Since the 1980’s, security professionals and government agencies around the globe have been trying to place their focus on the main sources of cybercrime. Yet just as the proverbial “leaks in a dam,” they find that they plug one up only to have three more appear. The landscape of cybercrime has not only experienced an incredible upswing, but has made so much profit that the cybercriminals are now more organised than ever before. Their ecosystem is booming and they are now self-defined to the point of gaining incredible momentum as they appear and even act like technology companies
The problem with the net is that cybercriminals can be anywhere and everywhere. Traditional security methods are not acceptable as an approach, and it often requires multiple countries with many different laws working together. Cybercriminals take full advantage of these hurtles and often establish themselves in countries with little or no laws or policing for cybercrime.
The well-known Webstresser.org was a DDoS-for-hire website, however, when twelve countries pooled their law enforcement resources together, they managed to take down this organisation that distributed countless denial-of-service attacks. The design of Webstresser is just another example of the sophistication that cybercriminals have obtained. The site offered people with little or no skills in technology to launch the DDoS point-and-click attacks for a fee. Europol reported that the administrators of the DDoS-for-hire service were located in Canada, Serbia, Croatia, and the United Kingdom. Frequent users of the service included people in Italy, Spain, Australia, the Netherlands, Hong Kong, and the U.K., with 136,000 registered users and 4 million attacks. The Webstresser.org hosted servers were located in the U.S., the Netherlands, and Germany. Once this service was taken down, DDoS attacks dropped in Europe by as much as 60%.
Cybercriminals No Long have to be Savvy
In the past, cybercriminals were not only painted as a special breed, they were individuals that had a high level of technology and coding knowledge. Not so anymore. Today’s malicious software for sale such as crimeware or exploit kits can enable almost anyone to be a cybercriminal with knowledge that is limited. Online criminal activities have become as easy as purchasing software, much of which follow the SaaS guidelines of legitimate technology organisations.
Data: The Golden Nugget
Another shift in the dynamics of cybercrime is in the expansion of stealing such things as credit card/debit card info to also incorporate bank and other financial account logins. These have been associated with such areas as loyalty programs that are linked with these accounts. This alteration began around 2013-2014 when cybercriminals started becoming more organised in their approaches.
Known as the “web of profit,” by Dr. Michael McGuire, financial streams from these cyberattacks have been beneficial for the criminals, at $1.5 trillion, and include: 50% via illegal and illicit markets, 35% from IP and trade secret theft, 11% for stolen data trading, less than 1% for crimeware as a sold service, less than 1% for ransomware. In other words, data has become the new valued currency.
Into The Web of Profit
A 178 page Bromium report by Dr. Michael McGuire, is the culmination of a year of research on “Understanding the Growth of Cybercrime.” Entitled “Into the Web of Profit”, this detailed analysis takes a deeper look at all aspects of the crimes, the criminals, and how we as a society underestimate everything. A quote from the report is both telling and chilling:
“The walls between the criminal and legitimate worlds are blurring; we are not simply dealing with ‘hackers in hoodies’, we are tackling an economic ecosystem that enables, funds and supports criminal activity on a global scale – from drug trafficking to terrorism. It is a society that is suffering the consequences of our failure to stem the tide.
The report shows that cybercriminals are both innovators and early adopters of technology. It is unrealistic to think that law enforcement alone will be able to track and disrupt new systems. Because we are a community with a common goal, we need to collaborate and be willing to do things differently. We share a social and moral obligation to disrupt the core systems that underpin this criminal ecosystem.”
Cybersecurity: Top Priorities for Businesses
Where once we viewed cybersecurity as just another price for doing business, we must now make a dynamic change in how we see and handle the security of our organisations. No country or company vertical is excluded because the internet can be anywhere. The priority of protecting our proprietary data is now requiring that we devote more attention and finances to the lock-and-key approach.
“Making this kind of shift for the importance of securing a business is an all-hands-on-deck approach. Da Vinci Cybersecurity works together with your IT Department and your staff to ensure that all are educated on the various methods of cyberattack. We maintain up-to-date information on all of the latest criminal activities and keep everyone informed. As companies transition into more and more technology, Da Vinci Cybersecurity will be there to help at every step.”
Da Vinci ForensicsDa Vinci Cybersecurity