The World Economic Forum's 2020 "Global Risks 2020" report notes that the digital space is characterized by growing geopolitical tensions and meddling, a lack of technology governance, and a greater overall reliance on technology. Further, more than half of the world is connected to the Internet, and the number grows by a stunning 1 million people a day. As a result, cybercrime has become the second-greatest risk that business will face over the next 10 years.
Unfortunately, cyberattacks on critical infrastructure have become almost routine in sectors such as energy, healthcare, and transportation. They have brought entire cities almost to a standstill. Public and private sector organizations are also frequent targets of cybercriminals, who can easily purchase various types of sophisticated cyberattack tools and services on the Dark Web for next to nothing.
Not Your Typical Street Gang
The cybercrime universe is not a monolith but, rather, an interconnected network of different attacker groups. Together, they have evolved into a genuinely disruptive force whose practitioners are just as organized, clever, and nimble as the hottest new tech startup. This reality is key to understanding global cybercrime and how it affects companies.
By working as a network, cybercriminals can do their jobs better. Each group specializes in a particular discipline, and different groups often work together to take advantage of each other's know-how. This is what makes them more effective and enables them to focus on technical and financial success in a given attack.
To achieve their goals, cybercriminals leverage both technical expertise and the panic they generate in their targets. Both can have devastating consequences.
Since 2018, a new form of attack focused on ransomware has been observed and described by a Thales report, "Cyber Threat Handbook 2020." The dramatic increase in ransomware attacks is part of a broader phenomenon known as malware-as-a-service and closer collaboration among major cybercriminals. In addition, several ransomware-as-a-service operations have been particularly effective. In 2019, one of the best known, GandCrab, developed by a group known as Pinchy Spider, extorted total earnings of $150 million in 12 months before shutting itself down. Other services, such as Sodinokibi — probably developed by the same group that conceived GandCrab — filled the gap.
A Surging Underground Economy
With revenues estimated up to $1.5 trillion a year — on average, 1.5 times more income than counterfeiting and 2.8 times more than the illicit drug trade — the cybercrime network is an economic system that can now threaten any company or organization and jeopardize the global economy. Roughly 60% of its massive revenues are estimated to come from illegal online markets for stolen data and 30% from pilfering intellectual property and trade secrets. Interestingly, only 0.07% is derived from ransomware, which inflicts the most real-world damage.
According to Europol's 2020 "Internet Organised Crime Threat Assessment" (Note: Link will download a PDF) report, both ransomware and distributed denial-of-service (DDoS) attacks are prevalent and underreported crimes. European law enforcement observed attacks targeting telecommunications and technology firms, where, in some cases, DDoS attackers threatened companies with reputational harm and extorted them for payment. For example, private sector respondents reported smaller-volume attacks that are capable of blocking smaller data centers. Small requests from 700 IP addresses make it difficult to block against a DDoS attack and difficult for investigators to trace the attacker responsible as the attack comes from multiple IP addresses.
Digitally Advanced Industries in the Crosshairs
While cybercrime affects some industries more than others, cybercriminals are opportunists who typically set their sights on vulnerable companies they stumble upon rather than carefully chosen targets. They do so by penetrating and then scanning a company's network to find and exploit vulnerabilities. Over the past year, cybercriminals have begun to target more digitally advanced industries, such as hosting, e-commerce, and e-gaming. The demand for the services of companies in these areas has exploded during the pandemic, but can only be met when their platforms are available and reliable. Of course, cybercriminals reap their rewards by ensuring that they aren't. In March 2020, malicious individuals targeted a popular German food delivery website and demanded 2 Bitcoins to cease their DDoS attacks. In August, as detailed by Link11, hackers claiming to be the Armada Collective launched a far-reaching campaign against Internet service providers and hosting providers. (Full disclosure: I'm Link11's COO.)
Big Game Hunting
According to the Thales report, so-called "Big Game Hunters" employ tactics, techniques, and procedures (TTP) and technical infrastructure comparable to certain state-sponsored hacking groups. They attack political institutions and major corporations using ransomware or DDoS attacks to extort large sums. In September 2019, Wikipedia was hit by a "massive and very broad DDoS attack,, apparently because someone wanted to test a brand-new Internet of Things botnet designed to make it easier to illegally promote and sell his services on the Dark Web. In August 2020, the New Zealand stock exchange was knocked offline and had to stop trading for days because of a wave of DDoS attacks "from abroad," supposedly perpetrated by the Russian hacking group Fancy Bear.
Cybercrime affects everyone, from individuals to global corporations and critical infrastructures or governments. Attacks remain successful because of inadequate cyber hygiene, often due to a lack of security automation. Cybercrime isn't going away — if anything, it's poised to grow. Because there are so many cybercriminal groups out there, it's becoming ever harder to attribute a given attack to a specific perpetrator. Thus, the public and private sectors must seek closer collaboration and regular information exchange to ensure timely responses to emerging threats.
As a rule, organizations should never pay ransom (which only funds further attacks), recruit top-notch technical assistance, prepare disaster recovery plans, and practice crisis management. This includes having preapproved crisis communication materials ready, and filing cyber complaints with law enforcement when experiencing an attack.