levels to it, but there are an array of structured processes and tools available to aid criminal purposes.

One element of the cybercrime ecosystem that's making it even more accessible is the rise of initial access brokers (IABs). These brokers specialise in gaining entry to an organisation and then selling that access to others to exploit them. It's just one more way into the cybercrime ecosystem, allowing criminals to fit their skills into the relevant area of the criminal activity.

‍AI tools can be weaponised to help cyber-attackers

Tech giants are racing to develop AI tools to rival ChatGPT, creating the perfect storm for cybercriminals who are using AI bots to do the heavy lifting when plotting crimes. In fact, ChatGPT itself can write malware but its powers aren’t limited to just that. Not only can it encrypt files, but it can also generate phishing emails, creating content for attacks.

These AI tools are readily available for everyone to use. There are even tools for learning existing voices, to mimic speech with the aim of misleading. From here, AI can create highly clever social engineering attacks. For example, you could receive a social engineering voicemail that sounds exactly like your boss which would manipulate you into helping the attackers achieve their goals.

It means that AI tech in wrong hands could lead to some seriously bad consequences. Especially if it’s combined with dark web tools and services. In this scenario, the sky is the limit in terms of how much damage a cybercriminal could really do.

It’s fair to say that businesses are facing threats far superior to those faced five years ago. And right now, many of them are lacking the defences or capabilities – both from a technological and personnel perspective – to protect themselves. So, these are rather concerning times for businesses lacking in cyber insurance, security controls, or cyber security awareness.

‍Investing in people and technology is critical self defence

It’s no surprise ransomware attacks are on the rise. Some 21% of UK businesses have experienced a cyber security breach once in the past 12 months and 18% have experienced monthly breaches, according to research in 2022. Plus, these attacks are incredibly lucrative for attackers. In fact, the cost of a data breach for a business is at an all-time high, averaging £4.35 million in 2022 (a 12.7% increase from 2020).

Technologies leveraging automation are a good option for businesses battling cyberattacks from the onslaught of cyber pros entering the dark market. Tools built using machine learning (ML) and artificial intelligence (AI) can take over the mundane and time-consuming tasks, allowing teams to focus on important decisions rather security.

For example, AI and ML analyse data from a business’ security team and vendors’ global sensor networks (a task that would take forever, if manually done). In turn it produces models that automatically assess the risk of files, websites, IP addresses, or applications that employees are using. If automated tools can clear up these smaller attacks, the threat analyst team are on hand to deal with more advanced attacks.

The bottom line is cybercriminals will continue to innovate with AI to fine tune and scale up threats such as targeted spear-phishing attacks. In retaliation organisations must keep up by using equally powerful technology as part of their cybersecurity defence.