Mon Sep 23 22:34:48 UTC 2024: ## Cybercrime Evolves: Ransomware-as-a-Service and Zero-Day Exploits Drive New Threat Landscape

**[City, State] -** The global cybersecurity landscape is facing a dramatic shift, with ransomware and other cybercrime tactics becoming more sophisticated and prevalent. This evolution is driven by the rise of “ransomware-as-a-service” models and the exploitation of vulnerabilities previously associated with state-sponsored actors.

According to Allison Wikoff, Director of Global Threat Intelligence at PricewaterhouseCoopers International Ltd., the past 18 months have witnessed a significant surge in cybercrime activity. “It’s the first time that we’ve taken a pause and realized things are shifting,” she stated during an interview at mWISE 2024.

One of the most significant trends is the exploitation of zero-day vulnerabilities by threat actors. While traditionally associated with espionage and state-sponsored actors, these vulnerabilities are now being weaponized by criminal groups. This accessibility has led to a more profitable ecosystem for malicious actors.

Ransomware-as-a-service has further fueled the rise of cybercrime. This model allows individuals with limited technical expertise to participate in ransomware schemes, contributing to the growing volume and variety of attacks. “They’ve never made more money in this space, which has really changed the whole market for ransomware,” Wikoff explained.

Furthermore, threat actors are increasingly using data extortion as a primary tactic, foregoing data encryption in favor of threats to publicly release sensitive information. This approach leverages regulations and potential reputational damage to pressure organizations into paying ransoms.

To combat these evolving threats, security professionals are moving away from traditional indicators of compromise and adopting a more holistic approach that focuses on analyzing threat actor behavior. This shift allows for a deeper understanding of malicious intent and enables organizations to proactively defend against emerging threats.

“Our clients are now focusing more on threat actor behavior,” Wikoff said. “That sort of informs not just how organizations defend against it, but how they plan for the transformation of their environments in the future.”

Read More