As the year winds down and the season of indulgence begins, let’s talk chocolate—yes, chocolate.
Picture this: you're a die-hard chocolate fan and a distant, globetrotting relative gifts you an extravagant box of exotic chocolates. The shapes, colours, and flavours look unfamiliar—even a bit intimidating. But curiosity gets the best of you, and you take a bite. Surprise! You love it. A quick glance at the label reveals it’s made with pure cocoa by renowned chocolatiers. Any initial hesitation? Completely gone.
Now imagine that exquisite box of chocolates is Cyberevolution, a cybersecurity event that happened in Frankfurt, at the beginning of December. Organised by the expert chocolatiers at KuppingerCole Analysts, this event delivered an impressive mix of flavours— from the use of AI (benefits and risks) and identity access management (Zero Trust, PAM, CIAM, etc.) to cyber resilience, supply chain risks (ransomware, data breaches, etc.), and even sessions on mental health for cybersecurity professionals. On stage were masterful ‘chocolate makers’ like CISOs from Oetker (funny coincidence), Vodafone, Deutsche Börse, Deutsche Bank, Clearstream Banking, BitPanda, DHL, Siemens, Adidas, and other industry giants.
While I'm not the most technical person, the speakers made even the densest cybersecurity topics accessible, using relatable metaphors, real-world examples, and stories that made the content feel... well, delicious.
With so many ‘flavours’ to choose from—AI in cybersecurity, Zero Trust, ransomware, the EU’s AI Act, DORA, and more—I found myself savouring every moment of this rich event.
This will be presented in a two-part article series. In the first part, I will focus on the evolving threat landscape—the challenges we are up against. In the second part, I will explore the regulatory hurdles (DORA, NIS2, the EU’s AI act, etc.) and the solutions available to address these challenges.
For key topics like Zero Trust and the EU’s AI Act, we plan to release dedicated interviews in early January 2025 to offer a more comprehensive perspective on Cyberevolution.
The top three cyber threats currently facing organisations are ransomware, social engineering, and information manipulation, said Andrea Hornung, Senior Manager of Cyber Security & Privacy at PwC.
Ransomware is a type of malware that locks access to a victim's data until a ransom is paid. Ransomware attacks accounted for approximately 70% of reported cyberattacks worldwide in 2023, with over 317 million attempts recorded, according to Statista. Financial institutions remain prime targets after the manufacturing sector, as cybercriminals aim to steal money and vast amounts of sensitive user data. In 2023 alone, 3,348 cyber incidents were detected within financial institutions globally, with 1,115 incidents resulting in the leakage of sensitive data.
Social engineering is another pervasive threat, comprising 50% scams and 35% phishing, with 43% of phishing attacks imitating Microsoft.
Alarmingly, there has been a 70% increase in cyberattacks leveraging stolen or compromised credentials, and 40% of biometric fraud (where someone steals or copies a person's unique features to access something they shouldn't, like accounts or devices) is now caused by deepfakes.
Meanwhile, information manipulation has evolved into a big challenge, exemplified by advanced AI-powered tools like Meliorator, which generates thousands of fake accounts, and operations like DRAGONBRIDGE, which led to the takedown of 65,000 instances, including 57,000 YouTube channels and 900,000 videos. Adding to the complexity is the growing professionalisation of cybercrime, with services like phishing-as-a-service and bypass-KYC-as-a-service increasingly available on the darknet.
But enough with stats and theory. During an interactive workshop, Florian Jörgens, CISO at Vorwerk, vividly illustrated a ransomware attack scenario, inviting the audience to step into the shoes of a CISO facing a crisis. He set the stage:
‘Of course, it’s Sunday evening—these things always happen on weekends. Colleagues from around the world are contacting IT support, saying, 'I can’t work anymore. There’s some strange behaviour on my computer, and a skull has appeared on the screen.'
The IT team decides to escalate the issue and declares a major incident, contacting the CISO as the person responsible. The hackers then reach out to the company, claiming to have stolen customer data and demanding a ransom of USD 2 million in Bitcoin. What’s the situation? A typical ransomware attack.’
Participants were asked to navigate three rounds of decision-making (1. calling a forensic company to help solve the situation, 2. communicating to the company stakeholders, or 3. declaring an emergency), receiving more details at each stage. The first/best critical choice? Declaring an emergency case. Florian emphasised this as the starting point, as it triggers essential resources, communications, and organisational responses.
Through the exercise, Florian highlighted what happens during ransomware attacks: files are encrypted, the company receives threats about leaking stolen data, and thus operational chaos is created. Each scenario underscored the need for comprehensive preparedness. The lessons shared were clear: organisations must regularly test and revise their cyber incident response plans, maintain secure and up-to-date backups, and foster trusted relationships with law enforcement and crisis professionals. A strong communication strategy, both internally and externally, is essential, as is cross-departmental support to ensure business continuity during an attack. Finally, engaging professional mediators during negotiations with hackers is critical, as direct interaction is risky.
And Florian’s funniest advice? When all else fails, consider running—or going on holiday. After all, a little humour helps in the face of a serious threat like ransomware.
In a fascinating presentation on the 2022 Uber hacking attack, Offensive Security Expert Michael Gschwender and Senior Infosec Reporter Max Muth shed light on the Gen Z hacking landscape. They explored how these young hackers operate, what motivates them, and what defenders can do to strengthen their cybersecurity posture.
The 2022 Uber data breach began when a hacker purchased stolen credentials belonging to an Uber employee from a dark web marketplace. Using these credentials, the hacker attempted to access Uber’s systems but was blocked by multi-factor authentication (MFA). To bypass this safeguard, the hacker resorted to social engineering tactics. Pretending to be a member of Uber’s security team, the hacker contacted the employee via WhatsApp and pressured them to approve the MFA requests being sent to their phone. Using a tactic known as MFA fatigue, the hacker sent a relentless flood of MFA notifications, overwhelming the employee. Eventually, the frustrated employee approved one of the requests, granting the hacker access to the network. Once inside, the hacker went further by compromising the employee’s Slack account and announcing the successful breach to the entire company.
Organisations face threats from a diverse range of attackers, each with unique motivations and tactics. Ransomware attackers, for example, are purely motivated by financial gain and will use any method that works to extort money. In contrast, Advanced Persistent Threat (APT) groups—highly organised and often state-sponsored—are focused on long-term goals such as intelligence gathering, sabotage, or disruption, usually driven by political, military, or economic agendas.
Adding a new layer to this threat landscape are Gen Z hackers. These young attackers often mimic the behaviour of APT groups but are less resourced and more motivated by curiosity, bragging rights, or recognition within hacking communities. For example, some aim to steal or leak content, such as gaming trailers, purely for the thrill of it.
One of the key takeaways from the session was the importance of building resilience against this wide array of cyber threats. Michael and Max jokingly suggested, ‘If only you could just talk to a hacker!’ But since that’s not possible, the alternative is to implement proactive security measures that address both human (employee awareness is critical) and technological vulnerabilities (deploy advanced tools like AI-powered threat detection, Security Information and Event Management (SIEM) systems, and trained Security Operations Centres (SOCs)).
Fraud increasingly exploits both technical vulnerabilities and human psychology, often with devastating results. John Erik Setsaas, Director of Innovation at Tietoevry’s Financial Crime Prevention unit, highlighted the shift from hacking systems to hacking people, driven by the availability of personal information online and the use of AI to automate manipulative schemes. Drawing from Yuval Noah Harari’s observation, ‘To hack a human being is to know them better than they know themselves’, he explained how fraudsters profile individuals and craft convincing scenarios to manipulate victims.
In Norway, a type of APP fraud targeting elderly women is known as Olga Fraud, named after a popular female name from 70–80 years ago. Scammers typically pose as bank representatives, claiming the victim's account has been hacked and urging them to transfer funds to a ‘safe account’. Thus, the challenge has shifted: it’s no longer just about verifying who is conducting the transaction but determining whether the transaction is being conducted for the right reasons.
Long-term frauds, such as dating scams, are evolving with AI technology like Replica, an AI-generated ‘boyfriend’ or ‘girlfriend’. Fraudsters now automate relationship-building, using AI to manipulate victims over time. Once trust is established, they escalate to requests for money transfers, often for fabricated emergencies. A significant challenge arises when fraud defence centres intervene. Even after being warned, victims often deny being scammed, insisting they are helping a ‘partner’ in need. This highlights the deep emotional manipulation at play, as fraudsters exploit urgency and emotions to gain access to banking credentials, eventually taking full control of victims' accounts.
A secure method of payment, authentication, authorisation, etc. could be the new EU Digital Identity Wallet, which allows users to store sensitive information securely. While designed to prioritise privacy, the wallet’s anti-tracking mechanisms create challenges for fraud detection. Fraudsters could exploit this by tricking users into sharing information, authorising payments, or transferring assets like central bank digital currencies.
How can we ensure trust in wallet transactions when traditional fraud-detection methods—such as profiling or tracking behaviour—are restricted by privacy regulations? Banks have begun to address these challenges by focusing on behavioural monitoring, such as analysing device patterns, IP addresses, and transaction traces (marks).
While privacy laws may limit some detection methods, these layered approaches still provide valuable tools for identifying fraudulent activity.
John Erik also emphasised the importance of public education to reduce risks, though he acknowledged the difficulty of combating emotional manipulation, which remains at the heart of many scams.
Tomorrow, we’ll dive into Cyberevolution insights part 2, exploring key regulatory challenges (DORA, NIS2, the EU’s AI Act) and the innovative solutions addressing them, such as Security 3.0, Cyberfantastic, and Identity Fabric.
Stay tuned!
About Mirela Ciobanu
Mirela Ciobanu is Lead Editor at The Paypers, specialising in the Banking and Fintech domain. With a keen eye for industry trends, she is constantly on the lookout for the latest developments in digital assets, regtech, payment innovation, and fraud prevention. Mirela is particularly passionate about crypto, blockchain, DeFi, and fincrime investigations, and is a strong advocate for online data privacy and protection. As a skilled writer, Mirela strives to deliver accurate and informative insights to her readers, always in pursuit of the most compelling version of the truth. Connect with Mirela on LinkedIn or reach out via email at mirelac@thepaypers.com.
Every day we send out a free e-mail with the most important headlines of the last 24 hours.
Subscribe now