Crime Has Become Cybercrime

Uploaded on 2017-09-08 in NEWS-Cybersecurity News, GOVERNMENT-Law Enforcement, FREE TO VIEW

Cybercrime is in the headlines. - whether it is a ransomware attack, a huge data breach, theft of intellectual property, or the unavailability of service, ‘cyber’ is playing an increasingly important role for both enterprises and individuals alike.

Nowadays, nearly all crimes have an element of cyber to them and we’re seeing more ‘traditional’ criminals get into the cybercrime industry.

However, this isn’t just bandwagon jumping; there are actually some very good reasons why the world of cyber makes a lot of sense to criminals.

Lowering Barriers to Entry

Go back ten years or so and ‘hacking’ knowledge was limited to a few select individuals that understood technology. It wasn’t easy to find experts that were willing to be “hackers for hire”, and for those new to the industry, acquiring such skills wasn’t an easy task either.

However, in recent years, the barriers to entry have gotten significantly lower due to a few key factors:

1. Availability of online marketplaces. Online marketplaces have become commonplace and provide a convenient place where hackers for hire can advertise their skills to bidders. These can encompass a broad range of services such as DDoS attacks, botnets, and targeting of individuals or businesses, as well as custom services.

2. As-a-service. Taking a cue from legitimate businesses, cybercriminals are beginning to remodel their organizations for greater efficiency. This has resulted in the rise of “cyber-crime-as-a-service”. For example, Petya & Mischa ransomware-as-a-service (RaaS) was launched in July 2016. This platform encourages distributors to generate high returns by enticing them with the cybercrime equivalent of performance bonuses.

If distributors generate less than five bitcoins in a given week, then they only earn 25% of the ransom paid. However, if the weekly payment is over 125 bitcoins, then they can potentially keep 85% of it. Through such initiatives, the RaaS business model has proven to be highly lucrative, for both the providers and the distributors, and there’s no sign that the these operations will go away anytime soon.

3. The rise of cryptocurrency. The third leg of the stool is made up of crypto currencies such as bitcoin, which allow payments to be made anonymously. This allows cyber-crime service providers to sell their wares easily, and also allows cyber-criminals to extort money from their victims more effectively.

Profit and Loss

Another aspect contributing to the rise in cybercrime is the increase in potential profits. The cyber-crime market is lucrative because of the extent to which things have gone digital. Everything from finance, to healthcare, to national infrastructure is connected in some way or another. On top of this, the introduction of IoT and smart devices has resulted in an explosion of connected devices, each of which presents a potential money-making opportunity for a clever hacker.

The abundance of connected devices gives criminals an advantage because there will always be unsecured, unpatched, or simply insecure targets. Attacks can be targeted against particular businesses, or can indiscriminately affect companies of all sizes and within all verticals.

There are also some cases where a criminal could potentially make as much profit targeting individual consumers as they could from attacking large enterprises. By targeting individuals, hackers further lower the bar to entry, as no pre-qualification needs to be done on the target.

Key Takeaways

The growing number of criminals taking advantage of lucrative cyber money-making opportunities will unfortunately only continue to grow. Therefore, it is more important than ever that enterprises and individuals take appropriate steps to protect themselves from cyber-attacks. Here are few tips to bear in mind:

  • User education and awareness is the first, and arguably the most important, line of defense. For example, knowing not to click on suspicious links could prevent a potential infection entirely.
  • Segregating critical systems and assets is also a good defensive measure. In the event that a user does click on a link, having segregated systems will prevent infections from spreading.
  • Have robust detection and response controls in place, which are enhanced by threat intelligence, is also critical so that infections can be detected quickly and remedial action taken immediately to minimise impact.
  • Finally, the importance of backup processes cannot be forgotten or neglected. If the worst does happen, it’s often better to wipe systems and reinstall from a clean, trusted backup than try to fix the mess.

CSO Online:

You Might Also Read:

Cyber Criminals Have Access To Weapons Grade Hacking Tools:

Police Can’t Reduce Cybecrime:

Cybercrime Is A Boardroom Issue:

 

 

« Is The US Constitutional Right To Free Speech Threatened Online?
IoT For Business & Creating 'Digital Twins' »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall (and why does it matter)?

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall (and why does it matter)?

Watch this webinar to hear security experts from Amazon Web Services (AWS) and SANS break down the myths and realities of what an NGFW is, how to use one, and what it can do for your security posture.

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

Synopsys

Synopsys

Synopsys delivers trusted and comprehensive silicon to systems design solutions, from electronic design automation to silicon IP and system verification and validation.

Aeriandi

Aeriandi

Aeriandi is a leading provider of hosted PCI security compliance solutions for call centres, trusted by high street banks and major Telcos.

Nuvias Group

Nuvias Group

Nuvias Group is a specialist value-addedd IT distribution company offering a service-led and solution-rich proposition ready for the new world of technology supply.

Ultratec

Ultratec

Ultratec provide a range of data centric services and solutions including data recovery, data erasure, data destruction and full IT Asset Disposal (ITAD).

GrrCON

GrrCON

GrrCON is an information security and hacking conference that provides the Midwest InfoSec community with a fun atmosphere to come together and engage with like minded people.

Gytpol

Gytpol

Gytpol is a leader in Endpoint Configuration Security (ECS) solutions, providing validation, remediation & securing of IT Policies and IT Infrastructure on-premise and in the cloud.

Cyber Intelligence 4U

Cyber Intelligence 4U

Cyber Intelligence 4U is an educational services company that provides two levels of cybersecurity training programs: executive and technical.

Research Institute in Verified Trustworthy Software Systems (VeTSS)

Research Institute in Verified Trustworthy Software Systems (VeTSS)

The main purpose of VeTSS is to support program analysis, testing and verification, to achieve guarantees of software correctness, safety, and security.

Microland

Microland

Microland’s delivery of digital is all about making technology do more and intrude less for global enterprises. Our services include Cloud & Data Center, Networks, Cybersecurity and more.

Wizard Cyber

Wizard Cyber

At Wizard Cyber, we simplify cyber security, delivering an advanced service that protects your high-risk assets from the complex threats that technology alone can miss, 24/7.

Arcturus Security

Arcturus Security

Arcturus is a CREST-approved cyber security consultancy created by experts in the field.

ShellBoxes

ShellBoxes

ShellBoxes are a leading Web3 company focused on providing top-notch blockchain security and development services.

Infinavate

Infinavate

Infinavate Fort CyberVault offers end-to-end services that comprehensively responds to the organization’s information security and privacy needs.

Eclypses

Eclypses

Eclypses has a disrupting cyber technology, offering organizations an advanced data security solution called MicroToken Exchange (MTE).

STACK Cybersecurity

STACK Cybersecurity

STACK Cybersecurity serves as a strategic partner, guiding you through the intricate and dynamic cybersecurity landscape.

Pontiro

Pontiro

At Pontiro, we are enabling a new era of data-sharing. Bridging the gap between protected data and valuable insights through the use of cutting edge Homomorphic Encryption.