Cybersecurity is a diverse and dynamically growing field in which companies increasingly must deal with novel threats. A central element of these threats are the perpetrator profiles that define the attack patterns and objectives of cybercriminals.

Perpetrator Profiles and Attack Targets

Hackers and cybercriminals are increasingly organized and specialized. Particularly striking are ransomware attacks: worldwide, over 800 companies and institutions have fallen victim to such attacks. The resulting ransom payments now total over one billion dollars annually. The threat is not only financial in nature; perpetrators are becoming increasingly insidious by adapting their extortion strategies. In addition to classic "single extortion," where ransom is demanded to decrypt data, "double" and "triple extortion" methods are now common. In the latter cases, threats are additionally made to publish data or carry out DDoS attacks to increase pressure on victims.

Companies in critical sectors such as the energy industry (527% increase in attacks) and hospitality services (333%) are particularly in the attackers' crosshairs. These and other affected sectors are experiencing a significant year-over-year increase in attacks, as evidenced in the ThreatLabz Ransomware Report 2024.

The Dangers of Cyberattacks and Their Consequences

Cyberattacks pose a significant threat to companies worldwide and can result in devastating financial consequences. One of the most visible aspects of this danger is ransomware attacks, which cause considerable economic damage to affected companies. Financial losses from ransom payments, IT infrastructure renewal, and damaged data restoration run into the billions annually. For example, in recent years in Germany, according to Bitkom e.V., damages totaling over 205.9 billion euros were recorded, with 72% of these losses directly attributable to cyberattacks.

Beyond monetary impacts, a successful cyberattack can also lead to significant loss of trust. Customers and business partners may lose confidence in a company's security and integrity, which can endanger reputation and market position in the long term. Furthermore, attacks cause downtime that impairs efficiency and can potentially paralyze sensitive business processes. Such interruptions can have serious societal consequences, particularly in critical industries such as the energy sector or healthcare.

The consequences of cyberattacks make it clear that companies must invest more heavily in cyber defense measures. This includes not only technical solutions but also the creation of a solid security culture to detect attacks early and defend against them effectively. Establishing strong IT security management that provides for regular risk assessments and adjustments to security measures is essential to minimize the potential impacts of cyber threats and ensure long-term resilience.

Motivation and Methods of Perpetrators

The motivation behind these attacks is diverse. Monetary gains are paramount in ransomware and credit fraud actions, while hacktivist groups often pursue political or ideological goals. Here, DDoS attacks are the preferred means to gain attention and emphasize their demands.

A particularly high risk for companies arises from the increasing number of "hands-on-keyboard" attacks, where attackers manually and deliberately infiltrate systems to access data or take over system control. In 2022, the number of such activities increased by over 50%.

The Role of Artificial Intelligence in Cybersecurity

Artificial Intelligence (AI) has not only taken on an increasingly significant role in our society in recent years but has taken the cybersecurity landscape by storm. AI is fundamentally changing both defense and attack methods. On the defense side, AI offers innovative opportunities to strengthen security measures. Machine learning, a key component of AI, is capable of analyzing large amounts of data in real-time and immediately identifying suspicious behavior. This enables companies to detect and defend against cyberattacks at an early stage. Through the use of AI, security operations can be optimized as routine tasks are automated and analysts can focus on more complex threats. Furthermore, AI improves the efficiency of threat monitoring and response systems by automatically detecting anomalies that human analysts might miss.

Conversely, AI also opens up new challenges and threat vectors. Cybercriminals use the technology to carry out sophisticated and difficult-to-detect attacks. One outstanding application is the use of generated AI models to create realistic deepfakes. This technology enables attackers to fabricate videos or audio recordings to deceive executives or make phishing attacks more credible. This represents not only a technological challenge but also undermines trust in digital content, as fake materials are barely distinguishable from genuine ones.

AI-Driven Attack Strategies and Defense Measures

Another example of AI's role in cyberattacks is the development of malware software. AI systems can automatically adapt malware to circumvent traditional detection methods and carry out targeted and difficult-to-find attacks. Hackers can also use AI to create automated frameworks for attack execution that can make attack operations more efficient with minimal human intervention. This increases not only the frequency but also the precision of attacks on corporate networks.

Furthermore, attackers use AI to optimize brute-force algorithms. With the help of machine learning, they can recognize patterns in passwords and crack them with enormous speed and efficiency. Similarly, Generative Adversarial Networks (GANs) are employed to overcome security tests like CAPTCHAs, which greatly facilitates malicious actors' access to protected systems.

The double-edged nature of AI in cybersecurity requires companies to both continuously adapt technologically and strengthen their security culture. While AI-supported security solutions offer more advanced defense mechanisms, companies must equally develop strategies to prevent the misuse of AI by attackers. This includes implementing AI-assisted protective mechanisms to reliably detect and learn from attack patterns, as well as introducing proactive training for employees to establish building blocks for a prudent and conscious security strategy. Furthermore, collaboration with international regulatory authorities is essential to comply with legal frameworks and enable ethical and secure use of AI in the digital environment.

Evolution of Cybercriminal Strategies

Another major threat is the use of so-called access broker services. These criminal providers sell illegally obtained access credentials to corporate networks to interested parties. This gives buyers of these credentials the opportunity to deliberately penetrate networks. In 2022, a remarkable 112% increase in the use of such services was recorded, highlighting the growing threat from these organized attack strategies. After acquiring these credentials, attackers often use internal company tools, allowing them to operate largely undetected. This makes identifying and combating their activities considerably more difficult.

Cloud and IoT Security Challenges

With the spread of cloud technologies and the Internet of Things (IoT), new attack vectors are emerging. Cloud infrastructures have seen nearly a threefold increase in attacks since 2021. Vulnerabilities in authentication and the low security of new cloud services make them an attractive target for cybercriminals. Attacks on cloud-based systems often exploit inadequately secured access points to steal key data or take control of systems.

IoT devices present another challenge. The multitude of devices—from network printers to door openers—often have only rudimentary security mechanisms. Cybercriminals aim to exploit these vulnerabilities to penetrate corporate networks. Inadequate security management and insufficient patch management further exacerbate the situation. Every single unsecured device can become a potential gateway for attackers who aim to continuously siphon off data flows or manipulate physical systems.