Cyber-Risk & Resilience 2017

Issue link: https://raconteur.uberflip.com/i/916170

Contents of this Issue


Page 7 of 7

RACONTEUR.NET CYBER-RISK & RESILIENCE 8 17 / 12 / 2017 ERP systems contain your most valuable data. However, these systems are often riddled with vulnerabilities and are typically insecure. SAP ® , for example, is the largest provider of ERP systems in the world. Their suite contains hundreds of millions of lines of code – compared to the 9 mil- lion lines of code in your Firefox web browser. Securing such a complex system takes automation, knowledge, and flexibility. Virtual Forge scans your SAP ® systems, secures them and makes sure they stay secure. The good night's sleep comes at no extra charge. You're welcome. Understand Your Risk It takes an average of 146 days to detect an attack on your ERP system. Detect it immediately with Virtual Forge. https//info.virtualforge.com/sundaytimes HOW AN ORGANISED CRIMINAL GROUP IS SET UP National Cyber Security Centre 2017 How organised is organised cybercrime? Make no mistake, cybercrime is big business and run like an industry with levels of deceit shielding the masterminds from capture DAVEY WINDER L aw enforcement, security vendors and white hat hackers all collaborate in the fi ght against cybercrime. It would be naive to imagine that cyber- criminals are not meeting this challenge in kind. Yet far too many organisations seem to think that the dark side of the internet is still inhabited by teenagers in hoodies look- ing to make some beer money. The truth is that your average cyberattack- er will be part of an organisation that is far closer to a corporate enterprise in its struc- ture. "Cybercrime units possess roles that we typically come across in any large legiti- mate business such as partner networks, as- sociates, resellers and vendors," says Kevin Curran, professor of cybersecurity at Ulster University, "and they even have dedicated call centres which are typically used to help with requests from ransomware victims." So who are the successful threat actors and how do these criminal groups organise themselves? The youths in hoodies certain- ly do exist but, as new entrants in the cyber- crime fraternity, are usually "only capable of leveraging low-level hacking tools", says Travis Farral, director of security strategy at Anomali. "But they may eventually be writing their own tools or enhancing the ca- pabilities of existing tools," he says. Almost inevitably, as they mature they become part of sophisticated cybercrime groups. Interestingly though, Jim Walter who is senior research scientist at Cylance, says the more sophisticated a crime group is then the more isolated it becomes. "That's true for government or nation state-spon- sored operations and criminal groups as well as those that straddle either side. Whereas mid-tier operations have more visible partners and will use any enabling resource you can imagine," he says. These will include much the same open source and commercial tools that legiti- mate organisations rely on to do business. "Criminals will use common tools like WhatsApp, Slack and Google Groups to con- duct their business in real time; tools that are available on both the regular internet and the onion-routed networks commonly referred to as the dark net," says Chris Day, chief cybersecurity offi cer at Cyxtera. But Ed Williams, senior threat intelli- gence consultant at Context Information Security, doesn't believe it's always such a dark world. "Brazilian cybercriminals, trailblazers when it comes to fi nancial cy- bercrime, are renowned for communicating and marketing their wares on social me- dia," he says. Morgan Gerhart, vice president at Imperva, argues that cryptocurrencies and dark webs have between them added liquidity to the broader cybercrime industry, and dramati- cally reduced transaction costs and counter- party risk. "With those market enablers in place," Mr Gerhart insists, "cybercriminals are able to leverage automation to drive down the unit cost of launching an attack." Also driving down the cost are special- isation and compartmentalisation in the cybercriminal underworld. Tim Brown, vice president of security architecture at SolarWinds MSP, says there's a focus on "specific services and making sure that these work exactly as advertised". Hardik Modi, senior director of the se- curity engineering and response team at Arbor Networks, agrees. "Each of these components are routinely upgraded and customised for use in new campaigns, pointing to dedicated and separate teams of competent programmers," he says. Indeed, the cybercrime industry has be- come so robust that an attacker can hire out work for each link in the attack chain at an affordable rate. Each link remains anonymous to other threat actors in the chain, reducing their risk of being found out if one link gets busted. "One group might develop the deliv- er y system of an attack, switching out exploits when they're no longer viable," explains Marina K idron, leader of the Sk ybox security research lab. "A nother might handle the ma licious payload that infects the machine and money collec- tion outsourced to a mule." And this last service might just be the Achilles' heel of cybercrime gangs. Ian Trump, chief technology offi cer at Octopi Research Lab, argues that "stolen money and fraudulent purchases have to be laun- dered" and, no matter how sophisticated the malware might be, "making money from cy- bercrime requires this service layer". Indeed, the risk in the mule operation can be seen in the success of law enforce- ment across 26 countries during European Money Mule Action in November. Accord- ing to Europol, in just one week a total of 766 mules were identifi ed, 409 interviewed and 159 arrests made. Importantly, this op- eration also resulted in 59 mule recruiters being identifi ed, useful information when profi ling cybercrime organisations. Law enforcement operations have also had considerable success in disrupting dark-web marketplaces of late. Earlier this year, both AlphaBay and Hansa Mar- ket were taken down, representing two of the biggest players in this underground cybercrime economy. Investigators had effectively been running the latter for at least a month and used it to collect infor- mation on criminals f locking to it after the former was shut down. Quite apart from anything else, this kind of disrup- tion introduces an increased uncertainty of who cybercriminals can trust. CYBERCRIMINAL ECONOMY They even have dedicated call centres which are typically used to help with requests from ransomware victims Cybercriminals are able to leverage automation to drive down the unit cost of launching an attack 51% of data breaches analysed were perpetrated by organised criminal groups Data Breach Investigations Report, Verizon 2017 TEAM LEADER CODER NETWORK ADMINISTRATOR INTRUSION SPECIALIST DATA MINERS MONEY SPECIALIST Responsible for overall missions and communication with workers Malware developers who focus on writing software which infects systems, spreads automatically and evades detection Manages a large number of compromised systems used to spread malicious payloads, such as viruses, spam and denial-of-service attack packets These concentrate on making sure any successfully installed malware persists allowing continuing compromise Needed to make sense of the stolen data by organising and reformatting for ease of sale; here they make use of crowdsourcing These identify ideal ways to make money from all their datasets

Articles in this issue

Links on this page

Archives of this issue

view archives of Raconteur - Cyber-Risk & Resilience 2017