Crime Has Become Cybercrime

Cybercrime is in the headlines. - whether it is a ransomware attack, a huge data breach, theft of intellectual property, or the unavailability of service, ‘cyber’ is playing an increasingly important role for both enterprises and individuals alike.

Nowadays, nearly all crimes have an element of cyber to them and we’re seeing more ‘traditional’ criminals get into the cybercrime industry.

However, this isn’t just bandwagon jumping; there are actually some very good reasons why the world of cyber makes a lot of sense to criminals.

Lowering Barriers to Entry

Go back ten years or so and ‘hacking’ knowledge was limited to a few select individuals that understood technology. It wasn’t easy to find experts that were willing to be “hackers for hire”, and for those new to the industry, acquiring such skills wasn’t an easy task either.

However, in recent years, the barriers to entry have gotten significantly lower due to a few key factors:

1. Availability of online marketplaces. Online marketplaces have become commonplace and provide a convenient place where hackers for hire can advertise their skills to bidders. These can encompass a broad range of services such as DDoS attacks, botnets, and targeting of individuals or businesses, as well as custom services.

2. As-a-service. Taking a cue from legitimate businesses, cybercriminals are beginning to remodel their organizations for greater efficiency. This has resulted in the rise of “cyber-crime-as-a-service”. For example, Petya & Mischa ransomware-as-a-service (RaaS) was launched in July 2016. This platform encourages distributors to generate high returns by enticing them with the cybercrime equivalent of performance bonuses.

If distributors generate less than five bitcoins in a given week, then they only earn 25% of the ransom paid. However, if the weekly payment is over 125 bitcoins, then they can potentially keep 85% of it. Through such initiatives, the RaaS business model has proven to be highly lucrative, for both the providers and the distributors, and there’s no sign that the these operations will go away anytime soon.

3. The rise of cryptocurrency. The third leg of the stool is made up of crypto currencies such as bitcoin, which allow payments to be made anonymously. This allows cyber-crime service providers to sell their wares easily, and also allows cyber-criminals to extort money from their victims more effectively.

Profit and Loss

Another aspect contributing to the rise in cybercrime is the increase in potential profits. The cyber-crime market is lucrative because of the extent to which things have gone digital. Everything from finance, to healthcare, to national infrastructure is connected in some way or another. On top of this, the introduction of IoT and smart devices has resulted in an explosion of connected devices, each of which presents a potential money-making opportunity for a clever hacker.

The abundance of connected devices gives criminals an advantage because there will always be unsecured, unpatched, or simply insecure targets. Attacks can be targeted against particular businesses, or can indiscriminately affect companies of all sizes and within all verticals.

There are also some cases where a criminal could potentially make as much profit targeting individual consumers as they could from attacking large enterprises. By targeting individuals, hackers further lower the bar to entry, as no pre-qualification needs to be done on the target.

Key Takeaways

The growing number of criminals taking advantage of lucrative cyber money-making opportunities will unfortunately only continue to grow. Therefore, it is more important than ever that enterprises and individuals take appropriate steps to protect themselves from cyber-attacks. Here are few tips to bear in mind:

  • User education and awareness is the first, and arguably the most important, line of defense. For example, knowing not to click on suspicious links could prevent a potential infection entirely.
  • Segregating critical systems and assets is also a good defensive measure. In the event that a user does click on a link, having segregated systems will prevent infections from spreading.
  • Have robust detection and response controls in place, which are enhanced by threat intelligence, is also critical so that infections can be detected quickly and remedial action taken immediately to minimise impact.
  • Finally, the importance of backup processes cannot be forgotten or neglected. If the worst does happen, it’s often better to wipe systems and reinstall from a clean, trusted backup than try to fix the mess.

CSO Online:

You Might Also Read:

Cyber Criminals Have Access To Weapons Grade Hacking Tools:

Police Can’t Reduce Cybecrime:

Cybercrime Is A Boardroom Issue:

 

 

« Is The US Constitutional Right To Free Speech Threatened Online?
IoT For Business & Creating 'Digital Twins' »

CyberSecurity Jobsite
Check Point

Directory of Suppliers

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

Directory of Cyber Security Suppliers

Directory of Cyber Security Suppliers

Our Supplier Directory lists 8,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

Resecurity

Resecurity

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

ZenGRC

ZenGRC

ZenGRC (formerly Reciprocity) is a leader in the GRC SaaS landscape, offering robust and intuitive products designed to make compliance straightforward and efficient.

Cyberis

Cyberis

Cyberis are pioneers in customer-focussed information security. Since 2011, we’ve been helping businesses protect their brands, customers and reputation.

LogRhythm

LogRhythm

LogRhythm's security platform unifies SIEM, log management, network and endpoint monitoring, user behaviour analytics, security automation and advanced security analytics.

IEEE Computer Society

IEEE Computer Society

The IEEE Computer Society is the world's leading membership organization dedicated to computer science and technology.

Information Security Research Association (ISRA)

Information Security Research Association (ISRA)

ISRA is a non-profit organization focused on various aspects of Information Security including security research and cyber security awareness activities.

Ilex International

Ilex International

Ilex International is a European software vendor which specialises in Identity & Access Management solutions.

ISC2

ISC2

ISC2 is an international, non-profit membership association for information security leaders. Our information security certifications are recognized as the global standard for excellence.

Introspective Networks

Introspective Networks

Introspective Networks (IN) is a Cybersecurity company focusing on securing data in the network and automating knowledge work to decrease vulnerability points to critical infrastructure.

Lynxspring

Lynxspring

Lynxspring provides edge-to-enterprise solutions and IoT technology for intelligent buildings, energy management, equipment control and specialty machine-to-machine applications.

Resilience First

Resilience First

Resilience First is a not-for-profit organisation, led and funded by business to strengthen collective business resilience in all areas, including cyber security.

Cansure

Cansure

Cansure is a leading insurance provider in Canada offering a broad range of property & casualty insurance solutions including Cyber & Data Breach insurance.

Celerium

Celerium

Celerium transforms cyber defense for both companies and industry sectors by leveraging cyber threat intelligence to defend against cyber threats and attacks.

DreamIt Ventures

DreamIt Ventures

DreamIt Ventures is an early stage venture fund that accelerates startups building transformative tech products in the fields of Healthtech, Securetech, and Urbantech.

neoEYED

neoEYED

neoEYED helps banks and fintech to detect and prevent frauds using a Behavioral AI that recognizes the users just by looking at “how” they interact with the applications.

Prism Infosec

Prism Infosec

Prism Infosec is an award-winning independent cyber security consultancy, CREST STAR, NCSC CHECK member, CAA ASSURE audit provider and PCI Qualified Security Assessor.

Secur-Serv

Secur-Serv

Secur-Serv is a security-first managed services provider. We provides Managed IT, Managed Print, Managed Device, and Cybersecurity services to companies of every size.

Aryon Security

Aryon Security

Aryon Security is redefining cloud security with the ability to enforce cloud strategy with confidence, enabling organizations to prevent risks before they emerge.