Cybercriminals have progressed from small prey to major targets by adopting nation-state strategies, raking in millions of dollars with minimal effort.
The cybercrime economy is expanding, with an estimated value that exceeds several countries’ GDP. The consequences from a breach can linger for years, eroding income and tarnishing a hard-won brand name. GDPR fines have increased by 39% in the last year, while ransomware has cost businesses tens of millions of dollars.
While cyber incidents like the SolarWinds hack attract the public’s awareness, the majority of internet attacks are perpetrated by financially motivated cybercriminals. Organized crime gangs will stop at nothing in their relentless pursuit of wealth. Businesses must radically rethink security from the ground up if they are to have any hope of succeeding against them.
The Threat Landscape
Cybercriminals are protected from risk by using anonymization techniques and operating from remote areas. They make use of a complex underground supply chain that allows for rapid invention and participation by non-techies.
Ransomware is an excellent example: previously the domain of opportunistic individuals who targeted customers with demands of a few hundred dollars, cybercriminal gangs such as Ryuk, REvil, and Egregor now make millions from corporate victims. Boardrooms should be concerned about this so-called “big-game hunting.” The typical victims are large but unlisted, making them more likely to pay out quickly. The alternative is operational disruption costing millions of dollars.
Big-game hunting organizations are rapidly adopting techniques that were traditionally only used by nation-state hackers, like doing extensive reconnaissance of targets and employing legitimate tools to move around inside networks without setting virtual alarms. They take critical information, and then use it to improve the likelihood of victims paying in “double-dip” extortion attacks.
Trojan viruses like Emotet and TrickBot disseminated by phishing emails, buy access to business networks from groups made up of a variety of victims. This gives secondary ransomware gangs the freedom to choose their own victims.
However, ransomware isn’t the only game in town, and hackers will profit from attacks in any way they can, from banking Trojans to targeted theft of critical intellectual property and customer data.
The Weakest Link
Users are the entry point for most attacks, which is why endpoints account for the vast majority of successful breaches, with malware almost always transmitted via email attachments, downloadable files and web links. Advanced attackers are employing new ways to increase the success of phishing attacks, such as AI-assisted spear-phishing or thread jacking.
Simple strategies such as emailing a compromised CV to HR or an infected Excel invoice to finance, are still quite effective at getting past security measures. Once a foothold has been established, the attacker can steal credentials and move through companies, collecting intelligence and stealing data. They can even sell backdoors they design on the Dark Web. This means that hackers can come and go, frequently unnoticed for years, directly under the noses of enterprise security teams, exposing the affected enterprise to a great deal of risk.
New Security Architecture
The industry’s defence motto has been “detect to defend,” which entails checking for signatures and known-bad code. The rise of “polymorphic” auto generated malware however, makes such approaches ineffective. The next generation of detection attempts to address this by detecting potential mutations using machine learning. Malware developers, however, have access to these tools and can use them to test and change their code until it passes. As a result, they can launch malware with complete assurance that it will not be detected by any of the leading solutions. While detection will always be important in security, relying just on detection can lead to disaster.
Businesses require a new security architecture that incorporates resilience from the hardware up. Organizations can use a zero-trust strategy to construct compartments with fine-grained segmentation and control that can be secured independently of one another. Micro-virtualization, for example, underpins such techniques by confining dangers and rendering malware harmless.
Business leaders all over the world are becoming aware of a persistent and pervasive threat to their company’s brand and bottom line. To combat cybercrime on this magnitude, a similarly forceful response is required.