Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Cybercrime

Lessons from the Movie Industry – Sequels are Profitable

Some of the most profitable movies

Some of the most profitable movies ever made include sequels, for example two Twilight movies, two from the Pirates of the Caribbean series, both Avengers movies and four Harry Potter films. Why? The base of fans is established, the formula works and typically there are efficiencies in replication rather than starting from scratch. In other words, the risk/reward ratio is attractive.

Threat actors think much the same way. Why not bring back a “good” idea that was previously profitable?

The re-opening of the xDedic marketplace is the most recent example of a malicious “sequel.” xDedic closed down on June 16, 2016 following the release of a report on its activity by Kaspersky Lab. The marketplace reportedly offered compromised servers for sale and when it closed down had more than 70,000 available for purchase. References to the new domain are emerging in threads on criminal forums, although it is still too early to assess the site’s current traffic volume. Given, however, that the previous site was attracting 30,000 users a month at the time it closed down, it is likely that awareness and use of the new site will increase in the coming weeks and months.

Cybercrime Forums Often Re-OpenAnother example is the Armada Collective, a bad actor that used the threat of DDoS attacks in an attempt to extort Bitcoin (BTC) payments from targeted companies, individuals and organizations. Armada Collective was first reported in September 2015 and continued until December 2015, targeting financial services firms, hosting providers, email providers and casinos with ransom demands of between 10 and 200 BTC (at the time, approximately $4,500 to $90,000). In March 2016, reporting of Armada Collective activity re-emerged with campaigns launched against a number of financial institutions in Switzerland. Slight differences in the emails sent in this new round of attacks indicate that this is likely a copycat actor seeking to capitalize on the previous successes of Armada Collective. The absence of an actual attack or any proof of capability reinforces this theory.

And finally, the dark web criminal forum Hell, where hackers and criminals share stolen data and hacking tips, came back online in January 2016 after a six-month hiatus. The site was discovered to be unavailable in July 2015, coinciding with the arrest of PING, a prominent forum member and administrator. Hell achieved notoriety when it was revealed that the personal information and sexual preferences of approximately four million users of Adult Friend Finder had been posted on the site. The new version of the site uses the same logo and tag line but it has been re-designed and incorporates tighter security measures, likely in an attempt to thwart law enforcement operations targeting such forums. Analysis reveals that Hell seems to have lost a portion of its user base, probably due to suspicions among some users that the site is being operated by law enforcement and used as a honeypot.

In each of these instances, news of a shutdown typically causes security professionals and organizations to breathe a collective sigh of relief. Another cybercriminal has been defeated. But as history has shown, when a criminal operation has been profitable defenders need to remain alert.

The nature of cybercrime is naturally very volatile so maintaining a keen awareness of this naturally changing landscape is key for organizations. This is where cyber situational awareness can help. When done right it can provide the understanding required to stay ahead of emerging threats, monitoring millions of unique sources in multiple languages across the visible, dark and deep Internet using advanced natural language and machine learning technologies. But this volume of information can be overwhelming so it must be tailored to your organization, so you only see the intelligence that is relevant to you. Understanding the most active actors and campaigns that you should concern yourself with, the level of threat they pose, a timeline of their activity and links to other actors and campaigns will allow you to connect the dots to discover threats that have re-emerged—those you thought you no longer had to worry about.

As recent events have shown, you shouldn’t let your guard down because a threat actor or operation appears to have been shut down. When there is money involved, the same or other criminals will find a way to bring back a sequel. With cyber situational awareness you can remain vigilant – always on the lookout for the next iteration of a threat or campaign.

Advertisement. Scroll to continue reading.
Written By

Alastair Paterson is the CEO and co-founder of Harmonic Security, enabling companies to adopt Generative AI without risk to their sensitive data. Prior to this he co-founded and was CEO of the cyber security company Digital Shadows from its inception in 2011 until its acquisition by ReliaQuest/KKR for $160m in July 2022. Alastair led the company to become an international, industry-recognised leader in threat intelligence and digital risk protection.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Understand how to go beyond effectively communicating new security strategies and recommendations.

Register

Join us for an in depth exploration of the critical nature of software and vendor supply chain security issues with a focus on understanding how attacks against identity infrastructure come with major cascading effects.

Register

Expert Insights

Related Content

Cybercrime

The changing nature of what we still generally call ransomware will continue through 2023, driven by three primary conditions.

Cybercrime

As it evolves, web3 will contain and increase all the security issues of web2 – and perhaps add a few more.

Cybercrime

A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...

Cybercrime

Luxury retailer Neiman Marcus Group informed some customers last week that their online accounts had been breached by hackers.

Cybercrime

Zendesk is informing customers about a data breach that started with an SMS phishing campaign targeting the company’s employees.

Artificial Intelligence

The release of OpenAI’s ChatGPT in late 2022 has demonstrated the potential of AI for both good and bad.

Cybercrime

Satellite TV giant Dish Network confirmed that a recent outage was the result of a cyberattack and admitted that data was stolen.

Cybercrime

Patch Tuesday: Microsoft calls attention to a series of zero-day remote code execution attacks hitting its Office productivity suite.