Wednesday, 24 August 2022 07:10

Online theft is on the rise. Here’s what you should do

Rate this item
(0 votes)

Between 2008 and 2021, the FBI recorded a 207% increase in cybercrime reports, with losses hitting almost $7 billion last year. This is being driven by a highly professionalized cyber-threat supply chain that is enabling threat actors with little know-how and limited resources to imperil personal, economic and national security.

The bad news is that cybercrime innovation hasn't stopped. According to a new report from HP Wolf Security in the future we could see emerging technologies like AI and quantum computing be abused to line the pockets of criminal groups and further nation-state goals.

The key to resistance will be mastering security basics, planning for the worst and encouraging collaboration across industries.

The story so far

Criminals have used the Internet since the early days. The 1990s saw hobbyists use Internet Relay Chat to connect like-minded individuals online over topics such as hacking and exploit development.

By the late 2000s, the high barrier to entry for hackers was lowered by commoditized malware kits and financially motivated groups began to coalesce around banking fraud. 

More recently, threat actors shifted to data denial and destructive attacks, leveraging "as a service" models and embracing ransomware as their monetization method of choice.

Today's cybercrime economy is characterized by complex supply chains comprised of individuals with highly specialized skills. Network access, control and persistence is prized above all else, whether via credentials or exploiting vulnerabilities.

The supply for both has exploded, lowering prices and barriers to entry. After undertaking a three-month analysis of underground markets and forums, the report found that compromised RDP credentials are selling on average for just $5 each and that over three-quarters of malware advertisements listed are under $10, and nearly all (91%) adverts relating to exploits are under $10.

Value-added services rolled out by malware sellers make launching attacks even easier for those with few technical skills. They tout one-to-one mentoring, exemplary customer support and discounted malware hosting through bulletproof hosting providers. 

The report concludes that just 2-3% of sellers are actually coders, reducing cybercrime to a series of reproducible, procedural steps that threat actors can follow again and again to make money.

In this new world, trust and reputation are everything. Vendor feedback scores are ubiquitous, of course and most sites offer dispute resolutions and escrow payments. But we also observed that 77% of criminal marketplaces now require a "vendor bond" or license to sell, which can cost threat actors thousands. 

When so much is at stake and the lifespan of Tor-based sites is so short, it's perhaps unsurprising that cyber-criminals have also devised ways to transfer their hard-won reputation between marketplaces.

Scanning the horizon

We're likely to see a continuation of the collaboration, specialization and professionalization witnessed to date. Hackers will continue to exploit the expansion of corporate attack surfaces, perhaps upping the ante with extortion attacks timed to create the most disruption.

In doing so, we'll see more of them use the tools and techniques once the preserve of a limited few APT groups. In fact, the lines between cybercrime and nation state actors will continue to blur, either with hostile states sheltering criminal gangs or investing directly in cybercrime as a revenue stream to evade sanctions.

As always, they will be first to use emerging technologies. Quantum computing could be deployed to supercharge decryption efforts. The web3 vision of a decentralized, blockchain-based internet could also open up new opportunities to create reputation systems that support the cybercrime economy, which may be harder for the authorities to take down. 

AI could also be used to automate the selection of targets from a victim's address book and build highly convincing spear-phishing attacks based on previous communications, helping to improve ROI.

Resilience, best practices and collaboration

We all need to do more to fight this growing cybercrime machine. For individuals, this means become more cyber aware. For organizations, there is a need to focus on mastering the basics, planning for resilience and collaborating to reduce risk.

Basic mastery includes things like following best practices like multi-factor authentication, IT asset discovery and management, vulnerability management and controls to restrict what can be installed on machines. 

But it also includes prioritizing self-healing hardware to boost resilience in the event of a breach. In addition, organizations must shut off common attack routes, such as those delivered via email and the web, which could be neutralized through techniques such as threat containment and isolation.

Next comes resilience – achievable by putting in place the people, processes and technology to detect, prevent and recover from any attack before it gets serious. This means planning for the worst-case scenario, putting the processes in place to limit supply chain and insider risk, and practicing incident response repeatedly.

Finally, remember security is a team sport. Collaborate with peers, invest in third-party security assessments and penetration testing and gather and share threat intelligence with industry peers – to see what's happening now and what might be around the corner.

Today's cybercrime underground is not dissimilar to the workings of a factory. It features a high degree of specialization, with criminal labor sub-divided into niche roles, while other tasks have been distilled into repeatable, almost automated workflows. 

It is also undeniably industrial in scale and impact. Understanding these dynamics is the first step on the road to building greater resilience against a formidable adversary. The bad guys may be first to take advantage of new technologies.

But with better insight, defenders can build effective strategies to mitigate the impact of cybercrime head on.

 

Inc

December 25, 2024

Investors add N500bn profit on Christmas Eve to the N1trn raked in last week as…

The Nigerian Exchange (NGX) is ending the year on a high note, with investors adding…
December 20, 2024

Atiku questions alleged hack of NBS website, says timing suspicious

Former Vice President Atiku Abubakar has raised concerns over the recent claim that the website…
December 25, 2024

Why Christmas and the birth of Jesus are all about hope, peace, joy and love

The Advent season is about preparing our hearts, minds and souls to welcome the birth…
December 21, 2024

‘Professional Back-Scratchers’ charge up to $130 per hour

The Scratcher Girls is an unconventional relaxation therapy studio that charges clients up to $130…
December 21, 2024

NAFDAC busts illegal rice repackaging operations in Nasarawa, Abuja

The National Agency for Food and Drug Administration and Control (NAFDAC) has cracked down on…
December 26, 2024

What to know after Day 1036 of Russia-Ukraine war

WESTERN PERSPECTIVE Russia launches 'inhuman' Christmas Day attacks, Ukraine says Russia attacked Ukraine's energy system…
December 25, 2024

Stem cell therapy to correct heart failure in children could 'transform lives'

Renowned visionary English physician William Harvey wrote in 1651 about how our blood contains all…
December 17, 2024

Ademola Lookman named 2024 CAF Men’s Player of the year. These players won in other…

Ademola Lookman, the Super Eagles winger, was crowned the 2024 CAF Men’s Player of the…

NEWSSCROLL TEAM: 'Sina Kawonise: Publisher/Editor-in-Chief; Prof Wale Are Olaitan: Editorial Consultant; Femi Kawonise: Head, Production & Administration; Afolabi Ajibola: IT Manager;
Contact Us: [email protected] Tel/WhatsApp: +234 811 395 4049

Copyright © 2015 - 2024 NewsScroll. All rights reserved.