Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Vulnerabilities / Threats

2/5/2021
10:00 AM
Marc Wilczek
Marc Wilczek
Commentary
Connect Directly
Twitter
LinkedIn
RSS
E-Mail vvv
50%
50%

Cybercrime Goes Mainstream

Organized cybercrime is global in scale and the second-greatest risk over the next decade.

The World Economic Forum's 2020 "Global Risks 2020" report notes that the digital space is characterized by growing geopolitical tensions and meddling, a lack of technology governance, and a greater overall reliance on technology. Further, more than half of the world is connected to the Internet, and the number grows by a stunning 1 million people a day. As a result, cybercrime has become the second-greatest risk that business will face over the next 10 years.

Related Content:

Cybercrime May Be the World's Third-Largest Economy by 2021

Special Report: 2021 Top Enterprise IT Trends

New From The Edge: Building Your Personal Privacy Risk Tolerance Profile

Unfortunately, cyberattacks on critical infrastructure have become almost routine in sectors such as energy, healthcare, and transportation. They have brought entire cities almost to a standstill. Public and private sector organizations are also frequent targets of cybercriminals, who can easily purchase various types of sophisticated cyberattack tools and services on the Dark Web for next to nothing.

Not Your Typical Street Gang
The cybercrime universe is not a monolith but, rather, an interconnected network of different attacker groups. Together, they have evolved into a genuinely disruptive force whose practitioners are just as organized, clever, and nimble as the hottest new tech startup. This reality is key to understanding global cybercrime and how it affects companies.

By working as a network, cybercriminals can do their jobs better. Each group specializes in a particular discipline, and different groups often work together to take advantage of each other's know-how. This is what makes them more effective and enables them to focus on technical and financial success in a given attack.

Specialization Matters
To achieve their goals, cybercriminals leverage both technical expertise and the panic they generate in their targets. Both can have devastating consequences.

Since 2018, a new form of attack focused on ransomware has been observed and described by a Thales report, "Cyber Threat Handbook 2020." The dramatic increase in ransomware attacks is part of a broader phenomenon known as malware-as-a-service and closer collaboration among major cybercriminals. In addition, several ransomware-as-a-service operations have been particularly effective. In 2019, one of the best known, GandCrab, developed by a group known as Pinchy Spider, extorted total earnings of $150 million in 12 months before shutting itself down. Other services, such as Sodinokibi — probably developed by the same group that conceived GandCrab — filled the gap.

A Surging Underground Economy
With revenues estimated up to $1.5 trillion a year — on average, 1.5 times more income than counterfeiting and 2.8 times more than the illicit drug trade — the cybercrime network is an economic system that can now threaten any company or organization and jeopardize the global economy. Roughly 60% of its massive revenues are estimated to come from illegal online markets for stolen data and 30% from pilfering intellectual property and trade secrets. Interestingly, only 0.07% is derived from ransomware, which inflicts the most real-world damage.

According to Europol's 2020 "Internet Organised Crime Threat Assessment" (Note: Link will download a PDF) report, both ransomware and distributed denial-of-service (DDoS) attacks are prevalent and underreported crimes. European law enforcement observed attacks targeting telecommunications and technology firms, where, in some cases, DDoS attackers threatened companies with reputational harm and extorted them for payment. For example, private sector respondents reported smaller-volume attacks that are capable of blocking smaller data centers. Small requests from 700 IP addresses make it difficult to block against a DDoS attack and difficult for investigators to trace the attacker responsible as the attack comes from multiple IP addresses.

Digitally Advanced Industries in the Crosshairs
While cybercrime affects some industries more than others, cybercriminals are opportunists who typically set their sights on vulnerable companies they stumble upon rather than carefully chosen targets. They do so by penetrating and then scanning a company's network to find and exploit vulnerabilities. Over the past year, cybercriminals have begun to target more digitally advanced industries, such as hosting, e-commerce, and e-gaming. The demand for the services of companies in these areas has exploded during the pandemic, but can only be met when their platforms are available and reliable. Of course, cybercriminals reap their rewards by ensuring that they aren't. In March 2020, malicious individuals targeted a popular German food delivery website and demanded 2 Bitcoins to cease their DDoS attacks. In August, as detailed by Link11, hackers claiming to be the Armada Collective launched a far-reaching campaign against Internet service providers and hosting providers. (Full disclosure: I'm Link11's COO.)

Big Game Hunting
According to the Thales report, so-called "Big Game Hunters" employ tactics, techniques, and procedures (TTP) and technical infrastructure comparable to certain state-sponsored hacking groups. They attack political institutions and major corporations using ransomware or DDoS attacks to extort large sums. In September 2019, Wikipedia was hit by a "massive and very broad DDoS attack,, apparently because someone wanted to test a brand-new Internet of Things botnet designed to make it easier to illegally promote and sell his services on the Dark Web. In August 2020, the New Zealand stock exchange was knocked offline and had to stop trading for days because of a wave of DDoS attacks "from abroad," supposedly perpetrated by the Russian hacking group Fancy Bear.

Conclusion
Cybercrime affects everyone, from individuals to global corporations and critical infrastructures or governments. Attacks remain successful because of inadequate cyber hygiene, often due to a lack of security automation. Cybercrime isn't going away — if anything, it's poised to grow. Because there are so many cybercriminal groups out there, it's becoming ever harder to attribute a given attack to a specific perpetrator. Thus, the public and private sectors must seek closer collaboration and regular information exchange to ensure timely responses to emerging threats.

As a rule, organizations should never pay ransom (which only funds further attacks), recruit top-notch technical assistance, prepare disaster recovery plans, and practice crisis management. This includes having preapproved crisis communication materials ready, and filing cyber complaints with law enforcement when experiencing an attack.

Marc Wilczek is a columnist and recognized thought leader, geared toward helping organizations drive their digital agenda and achieve higher levels of innovation and productivity through technology. Over the past 20 years, he has held various senior leadership roles across ... View Full Bio
 

Recommended Reading:

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
News
Former CISA Director Chris Krebs Discusses Risk Management & Threat Intel
Kelly Sheridan, Staff Editor, Dark Reading,  2/23/2021
Edge-DRsplash-10-edge-articles
Security + Fraud Protection: Your One-Two Punch Against Cyberattacks
Joshua Goldfarb, Director of Product Management at F5,  2/23/2021
News
Cybercrime Groups More Prolific, Focus on Healthcare in 2020
Robert Lemos, Contributing Writer,  2/22/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win an Amazon Gift Card! Click Here
Latest Comment: This comment is waiting for review by our moderators.
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
Building the SOC of the Future
Building the SOC of the Future
Digital transformation, cloud-focused attacks, and a worldwide pandemic. The past year has changed the way business works and the way security teams operate. There is no going back.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-21302
PUBLISHED: 2021-02-26
PrestaShop is a fully scalable open source e-commerce solution. In PrestaShop before version 1.7.2 there is a CSV Injection vulnerability possible by using shop search keywords via the admin panel. The problem is fixed in 1.7.7.2
CVE-2021-21308
PUBLISHED: 2021-02-26
PrestaShop is a fully scalable open source e-commerce solution. In PrestaShop before version 1.7.2 the soft logout system is not complete and an attacker is able to foreign request and executes customer commands. The problem is fixed in 1.7.7.2
CVE-2021-21273
PUBLISHED: 2021-02-26
Synapse is a Matrix reference homeserver written in python (pypi package matrix-synapse). Matrix is an ecosystem for open federated Instant Messaging and VoIP. In Synapse before version 1.25.0, requests to user provided domains were not restricted to external IP addresses when calculating the key va...
CVE-2021-21274
PUBLISHED: 2021-02-26
Synapse is a Matrix reference homeserver written in python (pypi package matrix-synapse). Matrix is an ecosystem for open federated Instant Messaging and VoIP. In Synapse before version 1.25.0, a malicious homeserver could redirect requests to their .well-known file to a large file. This can lead to...
CVE-2021-23345
PUBLISHED: 2021-02-26
All versions of package github.com/thecodingmachine/gotenberg are vulnerable to Server-side Request Forgery (SSRF) via the /convert/html endpoint when the src attribute of an HTML element refers to an internal system file, such as <iframe src='file:///etc/passwd'>.