Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Vulnerabilities / Threats

10:00 AM
Marc Wilczek
Marc Wilczek
Connect Directly
E-Mail vvv

Cybercrime Goes Mainstream

Organized cybercrime is global in scale and the second-greatest risk over the next decade.

The World Economic Forum's 2020 "Global Risks 2020" report notes that the digital space is characterized by growing geopolitical tensions and meddling, a lack of technology governance, and a greater overall reliance on technology. Further, more than half of the world is connected to the Internet, and the number grows by a stunning 1 million people a day. As a result, cybercrime has become the second-greatest risk that business will face over the next 10 years.

Related Content:

Cybercrime May Be the World's Third-Largest Economy by 2021

Special Report: 2021 Top Enterprise IT Trends

New From The Edge: Building Your Personal Privacy Risk Tolerance Profile

Unfortunately, cyberattacks on critical infrastructure have become almost routine in sectors such as energy, healthcare, and transportation. They have brought entire cities almost to a standstill. Public and private sector organizations are also frequent targets of cybercriminals, who can easily purchase various types of sophisticated cyberattack tools and services on the Dark Web for next to nothing.

Not Your Typical Street Gang
The cybercrime universe is not a monolith but, rather, an interconnected network of different attacker groups. Together, they have evolved into a genuinely disruptive force whose practitioners are just as organized, clever, and nimble as the hottest new tech startup. This reality is key to understanding global cybercrime and how it affects companies.

By working as a network, cybercriminals can do their jobs better. Each group specializes in a particular discipline, and different groups often work together to take advantage of each other's know-how. This is what makes them more effective and enables them to focus on technical and financial success in a given attack.

Specialization Matters
To achieve their goals, cybercriminals leverage both technical expertise and the panic they generate in their targets. Both can have devastating consequences.

Since 2018, a new form of attack focused on ransomware has been observed and described by a Thales report, "Cyber Threat Handbook 2020." The dramatic increase in ransomware attacks is part of a broader phenomenon known as malware-as-a-service and closer collaboration among major cybercriminals. In addition, several ransomware-as-a-service operations have been particularly effective. In 2019, one of the best known, GandCrab, developed by a group known as Pinchy Spider, extorted total earnings of $150 million in 12 months before shutting itself down. Other services, such as Sodinokibi — probably developed by the same group that conceived GandCrab — filled the gap.

A Surging Underground Economy
With revenues estimated up to $1.5 trillion a year — on average, 1.5 times more income than counterfeiting and 2.8 times more than the illicit drug trade — the cybercrime network is an economic system that can now threaten any company or organization and jeopardize the global economy. Roughly 60% of its massive revenues are estimated to come from illegal online markets for stolen data and 30% from pilfering intellectual property and trade secrets. Interestingly, only 0.07% is derived from ransomware, which inflicts the most real-world damage.

According to Europol's 2020 "Internet Organised Crime Threat Assessment" (Note: Link will download a PDF) report, both ransomware and distributed denial-of-service (DDoS) attacks are prevalent and underreported crimes. European law enforcement observed attacks targeting telecommunications and technology firms, where, in some cases, DDoS attackers threatened companies with reputational harm and extorted them for payment. For example, private sector respondents reported smaller-volume attacks that are capable of blocking smaller data centers. Small requests from 700 IP addresses make it difficult to block against a DDoS attack and difficult for investigators to trace the attacker responsible as the attack comes from multiple IP addresses.

Digitally Advanced Industries in the Crosshairs
While cybercrime affects some industries more than others, cybercriminals are opportunists who typically set their sights on vulnerable companies they stumble upon rather than carefully chosen targets. They do so by penetrating and then scanning a company's network to find and exploit vulnerabilities. Over the past year, cybercriminals have begun to target more digitally advanced industries, such as hosting, e-commerce, and e-gaming. The demand for the services of companies in these areas has exploded during the pandemic, but can only be met when their platforms are available and reliable. Of course, cybercriminals reap their rewards by ensuring that they aren't. In March 2020, malicious individuals targeted a popular German food delivery website and demanded 2 Bitcoins to cease their DDoS attacks. In August, as detailed by Link11, hackers claiming to be the Armada Collective launched a far-reaching campaign against Internet service providers and hosting providers. (Full disclosure: I'm Link11's COO.)

Big Game Hunting
According to the Thales report, so-called "Big Game Hunters" employ tactics, techniques, and procedures (TTP) and technical infrastructure comparable to certain state-sponsored hacking groups. They attack political institutions and major corporations using ransomware or DDoS attacks to extort large sums. In September 2019, Wikipedia was hit by a "massive and very broad DDoS attack,, apparently because someone wanted to test a brand-new Internet of Things botnet designed to make it easier to illegally promote and sell his services on the Dark Web. In August 2020, the New Zealand stock exchange was knocked offline and had to stop trading for days because of a wave of DDoS attacks "from abroad," supposedly perpetrated by the Russian hacking group Fancy Bear.

Cybercrime affects everyone, from individuals to global corporations and critical infrastructures or governments. Attacks remain successful because of inadequate cyber hygiene, often due to a lack of security automation. Cybercrime isn't going away — if anything, it's poised to grow. Because there are so many cybercriminal groups out there, it's becoming ever harder to attribute a given attack to a specific perpetrator. Thus, the public and private sectors must seek closer collaboration and regular information exchange to ensure timely responses to emerging threats.

As a rule, organizations should never pay ransom (which only funds further attacks), recruit top-notch technical assistance, prepare disaster recovery plans, and practice crisis management. This includes having preapproved crisis communication materials ready, and filing cyber complaints with law enforcement when experiencing an attack.

Marc Wilczek is a columnist and recognized thought leader, geared toward helping organizations drive their digital agenda and achieve higher levels of innovation and productivity through technology. Over the past 20 years, he has held various senior leadership roles across ... View Full Bio

Recommended Reading:

Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
7 Old IT Things Every New InfoSec Pro Should Know
Joan Goodchild, Staff Editor,  4/20/2021
Cloud-Native Businesses Struggle With Security
Robert Lemos, Contributing Writer,  5/6/2021
Defending Against Web Scraping Attacks
Rob Simon, Principal Security Consultant at TrustedSec,  5/7/2021
Register for Dark Reading Newsletters
White Papers
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
How Enterprises are Developing Secure Applications
How Enterprises are Developing Secure Applications
Recent breaches of third-party apps are driving many organizations to think harder about the security of their off-the-shelf software as they continue to move left in secure software development practices.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
PUBLISHED: 2021-05-15
A XSS Vulnerability in /uploads/dede/action_search.php in DedeCMS V5.7 SP2 allows an authenticated user to execute remote arbitrary code via the keyword parameter.
PUBLISHED: 2021-05-15
DedeCMS V5.7 SP2 contains a CSRF vulnerability that allows a remote attacker to send a malicious request to to the web manager allowing remote code execution.
PUBLISHED: 2021-05-14
The Linux kernel before 5.11.14 has a use-after-free in cipso_v4_genopt in net/ipv4/cipso_ipv4.c because the CIPSO and CALIPSO refcounting for the DOI definitions is mishandled, aka CID-ad5d07f4a9cd. This leads to writing an arbitrary value.
PUBLISHED: 2021-05-14
In the Linux kernel before 5.12.4, net/bluetooth/hci_event.c has a use-after-free when destroying an hci_chan, aka CID-5c4c8c954409. This leads to writing an arbitrary value.
PUBLISHED: 2021-05-14
The block subsystem in the Linux kernel before 5.2 has a use-after-free that can lead to arbitrary code execution in the kernel context and privilege escalation, aka CID-c3e2219216c9. This is related to blk_mq_free_rqs and blk_cleanup_queue.