The corporate face of cyber crime

Board meeting room with empty chairs

Based on research from partner vendor Check Point, Intercity estimates the the global cyber crime 'economy' to be $6 trillion, which in GDP terms would make it the third largest economy in the world today (between China at $13.4 trillion and Japan at $4.97 trillion). As companies have experienced an accelerated digital transformation due to the pandemic, this greater reliance on technology has vastly expanded the attack surfaces available. To achieve this level of success, however, cyber criminals are no longer independent lone wolf ‘bad actors’. Maintaining such a vast volume of crime has required sophisticated organisation – just like the companies they are attacking.

The first officially prosecuted cyber criminal, Captain Zap, hacked the American telephone system on his own in 1981 – or if you want to be an absolute purist, two robbers hacked the French telegraph system in 1834 to steal information from the stock market. Individuals such as this were the norm for most of the history of cyber crime. Now, however, the income that can be obtained and the ready availability of corporate systems to attack have made it worthwhile for cyber criminals to build their own company structures mirroring those of their victims, and a necessity. They set targets, employ hackers or general researchers on a nine-to-five basis, and even provide outsourced capabilities to third-party organisations.

One of the key developments for cyber crime, as it has been for the wider society, was the rise of social media since the turn of the millennium. This unleashed a flood of personal information that could be harnessed to assist cyber attacks and as the basis for ID theft. The fact that the internet has made digital business into a global phenomenon has also made it entirely possible for attackers to perform their hacks from outside the country of the business targeted, or even from comparative safety of a nation that is hostile to the target. The infamous WannaCry ransomware that played such havoc with the UK NHS allegedly came from a North Korean state-sponsored organisation called the ‘Lazarus Group’.

As an increasing portion of our lives is lived online, companies have followed suit and delivered more of their services this way, such as online shopping, digital health apps and leveraging cloud infrastructure. Similarly, supply chains have become increasingly extended and complex, vastly stretching out the possible locus of vulnerability. Last year, SANS argued that there was a 70% chance that a detected cyber breach will have come from a supplier rather than directly via an attack on the main company. These trends were already in existence when the pandemic put a foot on the accelerator, leading more employees to work remotely and students to be educated at home.

Cyber criminals might be called gangs, but they are organised much more like ‘straight’ businesses now. Once set up in a country that turns a blind eye to their activities, they can hire local talent and employ them for the complicated tasks involved in modern cyber breaches. Some organisations are large enough to have their own HR departments and set employee productivity goals against key performance indicators (KPIs). The same techniques that achieve maximum productivity in legitimate companies are being used to improve the performance of cyber crime.

Hacking into the resources of a large company takes time, ingenuity and patience, which can make it a full-time job for a team across months or even years. Criminal gangs will spend large amounts of time researching a target, including monitoring their social media posts to get a clearer picture of their habits. Phishing becomes ‘whaling’ when the target is big and important, such as a company CEO. Criminal organisations are joining forces and combining crime expertise, such as ransomware and extortion.

One easy way to spot fraudulent emails used to be via the quality of the English spelling, grammar, usage and style. But now there is evidence that some cyber crime gangs are hiring the services of professional native-language writers to make their phishing emails less distinguishable from real communications. It also used to be possible to distinguish between an independent gang and a state actor by the scale and sophistication of their attack, but now some gangs can be even more capable than a country. Infamously, in 2020 one gang flew a Russian national to the US with $1 million to bribe a Tesla employee to install ransomware. They failed, but it’s likely that other attempts have succeeded.

Some cyber crime gangs are developing commodified tools that are then sold on the dark web, such as TrickBot, CryptoSink, Linux Worm and Skidmap. These groups act like conventional software houses, constantly improving their applications and releasing new updates. Some even provide customer support for their software via telephone, email and online chat assistance. Stolen data is traded online via the dark web, too, as are SSH keys that can provide access to an organisation’s applications and data.

So much of cyber crime now involves breaching the weakest link in any organisation – its employees. Although technology is leveraged to find the weaknesses amongst these employees, and to deliver the attacks, it is often personal knowledge that provides the foundation. The social media accounts of employees can provide details of their habits, the products and services they use and even the names of relatives or locations and events of personal importance. A concerted, corporate-style effort to collect this kind of information is frequently likely to uncover a way into an organisation, enabling data theft, ransomware installation or both.

Now that there is an industrial-scale threat from cyber attack, companies face a very real danger, and a much higher chance than ever before of becoming a target. There will be nothing personal about it. The breach will be all in a day’s work for the cyber criminal gangs. This is why it has never been more essential for companies to put strong security in place against cyber risk. Security-as-a-Service such as provided by companies like Intercity can give companies of any size the resilience of a large corporation, with far less management overhead.

Intercity offers straightforward, reliable expert advice and support to help you beat these well-organised threats to your business. That way, the cyber criminals won’t make your company’s expense part of their profit line.

Attack surfaces have vastly expanded. Learn how Intercity can help protect your business

ITPro

ITPro is a global business technology website providing the latest news, analysis, and business insight for IT decision-makers. Whether it's cyber security, cloud computing, IT infrastructure, or business strategy, we aim to equip leaders with the data they need to make informed IT investments.

For regular updates delivered to your inbox and social feeds, be sure to sign up to our daily newsletter and follow on us LinkedIn and Twitter.