Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Vulnerabilities / Threats

8/1/2017
10:30 AM
Travis Farral
Travis Farral
Commentary
Connect Directly
Twitter
LinkedIn
RSS
E-Mail vvv
50%
50%

Digital Crime-Fighting: The Evolving Role of Law Enforcement

Law enforcement, even on a local level, has a new obligation to establish an effective framework for combating online crime.

As the cybercrime landscape continues to evolve, methods of policing it must change as well. The increasing number of cyber attacks propagated by everyone from nation-state actors to average criminals is blurring lines between cybersecurity and public safety, ultimately causing a shift in the role of government and law enforcement in protecting against these threats.

Verizon's 2017 Data Breach Investigations Report notes, "In addition to catching criminals in the act, security vendors, law enforcement agencies and organizations of all sizes are increasingly sharing threat intelligence information to help detect ransomware (and other malicious activities) before they reach systems."

Using their own behind-the-scenes collaboration venues, threat actors have also become increasingly well armed and well informed. This can be countered by defenders through better sharing of information tied to trending campaigns, changes in attack vectors, and the emergence of new tools. Foreign enemies become domestic enemies from thousands of miles away, calling for not only a deeper investment in cybersecurity skills and technologies but a broader framework for timely dissemination of intelligence across all global industry segments, both public and private.

Hacker Best Practices 
Cybercriminal activity has seen an uptick in recent years as new tools and methods for hacking become more accessible. Frameworks and platforms sold in underground forums enable low-skilled attackers to evade defensive barriers, becoming today's petty criminals. For example, ransomware-as-a-service has emerged as an attack vector, allowing average Joes with little-to-no cyber knowledge to target both people and businesses using DIY ransomware. Additionally, the sophistication of new technologies used by hackers, such as artificial intelligence, makes malicious advances more difficult to detect.

Traditionally, law enforcement has played a role in cybercrime only after significant damage has been done — for example, when systems are held hostage by ransomware or significant corporate or personal data is stolen. However, as attacks become more frequent and the impact increasingly devastating, law enforcement, even on a local level, has a new obligation to establish an effective framework for digital crime-fighting.

Get Your Vaccine
According to Verizon's report, information sharing can "act like a vaccine" against cyber attacks. The report states that the spread of threat information goes beyond "just the indicators of compromise (malware hashes, YARA rules and such), but also [includes] working with law enforcement to investigate and bring the perpetrators to justice. It also requires sharing the more general context of cybersecurity incidents to inform prioritization of cybersecurity actions and law enforcement efforts to counter particularly damaging threats."

Using timely threat intelligence, law enforcement can alert both businesses and consumers of known and suspected attacks, helping them to take proper precautions to "immunize" themselves against the spread of things like malware. This means that as hacking tools and techniques become more widely available, critical threat information that can improve defenses must also become more broadly accessible.

So, how can law enforcement begin engaging more broadly in information sharing?

  • Tools and communities: There are a number of resources immediately available, including intelligence industry initiatives like information sharing and analysis centers and open source threat feeds that provide relevant cyberthreat data and insights.
  • Diversifying expertise: Developing the right expertise on staff, whether that means changing an existing employee's role or hiring an in-house threat analyst, can provide a more direct connection to the intelligence community, and help law enforcement agencies maximize the information they have.
  • Establishing the right partners: Threat intelligence partners can range from security vendors to local DHS fusion centers. These partners can provide common indicators and historical context that help prevent attacks, as well as best practices for incident response in the event a breach occurs.
  • Focus on forensic data: Leveraging in-house or external digital forensics and incident response resources as sources for key bits of data either during or after cyber attacks can yield valuable information in the fight against cybercriminals. Sharing information gathered with other law enforcement entities, organizations specializing in post-breach forensics and incident response, companies that have their own incident response resources, and government institutions can create a collective of expert knowledge that is a formidable counter to cybercriminal activity.

Although it is impossible to prevent cybercriminals from attempting attacks, organizations that properly take advantage of threat information can detect adversaries before they can do damage. Law enforcement plays an important role in this collaboration. By following best practices for threat intelligence sharing and taking a proactive approach, law enforcement can help pass along important information quickly, and thus enable organizations across all sectors to make better judgments and stop the bad guys in their tracks.

Related Content:

Travis Farral is a seasoned IT security professional with extensive background in corporate security environments. Prior to his current role as Director of Security Strategy at Silicon Valley-based threat intelligence platform provider Anomali, Farral was with ExxonMobil, ... View Full Bio
 

Recommended Reading:

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
TravisFarral
50%
50%
TravisFarral,
User Rank: Apprentice
8/1/2017 | 6:40:00 PM
Re: Perfect Timing, Great News
Good comments on this topic!  I imagine funding and training will be the biggest hurdles.  The most likely scenario would be to shift resources internally to focus on this kind of activity; pulling them from other duties.  As you said though, it will be interesting to see how local law enforcement agencies adapt to the changing landsape of how online criminals operate.
RetiredUser
100%
0%
RetiredUser,
User Rank: Ninja
8/1/2017 | 2:52:20 PM
Perfect Timing, Great News
It's unfortunate that due to staffing we have often seen law enforcement limited in their participation and in their entry-point for that involvement.  Coming in after the crime is committed is what we usually picture but the Hollywood-glamorized vision of the pro-active hacker task forces embedded with local law enforcement agencies really makes sense.  Staffing issues aside, this comes at a time when we need it the most.  One does wonder, however, how such activities are going to be funded, staffed and built out.  As anyone in tech knows, especially InfoSec IT, you're going to have a very specific set of requirements for providing the right environment for law enforcement to do the job they need to do.  Very interested in how this plays out and how it changes the overall InfoSec landscape.
COVID-19: Latest Security News & Commentary
Dark Reading Staff 8/3/2020
Pen Testers Who Got Arrested Doing Their Jobs Tell All
Kelly Jackson Higgins, Executive Editor at Dark Reading,  8/5/2020
New 'Nanodegree' Program Provides Hands-On Cybersecurity Training
Nicole Ferraro, Contributing Writer,  8/3/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
Special Report: Computing's New Normal, a Dark Reading Perspective
This special report examines how IT security organizations have adapted to the "new normal" of computing and what the long-term effects will be. Read it and get a unique set of perspectives on issues ranging from new threats & vulnerabilities as a result of remote working to how enterprise security strategy will be affected long term.
Flash Poll
The Changing Face of Threat Intelligence
The Changing Face of Threat Intelligence
This special report takes a look at how enterprises are using threat intelligence, as well as emerging best practices for integrating threat intel into security operations and incident response. Download it today!
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-15820
PUBLISHED: 2020-08-08
In JetBrains YouTrack before 2020.2.6881, the markdown parser could disclose hidden file existence.
CVE-2020-15821
PUBLISHED: 2020-08-08
In JetBrains YouTrack before 2020.2.6881, a user without permission is able to create an article draft.
CVE-2020-15823
PUBLISHED: 2020-08-08
JetBrains YouTrack before 2020.2.8873 is vulnerable to SSRF in the Workflow component.
CVE-2020-15824
PUBLISHED: 2020-08-08
In JetBrains Kotlin before 1.4.0, there is a script-cache privilege escalation vulnerability due to kotlin-main-kts cached scripts in the system temp directory, which is shared by all users by default.
CVE-2020-15825
PUBLISHED: 2020-08-08
In JetBrains TeamCity before 2020.1, users with the Modify Group permission can elevate other users' privileges.