Five Key Takeaways from Flashpoint’s Black Hat USA 2024 Breakfast Briefing

Black Hat USA 2024 was a hub of critical discussions on the evolving landscape of cybersecurity, and Flashpoint’s Breakfast Briefing was a standout session for practitioners and members of the press alike. Focused on the rise of infostealers, the relentless evolution of ransomware, and the increasingly intertwined nature of cyber and geopolitical threats, the briefing provided invaluable insights. It was led by Ian Gray, Vice President of Cyber Threat Intelligence Operations, and Andrew Borene, Executive Director, International Markets and Global Security at Flashpoint.

Let’s dive into five key takeaways from the event that every security professional should know.

1. Infostealers Are Rapidly Becoming a Top Cybersecurity Threat

One of the most alarming trends discussed during the briefing was the rapid proliferation of infostealers. These malicious programs, designed to harvest sensitive information such as credentials, cookies, and other personal data, have surged in popularity within the cybercriminal community. Once exfiltrated, this data is typically sold on the dark web, fueling a range of malicious activities from account takeovers to more complex breaches.

Flashpoint’s data indicates a 12.5% increase in discussions related to infostealers on dark web forums over the last year. More striking is the tenfold increase in the availability of these tools since 2017. This rapid growth can be attributed to the low barriers to entry for both users and developers. Infostealers are no often sold as part of subscription-based services, making them accessible to a broader spectrum of threat actors, from seasoned hackers to novices with minimal technical expertise.

The implications for organizations are severe. As more threat actors turn to infostealers, the volume of compromised data circulating in illicit markets continues to rise, leading to an uptick in secondary attacks, including ransomware. Ian Gray, Flashpoint’s Vice President of Cyber Threat Intelligence Operations, emphasized that the growing popularity of infostealers is a clear signal that organizations need to bolster their defenses, particularly around endpoint security and user authentication processes.

2. Ransomware Incidents Continue to Escalate

Ransomware has long been a formidable challenge in the cybersecurity landscape, but the briefing highlighted just how much the threat has escalated in recent years. According to Flashpoint, ransomware incidents surged by 84% in 2023, a figure that underscores the increasing boldness and sophistication of these attacks.

The briefing delved into the tactics used by major ransomware groups, with LockBit identified as the most prolific in the first half of 2024, responsible for 428 attacks. Despite numerous law enforcement actions against these groups, including arrests and the takedown of key infrastructure, ransomware remains a persistent and growing threat.

What makes ransomware particularly insidious is its evolving nature. Attackers are not only encrypting data but also engaging in “double extortion” tactics, where they threaten to release sensitive information unless the ransom is paid. This tactic not only increases the pressure on victims to comply but also amplifies the potential damage, as data leaks can have severe reputational and legal consequences.

The manufacturing and technology sectors have been hit particularly hard, with ransomware and unauthorized access incidents accounting for more than 85% of all breaches in these industries. Flashpoint’s analysis suggests that these sectors are targeted due to their reliance on legacy systems and critical infrastructure, which are often more vulnerable to sophisticated attacks.

3. The Blurring Line Between Cybercrime and Geopolitics

In one of the most thought-provoking segments of the briefing, Andrew Borene, Flashpoint’s Executive Director of International Markets and Global Security, discussed the increasing convergence of cyber threats and geopolitical tensions. This trend, which Borene aptly described as a “new Cold War,” is characterized by the use of cyber operations as tools of statecraft by major global powers.

Countries like Russia, China, Iran, and North Korea are at the forefront of this development. These nations are not only developing advanced cyber capabilities but are also increasingly intertwining these operations with broader geopolitical strategies. For instance, China’s rapid advancements in artificial intelligence and quantum computing are seen as strategic assets that could shift the global balance of power.

Borene highlighted that these state actors often blur the lines between traditional cybercrime and state-sponsored activities. For example, nation-states may collaborate with, or even co-opt, criminal networks to carry out cyber espionage, disrupt critical infrastructure, or influence public opinion. This tactic allows them to achieve their strategic objectives while maintaining plausible deniability.

The implications for organizations are profound. Defending against these threats requires not only technical solutions but also a deep understanding of the geopolitical context in which they occur. Borene emphasized the need for organizations to stay informed about global developments and to consider how geopolitical tensions could impact their cybersecurity posture.

Moreover, the briefing stressed the importance of international cooperation and intelligence-sharing in combating these threats. As cyber operations increasingly cross national borders, no single organization or country can tackle these challenges alone. Public-private partnerships and alliances between nations are essential to developing a coordinated and effective response.

4. The Escalating Impact of Data Breaches

Data breaches have long been a concern for organizations, but the frequency and scale of these incidents have reached unprecedented levels. The briefing highlighted a 34.5% increase in reported data breaches over the past year, with unauthorized access and ransomware being the primary drivers behind these incidents.

Flashpoint’s data revealed that over 17 billion records were compromised in 2023 alone, a staggering figure that underscores the growing threat posed by cybercriminals. These breaches are not just increasing in frequency—they are also becoming more severe, with attackers targeting larger and more sensitive datasets. The result is a significant increase in the potential damage caused by each breach, both in terms of financial loss and reputational harm.

The briefing pointed out that the majority of these breaches are the result of human error or system misconfigurations, which continue to be the Achilles’ heel of many organizations. As more data is stored and processed digitally, the attack surface for cybercriminals expands, making it more challenging for organizations to protect their most valuable assets.

5. The Need for a Unified Approach to Cybersecurity

As the session drew to a close, Flashpoint’s experts left the audience with a powerful message: in today’s interconnected world, cyber threats cannot be addressed in isolation. The complex and rapidly evolving nature of these threats requires a unified approach to cybersecurity, one that integrates intelligence, technology, and strategic collaboration across industries and borders.

The briefing underscored the importance of adopting a comprehensive, intelligence-driven strategy to protect critical assets. This includes not only investing in advanced security technologies but also fostering partnerships with other organizations, both within and across sectors. By sharing intelligence and collaborating on best practices, organizations can build a more resilient defense against the ever-growing array of cyber threats.

Our experts also highlighted the need for organizations to break down internal silos and ensure that all parts of the business are aligned in their approach to cybersecurity. From the boardroom to the front lines of IT, a coordinated effort is essential to staying ahead of the threat landscape.

Learn and Defend against Threats Using Flashpoint

Staying ahead of today’s threats requires access to comprehensive, timely, and actionable intelligence. Ransomware and data breaches are not going anywhere and as incidents continue to rise, the cycle of cyber threats will perpetuate.

Sign up for a demo to learn how you can better protect yourself today.