Cybercrime Economy: The Business Of Hacking

Uploaded on 2016-06-03 in TECHNOLOGY--Hackers, NEWS-Cybersecurity News, FREE TO VIEW

The profile of typical cyber attackers – and the interconnected nature of their underground economy – have evolved in the last several years.

Adversaries are increasingly leveraging management principles in the creation and expansion of their operations to ultimately increase their impact and financial profits. Enterprises can use this inside knowledge against the attackers to disrupt the organizational structure and mitigate their risks, according to HP Enterprise.

The attackers’ value chain

Today’s adversaries often create a formalized operating model and ‘value chain’ that is very similar to legitimate businesses in structure, and delivers greater ROI for the cybercriminal organization throughout the attack lifecycle. If enterprise-level security leaders, regulators and law enforcement are to disrupt the attackers’ organization, they must first understand every step in the value chain of this cybercrime economy.

Critical elements to the attackers’ value chain models typically include:

Human resources management – Includes recruiting, vetting and paying the supporting ‘staff’ needed to deliver on specific attack requirements; the skills-based training and education of attackers also falls within this category.

Operations – The ‘management team’ that ensures the smooth flow of information and funds throughout the attack lifecycle; this group will actively seek to reduce costs and maximize ROI at every step.

Technical development – The front-line ‘workers’ providing the technical expertise required to perform any given attack, including research, vulnerability exploitation, automation, and more.

Marketing and sales – These teams ensure that the attack group’s reputation in the underground marketplace is strong and the illicit products are both known and trusted among the target audience of potential buyers.

Outbound logistics – This encompasses both the people and systems responsible for delivering purchased goods to a buyer, be it large batches of stolen credit card data, medical records, intellectual property or otherwise.

“Cybercriminals are highly professional, have robust funding, and are working together to launch concentrated attacks,” said Chris Christiansen, Program Vice President, Security Products and Services, IDC.Disrupting the chain and advancing enterprise protection

HPE recommends a number of approaches for enterprise security professionals to better defend against these organized attackers:

Reduce the profits – Limit the financial rewards adversaries can realize from an attack on the enterprise by implementing end-to-end encryption solutions. By encrypting data at rest, in motion and in use, the information is rendered useless to the attackers, restricting their ability to sell and reducing profits.

Reduce the target pool – The expansion of mobile and IoT has dramatically increased the possible attack surface for all enterprises. Organizations must build security into their development processes, and focus on protecting the interactions between data, apps and users regardless of device to better mitigate and disrupt adversary attacks.

Learn from the adversaries – New technologies such as ‘deception grids’ provide methods of trapping, monitoring and learning from attackers as they navigate their way through a realistic duplication of the network. Enterprises can use this information to better protect their real network, disrupt similar attacks before they begin, and slow down the progress of attackers.

HelpNetSecurity: http://bit.ly/1W2spnR

« Robots Won’t Only Take Jobs They Will Also Create Jobs
Not Just A Question Of Money: Cybersecurity And The CFO »

CyberSecurity Jobsite
Check Point
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

TÜV SÜD Academy UK

TÜV SÜD Academy UK

TÜV SÜD offers expert-led cybersecurity training to help organisations safeguard their operations and data.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

Venafi

Venafi

Venafi is a world-class cyber-security company dedicated to protecting machine identities for our hyper-connected digital economy.

Morgan Lewis Law

Morgan Lewis Law

Morgan Lewis is an international law firm with offices in North America, Europe, Asia, and the Middle East. Practice areas include Privacy and Cybersecurity.

Charlton Networks

Charlton Networks

Charlton Networks provide a complete range of IT infrastructure, network and security solutions aimed at SME companies.

Bricata

Bricata

Bricata offers industry-leading IPS solutions for enterprise-wide threat prevention and unparalleled situational awareness.

Orange Cyberdefense

Orange Cyberdefense

Orange Cyberdefense is the expert cybersecurity business unit of the Orange Group, providing managed security, managed threat detection & response services to organizations around the globe.

Schneider Electric

Schneider Electric

Schneider Electric develops connected technologies and solutions to manage energy and process in ways that are safe, reliable and sustainable.

Matias Consulting Group (MCG)

Matias Consulting Group (MCG)

Your Business needs competitive and resilient ICT solutions. MCG defines, deploy & support them enabling you to focus on your core business.

RUSCADASEC

RUSCADASEC

RUSCADASEC is an independent non-profit initiative on developing the open Russian-speaking international community of industrial cyber security/ICS/SCADA cyber security professionals.

Dcode

Dcode

Dcode connects the tech industry and government to drive commercial innovation in the federal market.

VectorRock

VectorRock

Save Your Business From Cyber Criminals. We specialize in uncovering cyber risks which threaten your organization and fixing them.

IBM Security

IBM Security

IBM manufactures and markets computer hardware, middleware and software, and offers hosting and consulting services in areas ranging from mainframe computers to nanotechnology.

Boecore

Boecore

Boecore is an aerospace and defense engineering company that specializes in software solutions, systems engineering, cybersecurity, enterprise networks, and mission operations.

Benchmark IT Services (BITS)

Benchmark IT Services (BITS)

BITS is a leading cyber security company in Australia. Our certified professionals work with you to keep your data assets safe and secure.

AuthenticID

AuthenticID

Our mission at AuthenticID is to combat fraud worldwide and help businesses protect their enterprise and valuable data assets.

Open Cybersecurity Alliance (OCA)

Open Cybersecurity Alliance (OCA)

OCA is building an open ecosystems where cybersecurity products interoperate without the need for customized integrations. We're making standards-based interoperable cybersecurity a reality.

iOT365

iOT365

iOT365 is the first-of-its-kind SAAS platform dedicated exclusively to Operational Technology (OT) security.