There is a genuine sense of intrigue surrounding the individuals and groups behind today’s cybercrime activities. That’s hardly surprising given their need to avoid detection, but the widespread lack of insight into the motivation driving everything from botnets and hacking to ransomware and identity theft only adds to the risk organisations face.
So, who are these people? What are their objectives and what can we learn from their approach to deliver more effective protection and mitigate their ever-changing tactics? For many, answering these questions needs to start with a refresh. Gone are the days, for instance, when the primary risks from cybercrime came from individual hackers, although they still pose a significant threat. However, many people cling to this stereotype and in the process assume that only governments or bigger companies are likely to be targeted. In doing so, organisations seriously underestimate their own levels of risk, which have grown dramatically thanks to the industrialisation of cybercrime.
Instead, if you think of commercially-focused cybercrime as having a business model, then you’re already better placed to put today’s risks in their true perspective. Increasingly, this is delivered via formally organised, well funded infrastructure and processes that are focused on meeting revenue and profit targets.
In some countries, organised cybercrime is hidden in plain view. Teams of people work together in office and remote environments with defined roles and objectives, backed by training and motivated by performance goals. Indeed, some of these organisations have even established their own version of ‘customer support’ to help their victims efficiently process ransomware payments in bitcoin.
These ‘businesses’ are very aware of how changes in their ‘markets’ may offer new opportunities, just as every legal enterprise looks to profit from emerging trends or evolving customer behaviour. Last year, for instance, there was a notable increase in malware attacks on remote workers, with cybercriminals looking to engineer access to corporate networks by encouraging people to click on links or attachments about the use of video or collaboration tools, for instance.
On an even greater scale, governments everywhere are more than capable of organising the resources to mount sustained and highly sophisticated cybersecurity campaigns. Nation-state espionage has itself been transformed in the digital age, and one only needs to look at recent highly complex attacks, such as the one carried out on Solarwinds, to appreciate the time and expertise being invested in these efforts. Evidence submitted to recent US Senate hearings about the attack suggested that “at least 1,000 very skilled, very capable engineers worked on the SolarWinds hack”, according to a report in The Guardian.
One of the other problems organisations face is that the true motivation for an attack may never be fully understood. Just recently, for instance, an online launch event for the Williams Grand Prix team was disrupted when hackers accessed the back end of an Augmented Reality (AR) app that was to give fans a close look at its new car design, until the security breach meant it had to be pulled at the last minute. The team was quick to point out that none of its core systems were compromised in the attack, but the incident further underlines that cybercriminals are constantly looking for potential points of entry to corporate networks.
Taking this at face value means that the motivation behind the attack may remain – publicly at least – unknown. In this and any number of other examples, whether the hackers were looking for a way to hold corporate systems to ransom or to access valuable IP could be among various reasons for mounting such a bold attack.
And therein lies a lesson for everyone else. Being prepared for every motivating factor means organisations are always much better placed to effectively address today’s varied cybercrime personas. The more organisations who understand that cybercriminals are now often as well resourced and organised as those they are targeting, the better placed they will be to protect themselves.