• United States




Putting the cyber in crime

Aug 25, 20174 mins

How lower barriers and increased profits have lead to a surge in cybercrime.

It seems as if not a day goes past where cybercrime isn’t in the headlines.

Whether it is a ransomware attack, a huge data breach, theft of intellectual property, or the unavailability of service, ‘cyber’ is playing an increasingly important role for both enterprises and individuals alike.

Nowadays, nearly all crimes have an element of cyber to them and we’re seeing more ‘traditional’ criminals get into the cybercrime industry. However, this isn’t just bandwagon jumping; there are actually some very good reasons why the world of cyber makes a lot of sense to criminals.

Lowering barriers to entry

Go back ten years or so and ‘hacking’ knowledge was limited to a few select individuals that understood technology. It wasn’t easy to find experts that were willing to be “hackers for hire”, and for those new to the industry, acquiring such skills wasn’t an easy task either.

However, in recent years, the barriers to entry have gotten significantly lower due to a few key factors:

1. Availability of online marketplaces. Online marketplaces have become commonplace and provide a convenient place where hackers for hire can advertise their skills to bidders. These can encompass a broad range of services such as DDoS attacks, botnets, and targeting of individuals or businesses, as well as custom services.

2. As-a-service. Taking a cue from legitimate businesses, cybercriminals are beginning to remodel their organizations for greater efficiency. This has resulted in the rise of “cybercime-as-a-service”. For example, Petya & Mischa ransomware-as-a-service (RaaS) was launched in July 2016. This platform encourages distributors to generate high returns by enticing them with the cybercrime equivalent of performance bonuses. If distributors generate less than five bitcoins in a given week, then they only earn 25% of the ransom paid. However, if the weekly payment is over 125 bitcoins, then they can potentially keep 85% of it. Through such initiatives, the RaaS business model has proven to be highly lucrative, for both the providers and the distributors, and there’s no sign that the these operations will go away anytime soon.

3. The rise of cryptocurrency. The third leg of the stool is made up of crypto currencies such as bitcoin, which allow payments to be made anonymously. This allows cybercrime service providers to sell their wares easily, and also allows cybercriminals to extort money from their victims more effectively.

Profit and loss

Another aspect contributing to the rise in cybercrime is the increase in potential profits. The cybercrime market is lucrative because of the extent to which things have gone digital. Everything from finance, to healthcare, to national infrastructure is connected in some way or another. On top of this, the introduction of IoT and smart devices has resulted in an explosion of connected devices, each of which presents a potential money-making opportunity for a clever hacker.

The abundance of connected devices gives criminals an advantage because there will always be unsecured, unpatched, or simply insecure targets. Attacks can be targeted against particular businesses, or can indiscriminately affect companies of all sizes and within all verticals. There are also some cases where a criminal could potentially make as much profit targeting individual consumers as they could from attacking large enterprises. By targeting individuals, hackers further lower the bar to entry, as no pre-qualification needs to be done on the target.

Key takeaways

The growing number of criminals taking advantage of lucrative cyber money-making opportunities will unfortunately only continue to grow. Therefore, it is more important than ever that enterprises and individuals take appropriate steps to protect themselves from cyber attacks. Here are few tips to bear in mind:

  • User education and awareness is the first, and arguably the most important, line of defense. For example, knowing not to click on suspicious links could prevent a potential infection entirely.
  • Segregating critical systems and assets is also a good defensive measure. In the event that a user does click on a link, having segregated systems will prevent infections from spreading.
  • Have robust detection and response controls in place, which are enhanced by threat intelligence, is also critical so that infections can be detected quickly and remedial action taken immediately to minimize impact.
  • Finally, the importance of backup processes cannot be forgotten or neglected. If the worst does happen, it’s often better to wipe systems and reinstall from a clean, trusted backup than try to fix the mess.

Javvad Malik is an award-winning information security consultant, author, researcher, analyst, advocate, blogger and YouTuber. He currently serves as a security advocate at AlienVault.

An active blogger, event speaker and industry commentator, Javvad is known as one of the industry’s most prolific influencers, with a signature fresh and light-hearted perspective on security.

Prior to joining AlienVault, he was a senior analyst with 451 Research providing technology vendors, investors and end users with strategic advisory services, including competitive research and go-to-market positioning. Prior to that, Javvad served as an independent security consultant, with a career spanning 12+ years working for some of the largest companies across the financial and energy sectors.

Javvad is an author and co-author of several books, including The CISSP Companion Handbook: A Collection of Tales, Experiences and Straight Up Fabrications Fitted Into the 10 CISSP Domains of Information Security and The Cloud Security Rules: Technology is Your Friend. And Enemy. A Book About Ruling the Cloud. He’s also the founder of the Security B-Sides London conference and a co-founder of Host Unknown with Thom Langford and Andrew Agnés.

Javvad has earned several professional certifications over the course of his career, including Certified Information Security Systems Professional (CISSP) and GIAC Web Application Penetration Tester (GWAPT). He’s also won numerous awards in recent years for his blogging, including the "2015 Most Entertaining Blog" and the "2015 Best Security Video Blogger" recognitions at the European Security Blogger Awards.

The opinions expressed in this blog are those of Javvad Malik and do not necessarily represent those of IDG Communications, Inc., its parent, subsidiary or affiliated companies.