Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Vulnerabilities / Threats

2/5/2021
10:00 AM
Marc Wilczek
Marc Wilczek
Commentary
Connect Directly
Twitter
LinkedIn
RSS
E-Mail vvv
50%
50%

Cybercrime Goes Mainstream

Organized cybercrime is global in scale and the second-greatest risk over the next decade.

The World Economic Forum's 2020 "Global Risks 2020" report notes that the digital space is characterized by growing geopolitical tensions and meddling, a lack of technology governance, and a greater overall reliance on technology. Further, more than half of the world is connected to the Internet, and the number grows by a stunning 1 million people a day. As a result, cybercrime has become the second-greatest risk that business will face over the next 10 years.

Related Content:

Cybercrime May Be the World's Third-Largest Economy by 2021

Special Report: 2021 Top Enterprise IT Trends

New From The Edge: Building Your Personal Privacy Risk Tolerance Profile

Unfortunately, cyberattacks on critical infrastructure have become almost routine in sectors such as energy, healthcare, and transportation. They have brought entire cities almost to a standstill. Public and private sector organizations are also frequent targets of cybercriminals, who can easily purchase various types of sophisticated cyberattack tools and services on the Dark Web for next to nothing.

Not Your Typical Street Gang
The cybercrime universe is not a monolith but, rather, an interconnected network of different attacker groups. Together, they have evolved into a genuinely disruptive force whose practitioners are just as organized, clever, and nimble as the hottest new tech startup. This reality is key to understanding global cybercrime and how it affects companies.

By working as a network, cybercriminals can do their jobs better. Each group specializes in a particular discipline, and different groups often work together to take advantage of each other's know-how. This is what makes them more effective and enables them to focus on technical and financial success in a given attack.

Specialization Matters
To achieve their goals, cybercriminals leverage both technical expertise and the panic they generate in their targets. Both can have devastating consequences.

Since 2018, a new form of attack focused on ransomware has been observed and described by a Thales report, "Cyber Threat Handbook 2020." The dramatic increase in ransomware attacks is part of a broader phenomenon known as malware-as-a-service and closer collaboration among major cybercriminals. In addition, several ransomware-as-a-service operations have been particularly effective. In 2019, one of the best known, GandCrab, developed by a group known as Pinchy Spider, extorted total earnings of $150 million in 12 months before shutting itself down. Other services, such as Sodinokibi — probably developed by the same group that conceived GandCrab — filled the gap.

A Surging Underground Economy
With revenues estimated up to $1.5 trillion a year — on average, 1.5 times more income than counterfeiting and 2.8 times more than the illicit drug trade — the cybercrime network is an economic system that can now threaten any company or organization and jeopardize the global economy. Roughly 60% of its massive revenues are estimated to come from illegal online markets for stolen data and 30% from pilfering intellectual property and trade secrets. Interestingly, only 0.07% is derived from ransomware, which inflicts the most real-world damage.

According to Europol's 2020 "Internet Organised Crime Threat Assessment" (Note: Link will download a PDF) report, both ransomware and distributed denial-of-service (DDoS) attacks are prevalent and underreported crimes. European law enforcement observed attacks targeting telecommunications and technology firms, where, in some cases, DDoS attackers threatened companies with reputational harm and extorted them for payment. For example, private sector respondents reported smaller-volume attacks that are capable of blocking smaller data centers. Small requests from 700 IP addresses make it difficult to block against a DDoS attack and difficult for investigators to trace the attacker responsible as the attack comes from multiple IP addresses.

Digitally Advanced Industries in the Crosshairs
While cybercrime affects some industries more than others, cybercriminals are opportunists who typically set their sights on vulnerable companies they stumble upon rather than carefully chosen targets. They do so by penetrating and then scanning a company's network to find and exploit vulnerabilities. Over the past year, cybercriminals have begun to target more digitally advanced industries, such as hosting, e-commerce, and e-gaming. The demand for the services of companies in these areas has exploded during the pandemic, but can only be met when their platforms are available and reliable. Of course, cybercriminals reap their rewards by ensuring that they aren't. In March 2020, malicious individuals targeted a popular German food delivery website and demanded 2 Bitcoins to cease their DDoS attacks. In August, as detailed by Link11, hackers claiming to be the Armada Collective launched a far-reaching campaign against Internet service providers and hosting providers. (Full disclosure: I'm Link11's COO.)

Big Game Hunting
According to the Thales report, so-called "Big Game Hunters" employ tactics, techniques, and procedures (TTP) and technical infrastructure comparable to certain state-sponsored hacking groups. They attack political institutions and major corporations using ransomware or DDoS attacks to extort large sums. In September 2019, Wikipedia was hit by a "massive and very broad DDoS attack,, apparently because someone wanted to test a brand-new Internet of Things botnet designed to make it easier to illegally promote and sell his services on the Dark Web. In August 2020, the New Zealand stock exchange was knocked offline and had to stop trading for days because of a wave of DDoS attacks "from abroad," supposedly perpetrated by the Russian hacking group Fancy Bear.

Conclusion
Cybercrime affects everyone, from individuals to global corporations and critical infrastructures or governments. Attacks remain successful because of inadequate cyber hygiene, often due to a lack of security automation. Cybercrime isn't going away — if anything, it's poised to grow. Because there are so many cybercriminal groups out there, it's becoming ever harder to attribute a given attack to a specific perpetrator. Thus, the public and private sectors must seek closer collaboration and regular information exchange to ensure timely responses to emerging threats.

As a rule, organizations should never pay ransom (which only funds further attacks), recruit top-notch technical assistance, prepare disaster recovery plans, and practice crisis management. This includes having preapproved crisis communication materials ready, and filing cyber complaints with law enforcement when experiencing an attack.

Marc Wilczek is a columnist and recognized thought leader, geared toward helping organizations drive their digital agenda and achieve higher levels of innovation and productivity through technology. Over the past 20 years, he has held various senior leadership roles across ... View Full Bio
 

Recommended Reading:

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Edge-DRsplash-10-edge-articles
7 Old IT Things Every New InfoSec Pro Should Know
Joan Goodchild, Staff Editor,  4/20/2021
News
Cloud-Native Businesses Struggle With Security
Robert Lemos, Contributing Writer,  5/6/2021
Commentary
Defending Against Web Scraping Attacks
Rob Simon, Principal Security Consultant at TrustedSec,  5/7/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
How Enterprises are Developing Secure Applications
How Enterprises are Developing Secure Applications
Recent breaches of third-party apps are driving many organizations to think harder about the security of their off-the-shelf software as they continue to move left in secure software development practices.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-18165
PUBLISHED: 2021-05-12
Cross Site Scripting (XSS) in LAOBANCMS v2.0 allows remote attackers to execute arbitrary code by injecting commands into the "Website SEO Keywords" field on the page "admin/info.php?shuyu".
CVE-2020-19275
PUBLISHED: 2021-05-12
An Information Disclosure vulnerability exists in dhcms 2017-09-18 when entering invalid characters after the normal interface, which causes an error that will leak the physical path.
CVE-2021-29511
PUBLISHED: 2021-05-12
evm is a pure Rust implementation of Ethereum Virtual Machine. Prior to the patch, when executing specific EVM opcodes related to memory operations that use `evm_core::Memory::copy_large`, the `evm` crate can over-allocate memory when it is not needed, making it possible for an attacker to perform d...
CVE-2020-19274
PUBLISHED: 2021-05-12
A Cross SIte Scripting (XSS) vulnerability exists in Dhcms 2017-09-18 in guestbook via the message board, which could let a remote malicious user execute arbitrary code.
CVE-2021-30211
PUBLISHED: 2021-05-12
Knowage Suite 7.3 is vulnerable to Stored Cross-Site Scripting (XSS). An attacker can inject arbitrary web script in '/knowage/restful-services/signup/update' via the 'surname' parameter.