I don’t know about you, but when I picture cybercriminals, I picture guys in hoodies fiercely typing on their computers in a dark basement, unintelligible commands and codes flickering across the screen at lightning speed.
Raveed Laeb, Vice President of Product for KELA (pronounced Kay-la), a cyber intelligence technology company, gives us a behind-the-curtain view of the world of cybercriminals in the latest Reimagining Cyber episode, “Inside cybercrime with Raveed Laeb.” Once a part of the Israeli defense force military intelligence, and still serving as a Captain in the Israel reserves, Laeb’s extensive experience provides a unique view into the cybercrime space.
Cybercriminals do not discriminate. Whether you’re a two-man shop or a company with hundreds of thousands of employees, or even a ‘regular Joe’ just trying to check your e-mail, we’ve all been hit by cybercriminals. What’s not clear is the underbelly of their world. The economy of it all. That was one of the most surprising things I learned this week – the economy and business-side of the, well, business of cybercrime.
The Business of Cybercrime
“It's easy to think about cybercrime as this shadowy, weird kind of thing, kind of a Wild West happening in the background of everything, a chaotic and weird and lawless place. Whereas, “in reality,” Laeb says, “just like a legitimate business, cybercrime works on, or at least most cybercrime, works on money.”
Just like in the “real world,” the cybercrime business works off of supply, demand, and skillsets. For example, service specialization. People sharpen their skill sets, monetize them, and improve their cash flow and ROI.
Like a regular business, cybercriminals are worried about scale and repeatable processes.
“They are worried about having the same thing be repeatable in terms of business success, and over time, that really drives the economy into a few different or very distinct places,” Laeb notes.
For example, ransomware. Threat actors that had success found key principles that they need to make it repeatable, and then just made it work, Laeb says.
Lastly, cybercriminals are strategic in that they outsource what they can.
“People understand their niches, understand their roles, understand how they can contribute to the business, and really find their places,” Laeb says. “They find ways and channels to offer what they have, to offer goods and services, and everything in between.”
Think of it like the Fiverr for cybercrime.
Trends in Cybercrime
Simple malware, akin to the common cold, used to be something big corporations weren’t very worried about. It was just something organizations got hit with and handled. Over the last two to three years, there has been a shift in the industry where this malware is seen as a part of “big game hunting”. Initial Access Brokers (IABs) leverage this malware to capture credentials and other data to sell illegitimate access to corporate networks.
“[With] a lot of people working from home…personal computers or computers that are out of the actual [enterprise] network can be used to login into system critical resources. So, you can have an employee being infected, and credentials with session cookies and a lot of very sensitive things that are used to login into an enterprise VPN are now at the hands of cybercriminals,” Laeb says.
The use of IABs in cyberattacks has surged. This could impact not only work information (like passwords for access to firewall-protected applications) but also personal-use programs like Netflix and personal e-mail. IABs take this information and sell it on the cybercrime ecosystem. By turning to IABs for network access, cybercriminals can focus their efforts on deploying more sophisticated attacks on target companies.
Ten years ago, when you wanted to update your Windows operating system, you purchased a CD (yes, I’m dating myself) and manually updated the software. Or if you wanted to watch a movie, you ordered Netflix DVDs online and (im)patiently waited for them to arrive in a week in the mail. Now, you can download the latest version of software or stream content directly. The cybercrime industry is no different.
Now, cybercriminals can outsource their needs by logging onto an online marketplace and buying access to an e-mail list, instead of doing the work themselves. Laeb explains it like this, say, for example, cybercriminals were sending a phishing e-mail, knowledge of business-level English would be necessary. Instead of learning it themselves, they can outsource the written business-level English to a “freelancer,” if you will, that will do this piece for them. Like regular business, the cybercrime space has become service-oriented. Ransomware as a service, for example, has wreaked havoc on organizations and personal computers as well.
Streamlining the Business
Yes, even cybercriminals struggle with efficiency, scale, and improving workflows. Laeb states that cybercrime businesses struggle to fill roles with people who have the correct tech skillset, automating processes, and even communicating effectively.
“We can see a lot of discussions about how much they get paid, for example, and where the offices are located. And that was a very interesting point that showed, for example, how do they communicate? They want very easy chats so they can communicate efficiently between one another. They want scripts and tools that automate their initial accesses that they want to validate for them,” Laeb says.
This shift shows two things: cybercriminals are focused on automation and use legitimate tools and software to streamline their workflows.
While trends don’t show cybercriminals building their own machine learning (ML) or artificial intelligence (AI) tools, it does show them purchasing ML and AI products to get a deeper understanding of how they work and how they can impact their own businesses.
How to Protect Yourself from Cyber Criminals
Laeb recommends going back to basics:
- Understand the patch cadence for your software so you’re ahead of vulnerabilities
- Use multi-factor authentication
- Understand what’s most important to protect and defend against
- Reduce your digital footprint and/or attack surface – cybercriminals aren’t necessarily focused on you, they’re focused on anyone, so you don’t want to be the fish caught in their net
- Provide multiple levels of security to impede breaches
“A threat actor shouldn't need just one opportunity to get into your network. They should get one opportunity for every layer of defense that you have,” he says.
Have you seen any trends in cybercrime that you would add to this list? Drop them in the comments below!
CyberRes is a Micro Focus line of business focused on helping companies protect, detect, and evolve their security framework and helping organizations become more cyber resilient. To learn more, visit CyberRes.com.