Cybersecurity Crisis: Professionals Strained As Attacks Surge And Resources Shrink - 1

Image by Matt_Moloney, from Freerangestock

Cybersecurity Crisis: Professionals Strained As Attacks Surge And Resources Shrink

  • Written by Kiara Fabbri Former Tech News Writer
  • Fact-Checked by Justyn Newman Former Lead Cybersecurity Editor

In a Rush? Here are the Quick Facts!

  • 66% of cybersecurity professionals report increased job stress since five years ago.
  • 38% of organizations are experiencing more cyberattacks than last year.
  • 52% believe their organization’s cybersecurity budget is inadequate.

Cybersecurity professionals are under unprecedented strain as cyberattacks rise and AI complicates the threat landscape.

A new research from the Information Systems Audit and Control Association (ISACA) indicates that 66% of cybersecurity professionals report their roles have become more stressful than five years ago.

The findings are part of the 2024 State of Cybersecurity report, which surveyed over 1,800 professionals about their experiences and challenges in the field.

The report reveals that the top factors contributing to this increased stress include an increasingly complex threat landscape, low budgets, worsening hiring and retention challenges, and insufficiently trained staff.

The study also found that 38% of organizations are experiencing a rise in cyberattacks, up from 31% last year.

Common types of attacks include social engineering, malware, unpatched systems, and denial of service attacks.

Alarmingly, nearly half of respondents expect their organization to suffer a cyberattack within the next year, with only 40% expressing confidence in their team’s ability to effectively detect and respond to these threats.

In a separate study , ISACA reported that 61% of European cybersecurity professionals believe their teams are understaffed, while over half feel their organizations’ cybersecurity budgets are underfunded.

The impact of these challenges on professionals’ well-being is significant; 68% say their roles are more stressful now compared to five years ago, largely due to the increasingly complex threat landscape.

Furthermore, 41% of respondents reported experiencing more cyberattacks than in the previous year, and 58% anticipate an attack in the coming year.

Chris Dimitriadis, ISACA’s Chief Global Strategy Officer, emphasized the urgency of addressing funding and staffing issues. He warned that without strong, skilled teams, the security resilience of entire ecosystems is at risk, leaving critical infrastructure vulnerable.

Despite the pressing need for skilled professionals, 19% of organizations report unfilled entry-level positions, while 48% have vacancies requiring experience or credentials.

The research also highlights a significant skills gap, particularly in soft skills, with 52% of respondents reporting deficiencies. Among these, communication, problem-solving, and critical thinking are deemed most crucial.

Mike Mellor, Adobe’s Vice President of Cyber Operations, underlined the importance of adopting secure authentication methods. He emphasized that fostering a culture of security through training is essential for organizations facing evolving cyber threats, as reported by ISACA.

As the cyber landscape continues to evolve, addressing the challenges of funding, staffing, and skill development will be crucial for building resilient cybersecurity teams capable of effectively countering sophisticated threats.

Hackers Use Fake AI ‘Nudify’ Sites To Spread Malware - 2

Image by Ramez E. Nassif from Unsplash

Hackers Use Fake AI ‘Nudify’ Sites To Spread Malware

  • Written by Kiara Fabbri Former Tech News Writer
  • Fact-Checked by Justyn Newman Former Lead Cybersecurity Editor

In a Rush? Here are the Quick Facts!

  • Notorious Fin7 operates AI-based “nudify” websites to distribute malware, 404 Media reports.
  • Fin7 sites mimic AI deepfake platforms, attracting users interested in fringe tech.
  • These websites steal users’ login credentials and cryptocurrency wallets using malware.

A report from 404 Media published today has revealed that a network of AI-based “nudify” websites, which claim to undress photos using artificial intelligence, is actually being operated by the notorious Russian cybercrime group Fin7.

These websites are fronts for distributing malware, particularly targeting users’ login credentials and cryptocurrency wallets.

According to researchers from cybersecurity firm Silent Push , Fin7’s sites are designed to look like other popular AI-generated nonconsensual content sites.

However, instead of producing altered images, they infect users’ systems with RedLine, a type of malware known for stealing sensitive information from web browsers, as noted by 404 Media.

RedLine is currently among the most prevalent forms of infostealer malware, according to cybersecurity firm RecordedFuture, as reported by 404 Media.

The findings underline the increasing attractiveness of AI-generated deepfake tools, which are now being exploited by hackers to trap victims.

Fin7, which has been linked to major cyberattacks across the U.S., is using these sites as a new method of distributing malware.

Zach Edwards, a senior threat analyst at Silent Push, said to 404 Media that these platforms attract a specific demographic.

“They are looking for people who are doing borderline shady things to start with, and then having malware ready to serve to those people who are proactively hunting for something shady,” Edwards explained about Fin7’s strategy.

This approach is effective, he added, because victims are unlikely to report the hacks to authorities due to the illicit nature of their activities. Beyond setting up honeypots and luring users, it takes minimal effort to infect them.

404 Media discovered that one of these Fin7-run websites was listed on a major porn aggregator site, increasing its potential victim base. The aggregator site, which is frequently visited by people searching for nonconsensual image-sharing platforms, helped direct unsuspecting users to Fin7’s malware-infected domains.

In response to questions from 404 Media, Hostinger, the domain registrar for most of the fraudulent sites, blocked access to these domains.

404 Media points out that Fin7 has a long history of sophisticated cyberattacks, including the creation of fake penetration testing companies to trick victims into hacking on their behalf.

Despite claims by the U.S. Department of Justice last year that “Fin7 as an entity is no more,” this recent discovery confirms the group is still active and innovating new ways to ensnare victims, as noted by 404 Media.

Edwards will present Silent Push’s full findings at the Virus Bulletin cybersecurity conference this week .