Would it surprise you to find out that cyber criminals operate their ventures very similarly to how legitimate businesses are run? Well, that’s exactly what they do, and they’ve been doing it for years.
They’re so organised, in fact, that their global footprint includes things like product catalogues, cutting-edge payment mechanisms, training materials and organisational structures spread out across global communities and policies that include things like SLAs and consequences for non-delivery of agreed-upon services. Things that you’ll find in any big legitimate business venture.
This is according to Jon Ramsey, the Chief Technology Officer of Secureworks, who spoke at the recent Dell World conference that took place in Austin, Texas.
“If you want to defend against the threat, you have to understand the threat”, he said. Secureworks does that by investing in a Counter Threat Unit which is staffed by over 100 people. Ramsey says these people are puzzle solvers, who spend a lot of time investigating new ways to force cyber criminals to go back to the proverbial drawing board.
Take a financial approach
One of the ways they’ve discovered is to take a financial approach, and make it too expensive for the criminals to operate.
That is done by increasing the costs associated with their activities to the point where it makes no sense for them to do it anymore; since cyber criminals are after profit – like any business is – eating into their bottom line is a great way to subtly encourage them to go looking elsewhere.
Ramsey quoted a 2014/2015 cybercrime report states that 445 billion US dollars are projected to be stolen by cyber criminals in 2016.
From Russia with h4x
A lot of cybercrime appears to be driven by hackers based in Russia, he said, and a new trend has emerged where – instead of stealing information and selling it – hackers have turned their attention to creating and selling the tools with which others can do the stealing.
They’ve developed the concept so far that they’ve even created professional, high-quality tutorial videos showing people how to use those tools.
And because the market is now more competitive than ever, some hacker groups have taken to marketing themselves and implementing differentiated customer service to set themselves apart from their competition.
These high-tech criminal organisations even have fully-manned help desks staffed by people proficient in a range of international languages for that all-important 24/7 help unscrupulous (but technically inept) wannabe-hax0rZ need.
In fact, these criminals are so confident in their abilities that the marketing they put out goes along the lines of “Give me a system and we’ll write an exploit for it”. People pay for the “service” using various anonymous payment mechanisms (Bitcoin is quite popular, says Ramsey), and turnaround times for the delivered product are anything from a single hour to seven days.
As much as 20 to 30% of a hacker group’s revenue is spent on marketing, complete with channel programmes and referral codes.
And in a rather cheeky move, Ramsey said these groups also offer buyers “complete confidentiality” through the use of transaction brokers and intermediaries. These “guarantors” ensure the deal goes down as it’s meant to, and that all parties are satisfied with the results. And as the literal middle men, these guarantors not only broker the deals between two parties that never meet, but they have the opportunity to sell the same hack twice. Good business.
Forever playing catch-up
As feverishly as IT security researchers are working to develop tools to thwart cyber-attacks and data theft, so too are the criminals developing new ways to get what they want. And sadly, the criminals are often a few steps ahead of the researchers. This is a sentiment echoed by Ramsey, as well as every other security researcher we’ve ever talked to. It’s a never-ending battle.
Encrypting data so that it’s only accessible by the parties with the proper keys has become a big thing in the IT world. This has forced criminals to change how they go after encrypted data – instead of chasing it in transit or at rest, where it’s safest, they’re now intercepting it where it’s most vulnerable: in memory.
The only way to defeat this new approach is to change the way the entire x86 architecture functions, Ramsey says, and that can only be done outside of the machine. It’s a huge job, in other words, and one that will require the input of just about every major stakeholder in computing technology.
Ransomware, meanwhile, topped the attack lists over the last six months, taking the first four spots. It’s easy to deploy, it’s highly effective and now, hackers don’t even need to write their own encryption algorithms – they can simply buy pre-made ones from underground hacker markets.
Ramsey says the best thing people can do to deal with ransomware, other than avoiding opening strange email attachments in the first place, is to keep regular backups of their important data. And preferably offline, as online backups can also be encrypted by attackers.
Pay as you go
And “customers” of these hacker types have a lot of choice, just like legitimate buyers at legitimate businesses. They can either buy the tools and execute the attack themselves, or simply pay for the type of attack they are interested in, and point the hackers they’re paying at their intended target.
Look carefully, and you’ll see that this is the same “Pay for what you use” model employed by many big organisations these days.
So yes, cybercrime is not only big business in terms of the money it’s able to steal, but it’s also being run just like big business itself, complete with the same structures and objectives – maximise profit in the most efficient way possible, while keeping running costs low.
What a brave new world we live in.
[Image Credit – Pixabay, CC by 2.0]