Cybercrime goes mainstream
The World Economic Forum’s 2020 “Global Risks 2020” report notes that the digital space is characterized by growing geopolitical tensions and meddling, a lack of technology governance, and a greater overall reliance on technology. Further, more than half of the world is connected to the Internet, and the number grows by a stunning 1 million people a day. As a result, cybercrime has become the second-greatest risk that business will face over the next 10 years.
Unfortunately, cyberattacks on critical infrastructure have become almost routine in sectors such as energy, healthcare, and transportation. They have brought entire cities almost to a standstill. Public and private sector organizations are also frequent targets of cybercriminals, who can easily purchase various types of sophisticated cyberattack tools and services on the Dark Web for next to nothing.
Not Your Typical Street Gang
The cybercrime universe is not a monolith but, rather, an interconnected network of different attacker groups. Together, they have evolved into a genuinely disruptive force whose practitioners are just as organized, clever, and nimble as the hottest new tech startup. This reality is key to understanding global cybercrime and how it affects companies.
By working as a network, cybercriminals can do their jobs better. Each group specializes in a particular discipline, and different groups often work together to take advantage of each other’s know-how. This is what makes them more effective and enables them to focus on technical and financial success in a given attack.
Specialization Matters
To achieve their goals, cybercriminals leverage both technical expertise and the panic they generate in their targets. Both can have devastating consequences.
Since 2018, a new form of attack focused on ransomware has been observed and described by a Thales report, “Cyber Threat Handbook 2020.” The dramatic increase in ransomware attacks is part of a broader phenomenon known as malware-as-a-service and closer collaboration among major cybercriminals. In addition, several ransomware-as-a-service operations have been particularly effective. In 2019, one of the best known, GandCrab, developed by a group known as Pinchy Spider, extorted total earnings of $150 million in 12 months before shutting itself down. Other services, such as Sodinokibi — probably developed by the same group that conceived GandCrab — filled the gap.
A Surging Underground Economy
With revenues estimated up to $1.5 trillion a year — on average, 1.5 times more income than counterfeiting and 2.8 times more than the illicit drug trade — the cybercrime network is an economic system that can now threaten any company or organization and jeopardize the global economy. Roughly 60% of its massive revenues are estimated to come from illegal online markets for stolen data and 30% from pilfering intellectual property and trade secrets. Interestingly, only 0.07% is derived from ransomware, which inflicts the most real-world damage.
To read the complete article, visit Dark Reading.