Cybercrime & Cyberwar: A Spotter's Guide

Cybercriminals are as varied as other Internet users: just as the web has allowed businesses to sell and communicate globally, so it has given fraudsters the ability to plunder victims anywhere and set up crime networks that, previously, would have been impossible.

The web has become central to the smooth running of most developed economies, and the types of cybercrime have changed too. While 15 years ago the majority of digital crime was effectively a form of online vandalism, most of today's internet crime is about getting rich.

That's causing significant costs to businesses and consumers. IBM and Ponemon Institute's 2016 Cost of Data Breach Study found that the average cost of a data breach for the 383 companies participating increased from $3.79m to $4m over 2015: the average cost paid for each lost or stolen record containing sensitive and confidential information increased from $154 in 2015 to $158. All the organisations in the survey had experienced a data breach ranging from 3,000 to 101,500 compromised records, and the majority of the leaks were down to malicious attacks (as with many types of crime, the costs of cleaning up can be vastly higher than the loot that the hackers manage to get away with).

Data breaches aren't the only costs to business of online criminals: the FBI calculates that CEO email scams, where criminals pose as senior execs and persuade finance managers to transfer huge sums to phony bank accounts, have hit tens of thousands of companies and cost over $3.1bn since January 2015.

There's a significant cost to business of protecting against attacks, too: according to analyst firm Gartner, worldwide spending on security products and services will reach $81.6bn (£62.8bn) this year, up eight percent year-on-year thanks to increasingly sophisticated threats and a shortage of cybersecurity professionals.

Most internet crime is motivated by a desire for profit, stealing banking credentials or intellectual property, or via extortion for example. But as online crime has grown it has also evolved, or mutated, into a set of occasionally overlapping groups that pose distinct threats to organisations of different sizes.

These groups have different tools, objectives and specialties, and understanding this can help defend against them.

Disorganised crime

These are the crooks you're most likely to come across, or at least feel the impact of, as an individual, the petty criminals of the online world. They may spew out spam or offer access to a botnet for others to run denial-of-services attacks, or attempt to fool you into an advance-fee scams where the unwary are promised a big payday in return for paying (often a substantial) sum of money up-front.

One big growth area here is ransomware. Still, basic IT security is often enough to keep this sort of crime at bay: encrypting data, using anti-malware technologies and keeping patching up.

Organised crime

“The twenty-first century digital criminal is best characterised as a ruthlessly efficient entrepreneur or CEO, operating in a highly developed and rapidly evolving dark market...they are a CEO without the constraints of regulation or morals," warned a recent report from KPMG and BT entitled Taking the Offensive.

These groups will have a loose organisation and may utilise many contractors -- some expert at developing hacking tools and vulnerabilities, others who will carry out the attack and yet others who will launder the cash. At the centre of the web is a cybercrime boss with the ideas, the targets and the contacts.

These are the groups with the capability to mount attacks on banks, law firms and other big businesses. They might execute CEO frauds, or simply steal vital files and offer to sell them back again (or sell them on to unscrupulous business rivals).

According to European law enforcement agency Europol in its 2015 Internet Organised Crime Threat Assessment, there is now some overlap between the tools and techniques of organised crime and state-sponsored hackers, with "both factions using social engineering and both custom malware and publicly available crime-ware". Organised cyber-crime groups are also increasingly performing long-term, targeted attacks instead of indiscriminate scatter-gun campaigns, said the agency.

When nation states use a technique it usually takes around 18 to 24 months for that to filter down to serious and organised crime.

"One of the challenges for the ordinary company is the level of the adversary continues to get more sophisticated because they are able to get access to more of the technologies than they would have been able to do in the past", said George Quigley, a partner in KPMG's cyber security division.

And it's not just the big companies that may be at risk. "You could be forgiven as a small business for thinking 'I'm not one of those guys, why would somebody want my network?', but you are part of somebody's supply chain," said Kaspersky's David Emm principal security researcher at Kaspersky Lab.

Hacktivists

These may be individuals or groups driven by a particular agenda, perhaps a particular issue or a broader campaign. Unlike most cyber-criminals, hacktivists aren't out to make money from their exploits, rather to embarrass an organisation or individual and generate publicity. This means their targets may be different: rather than a company's accounts system or customer database, they may well want to access embarrassing emails from the CEO or other company officials.

Terrorists

Despite the hype, the threat from cyber terrorism remains low, largely because these groups lack the skills, money and infrastructure to develop and deploy effective cyber weapons, which only the largest nations can hope to build. "Terrorist sympathizers will probably conduct low-level cyber-attacks on behalf of terrorist groups and attract attention of the media, which might exaggerate the capabilities and threat posed by these actors," said US director of national intelligence James Clapper in his assessment of worldwide cyber threats in September last year.

State-backed hackers

While standard criminality accounts for the vast majority of cyber threats, the use of the web by state-sponsored hackers has been widely publicised in recent years. Much of this takes the form of cyber espionage, attempts to steal data on government personnel or on expensive defence projects. Governments will spend millions on developing all-but-undetectable ways of sneaking onto the systems of other nations, or those of defence contractors or critical national infrastructure, and these projects may take years of development.

"Networks that control much of our critical infrastructure, including our financial systems and power grids , are probed for vulnerabilities by foreign governments and criminals," warned President Obama last year, blaming Iranian hackers for targeted American banks and North Korea for the attack on Sony Pictures that destroyed data and disabled thousands of computers.

Like hacktivists, state-sponsored groups aren't usually seeking financial gain. Rather, they are looking to support the policies of their government in some way -- by embarrassing another government by revealing secrets, or by gaining a potential strategic advantage, for example.

Worse, nation-state hackers may be interested in creating physical effects by digital means -- bringing down a power grid or forcing open the doors of a dam at the wrong time, for example. This is where cybercrime tips over into cyberwarfare.

"The management and operation of critical infrastructure systems will continue to depend on cyber information systems and electronic data. Reliance on the power grid and telecommunications will also continue to increase, as will the number of attack vectors and the attack surface due to the complexity of these systems and higher levels of connectivity due to smart networks. The security of these systems and data is vital to public confidence and safety," says Europol.

With the emergence of the Internet of Things (IoT), where everyday objects from thermostats to home security systems, can be controlled online, the risk of well-funded groups attempting to hack into these devices increases. If your organisation is being attacked by state-sponsored groups, keeping them out is likely to be extremely difficult: you should consider how to limit the damage, by segmenting networks and encrypting sensitive data, for example. Concentrating on blocking at the perimeter will not be enough.

Insider threats

With all the focus on external threats, is it possible that companies are forgetting a danger much closer to home?

"There's been an awful lot more issues being driven from insiders of late. One of the challenges is that when people think cyber they automatically think external," says KPMG's Quigley. Confidential company documents stored on shared drives and weak internal controls on who can access data mean that the disgruntled or greedy insider could still be one of the biggest risks to businesses. "They should have insiders much higher on the radar than they do," Quigley warns.

Blurred lines

In reality there's a lot of overlap between these groups, in personnel, the tools they use and the targets they choose. "The cyber threat landscape is becoming a much more complicated environment to do attribution or explain attacks," says FireEye's Monrad.

However, most breaches start in the same way, says Kaspersky's Emm: "What they have in common is how they get their initial foothold through tricking individuals into doing something that jeopardizes security: click on a link, open an attachment, give out some confidential information." It's vital to educate staff and close obvious holes: through to 2020, 99 percent of vulnerabilities exploited will continue to be ones known by security and IT professionals for at least one year, according to Gartner.

What's certain is that, as the Internet becomes even more essential to our day-to-day lives, the potential for cyber criminals to make money will only increase.

Ein News:

« Critical Infrastructure Is The Next Target
Hong Kong Hacked »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

Cyber Security Supplier Directory

Cyber Security Supplier Directory

Our Supplier Directory lists 6,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall (and why does it matter)?

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall (and why does it matter)?

Watch this webinar to hear security experts from Amazon Web Services (AWS) and SANS break down the myths and realities of what an NGFW is, how to use one, and what it can do for your security posture.

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

NCX Group

NCX Group

NCX Group is committed to helping customers identify and mitigate the risks inherent in today’s interconnected environments and business processes.

LogicManager

LogicManager

LogicManager offer a complete set of IT governance, risk and compliance software solutions and advisory services.

ContentKeeper

ContentKeeper

ContentKeeper provides Web Threat Protection solutions to secure today’s Web 2.0 and mobile centric business environments.

Cognni

Cognni

Cognni (formerly Shieldox) will make your InfoSec think like a human, right out of the box, so you can focus on the bigger picture, keeping the information flow safe.

ISEC7 Group

ISEC7 Group

ISEC7 Group is a global provider of mobile business services and software solutions. The company was one of the first movers in mobilising company and business processes.

Swiss Accreditation Service (SAS)

Swiss Accreditation Service (SAS)

SAS is the national accreditation body for Switzerland. The directory of members provides details of organisations offering certification services for ISO 27001.

Hexaware Technologies

Hexaware Technologies

Hexaware is an automation-led next-generation service provider delivering excellence in IT, BPO and Consulting services.

NI Cyber Security Centre

NI Cyber Security Centre

NI Cyber Security Centre works to make Northern Ireland cyber safe, secure and resilient for its citizens and businesses.

McKinsey & Company

McKinsey & Company

McKinsey & Company is a global management consulting firm. We are trusted advisor to the world's leading businesses, governments, and institutions.

Securious

Securious

If you need to improve your cyber security or achieve cyber security accreditations, Securious provide an independent service that will identify and address your issues quickly and efficiently.

Varutra Consulting

Varutra Consulting

Varutra Consulting is an Cyber Security Consulting, Solutions and Training services firm, providing specialized security services for software, mobile and network.

Action Fraud

Action Fraud

Action Fraud is the UK’s national reporting centre for fraud and cyber crime where you should report fraud if you have been scammed, defrauded or experienced cyber crime.

Digital.ai

Digital.ai

Digital.ai empowers organizations to scale software development teams, continuously deliver software with greater quality and security.

CyAmast

CyAmast

CyAmast is an IoT Network security and analytics company that is changing the way enterprise and governments detect and protect networks from the pervasive threat of cyber attacks.

AuditBoard

AuditBoard

AuditBoard is the leading cloud-based platform transforming audit, risk, ESG, and InfoSec management.

London AI Safety Research (LASR)

London AI Safety Research (LASR)

London AI Safety Research Labs is a technical AI Safety research programme focussed on reducing the risk of loss of control to advanced AI.