
New VEC attack data shows why cybersecurity awareness needs a reboot
New research on vendor email compromise attacks shows that nearly half of employees fall for malicious emails, and 98.5% go unreported.
Read MoreIf you’re leading a cybersecurity team today, understanding your adversary is just as important as knowing your tech stack. Because threat actors aren’t just opportunistic hackers – they’re running a business.
The new Threat Actor Behaviour report by Arkose Labs makes it clear that if we want to stop them, we need to think like them.
When we asked Jason Lau (CISO at crypto.com) what advice he’d give to his younger self, he said:
“I would advise my younger self to take more courses on psychology...understanding human behaviour is crucial for anticipating and mitigating cybersecurity threats.
“Knowing what motivates threat actors and how they think can enhance strategies and responses to attacks…This insight is invaluable for a CISO, as it helps in developing more effective defence mechanisms and fostering a proactive rather than reactive security posture.”
He’s spot on. Cybersecurity leadership requires psychological acuity. The Arkose report is full of data that can help you understand how threat actors are thinking right now – so we’ve pulled key insights for you to integrate into your knowledge base.
Arkose Labs researchers analysed nearly 20 billion malicious traffic patterns across sectors, and the report is a window into the industrial mindset of scammers. The motive is simple: money. And opportunities to make money are readily available.
One standout stat: scammers in El Salvador can earn 20x more attacking gaming platforms than working as software developers. In Pakistan, that jumps to 25x.
Even a solo threat actor can earn USD $145,176 per year by targeting just five premium gaming platforms with account takeovers. When defences are weak, this becomes a repeatable revenue model; and when the cost-to-attack gets too high, they move on.
So scammers are both agile and ROI-driven. They’re not shooting in the dark.
Over 50% of all attacks in 2024 began at account sign-up. In Q4 alone, 64% of attacks started there – representing 309% increase from Q3.
Why? Because sign-up is often the least protected and most scalable entry point. For fintech platforms, sign-up attacks surged 11,600% in Q3. In dating apps, they exploded by 4,900% in Q4.
Scammers hide in high-volume seasons. The Paris Olympics, US elections, and end-of-year holidays all saw spikes in malicious traffic – not because attackers love sports or democracy, but because noise offers cover.
The old-school image of a lone hacker is becoming outdated in today’s threat landscape. Current cybercriminals use AI-enhanced bots, human fraud farms, and attack automation services to optimise and personalise their scams.
And let’s not forget the dark web economies behind these tools. Powerful kits offer phishing-as-a-service for around $400/month, and they’re capable of bypassing MFA and hijacking real user sessions.
Attackers work when users are online – and when defenders are distracted. Examples of this from the report include:
There’s choreography at play here.
Understanding threat actor behaviour is essential. Based on insights provided by Arkose’s researchers, here’s where to start:
Cybercrime today is strategic, scalable and deeply human. By studying attacker behaviour (instead of just studying their tools), we can build smarter defences and reclaim control of our digital environments.
Understanding the why behind attacks gives leaders the power to fight back proactively. And that, more than any firewall, is how we win.
Join the newsletter to receive the latest updates in your inbox.
New research on vendor email compromise attacks shows that nearly half of employees fall for malicious emails, and 98.5% go unreported.
Read MoreThe latest in a long line of attacks against IoT devices that highlights the vulnerability of the Internet of Things.
Read MoreWhy cybersecurity offers a long-term career opportunity with strong progression and stability.
Read More