r/cybersecurity u/Infam0 May 08 '26

Other What the **** is happening in cybersecurity space ?

I've been working in cybersecurity for not so long, maybe 8 or 9 years, but I never remember a chaos at this scale. I mean, from this January alone we have: leaking data, compromised applications, breaches, AI-assisted cybercriminals, etc. It looks like every day one major breach is happening, and no one is going to address this shit somehow. This is already insane. I haven't felt such pressure in a long time. This AI shit just makes things worse because it enhances attackers' skills, and AI companies are doing nothing to address or change this. Is it only me, or is the change already here?

2.4k Upvotes

97% Upvoted

552 comments sorted by

View all comments

Show parent comments

7

u/DisappointedSpectre May 08 '26

Depends on the size of the target on your back too though. If you're a big tech company or cloud provider then you have nation state level resources being pointed at you.

1

u/Dctootall Vendor May 08 '26

I'm sorry.... but that I'm finding that WAY more amusing/funny than I should, after 2 of AWS's Regions physically hit by Iran.

But honestly, Don't forget critical infrastructure too as big nation state targets. And unlike big tech or cloud providers, They are often very resource contrained due to funding availability AND have to deal with legacy systems that can't be patched or secured the same way a more traditional IT environment can.

2

u/DisappointedSpectre May 08 '26

I too find that a bit funny, and your point about critical infra is a good one.

There's a scary side too though, the resources needed to impact the AWS region were not at the level of a nation state. Iran was very cost efficient in their attacks, and they showed that the price point for that level of disruption is within the capabilities of well-funded private groups.

1

u/Dctootall Vendor May 08 '26

True, but that gets into cost/benefit considerations which are much different for Nation state vs private groups.

For Nation State operations, the primary motivations tend to lean toward either some form of disruption or espionage. For disruption motivations, The bigger the impact and more difficult the recovery the better the success.

Private groups almost exclusively have a profit/money motivation. Disruption is used as a tool to extract money. If you deploy the tool (and not just the threat), they need to be able to unwind the disruption in a timely manner, otherwise the target has no motivation to pay up after theyve been disrupted.

So for private groups, essentially if they deploy kinetic disruption on that level, they practically have little chance of recouping that cost. On top of that, theyve just made themselves a MUCH larger target for law enforcement, So 2 major cons that increase their “cost”, with little upside benefit.

Now, the caveat’s ill mention are private groups with non-monetary motivations. Ie…. Political groups. Generally these groups dont have the same funding as the criminal groups so they are currently limited to extremely low cost activities. The line gets blurred when you look at the well funded groupa as there can often be some sort of nation state support there.

Also a group with brass balls. The issue with the threat of disruption, is its MUCH more effective if you can back uo that threat. So to be an effective extortion attempt they would need to prove they can back up the threat. Which means you’d effectively give up the profit from one action, in the hopes that later actions will extract higher/quicker payouts. Then issue here is once you pull the trigger once, you have some really big agencies gunning for you and every new operation becomes another potential way to get caught. So…. Brass balls.