The New Mob is on the Internet

According to the Secureworks State of Cybercrime Report 2018, the bulk of cybercrime-related damage around the globe is perpetrated by a small group of well-organized, dangerous, and covert criminal groups. What’s worse, the report shows that the boundary between a nation-state and cybercriminal actors is becoming increasingly blurred as the former learns about the tools and techniques employed by the latter and vice/versa.

The report shows that these groups are avoiding the dark web where at all possible to evade detection by threat research and government law enforcement groups, employing highly sophisticated tactics such as social engineering and ransomware. As we move forward into 2019, these threats will likely only become more advanced and harder to detect, requiring authorities and private citizens alike to invest in heightened protection, training, and deterrences.

Blurring the Lines

When it comes to cybercrime and terrorism, the reports show that criminals are typically more common. Norwich University’s online resources illuminate the overall breakdown: 67 percent cybercrime, 20.8 percent hacktivism, 9.8 percent espionage, and 2.4 percent warfare.

“In other words,” they write, “civilians and professional or personal computers are the most likely targets, not national systems.”

Nevertheless, these groups are hitting state systems, as illustrated via the hack that crippled the city of Atlanta’s infrastructure in March of 2018, incurring costs of over $2.7 million. This attack was carried out by the SamSam group, one of the most successful ransomware crime rings, which is believed to have extorted more than $1 million from some 30 target organizations in 2018 alone, according to WSJ.

The problem is, unfortunately, that we can’t attribute many of the hacks that we’ve seen definitively to cybercriminals over nation-state hackers because, as the Cybercrime Reports shows, they are using many of the same techniques, mirroring each others’ tactics. This is the case with another major hack that affected millions of Americans — the Equifax hack of 2017.

Michael Riley, Jordan Robertson, and Anita Sharpe, writing for Bloomberg Businessweek, report that experts looking at monumental breaches noticed many of the tools used by the perpetrators were Chinese. Concerning the experts, “these people say the Equifax breach has the hallmarks of similar intrusions in recent years at giant health insurer Anthem Inc. and the U.S. Office of Personnel Management; both were ultimately attributed to hackers working for Chinese intelligence,” they write.

Evolution of Tactics: Database Hacks, Ransomware, Social Engineering

This rise in cybercrime shouldn’t necessarily surprise us. Where there are valuables, there will always be thieves, and we’ve seen information breaches slowly rise in frequency and severity since the early 2010s, particularly in healthcare.

Since the switch over to Electronic Health Records (EHR), and the apparent lacking of security surrounding this switch, the healthcare field has been a ripe and frequent target for cybercriminals. According to Duquesne University, the healthcare system in the United States generated up to 150 exabytes of data in 2011.

This explosion of information proliferation progressed to include credit card information and its storage, which has been equally as abysmal in terms of security. Major breaches as recent as 2018 have included major brands:

“Uber attempted to conceal a breach of 57 million users by a 20-year-old hacker, while Whole Foods confirmed 117 store locations had credit card information stolen,” writes Cole Mayer with Fiscal Tiger.

Beyond healthcare and credit card data, criminals have been adapting by stealing and holding critical systems hostage with Ransomware — the same type of malware used to attack the city of Atlanta. Fortunately, more companies are catching on to this trend and employing advanced record backup and encryption programs.

Of course, in response, cybercriminals have adapted and adopted more effective and advanced tactics.

“That is why most cyber-criminals go “spear-phishing” instead,” according to BusinessInsider. “This involves targeting a low-level individual in an organisation using an e-mail scam that fools the hapless individual into visiting a tainted website. Once there, a malicious tag in the HTML code responsible for the page’s appearance is injected into the visitor’s browser. The inserted malware can be a virus, a Trojan or, most likely, a key-logger. This watches for the user’s log on and password and reports the keystrokes back to the attackers. It is then only a short step to stealing secrets from the victim’s employer.”

The Future of Cybersecurity

This game of escalation means that cybersecurity experts need to be on top of their game, and ready to combat the threats of the future.  Forbes published an answer from Quora, the question originally being: “What will cybersecurity look like ten years from now?”

“First, we will need to interconnect our defense systems to be able to act in real time,” writes the poster. “For example, our network gateway will need to share information with our personal devices. Second, the human analyst will not be able to cope with all this information, and we will rely on more artificial intelligence to help us in making decisions. We will also need to cultivate the next generation of cyber experts who know how to develop and drive those systems. New professions and domain expertise will be formed. Last but not least, we will need to shield all our systems.”

Utilizing AI via interconnected systems, and training enough people to wield this technology seem to be the two major problems that we currently face. The good news is that AI is already being employed by multinational corporations and small businesses alike, while cybersecurity and data are extremely hot fields in the jobs market right now.

We only stand a chance against the consistent onslaught, however, as long as we keep paying attention to the cybersecurity landscape and continue to understand what’s at stake. Hopefully, we won’t need more reports linking cybercrime to nation-state techniques, and vice/versa, to mobilize and shore up our infrastructure.

In this game, the reactive party loses. We need to get ahead of the game and start fighting back harder than we ever have before.