In 2010, in a different world where no one has heard about lockdowns and social distancing, I wrote an article on SecurityWeek – The Optimist’s Cybercrime Predictions for 2011. While I was not very original in my choice of subject, as the end of every year provides security bloggers worldwide with an easy choice of subject to write about, I chose to revisit my predictions at the end of 2011 to see whether I was accurate or I’ve missed the mark. Now, as we are in December, a decade later since my original article, I thought it may be a good time to revisit them once again. Not only to look at my predictions in the view of a single year, but of an entire decade.
Prediction: Awareness is rising
In my predictions from 2010, I mainly focused on the awareness for the biggest threat of the time, Advanced Persistent Threats. At that time, it was the big rising threat that experts were trying to warn organizations of, and with “Operation Aurora”, a series of cyber-attacks against Google originating from China, becoming public news at the beginning of the same year, awareness of this threat was on the rise. My prediction for 2011 was that thanks to the rise in awareness, organizations will take the necessary measures to protect themselves. In my predictions revisit, I’ve noticed how during the year additional incidents took place, such as the RSA breach, the attacks on Lockheed Martin, Northrop-Grumman and L-3 communications. I’ve also noted how Anonymous, and LulzSec, who were still around at the time, made headlines worldwide.
A decade later and thankfully, my optimism was not misplaced. Lack of cyber security awareness is generally not a problem – on all levels. Organizations today know that cyber security isn’t the sole responsibility of the CISO or the SOC, but of every employee. “Security Awareness Training” and “Phishing Simulators” are part of the industry and in many organizations, standard practice. Cyber security budgets grow year-over-year and the conversation today is about the need of having CISOs and CIOs as board members, which would have seemed in 2010 as science fiction.
While APTs are still considered a major threat, they’re now another type of threat actor that every security team takes into consideration. Organizations are well aware of the dangers of an insecure IoT (even though the application of proper security tools is often still lacking), as well as the need to secure the OT, weaknesses that only became apparent in the Stuxnet incident a decade ago.
Interestingly, hacktivism, a major threat in 2011 that looked like it will remain in the long haul, is no longer an issue. When LulzSec and the rest of Anonymous decided to pick a fight with the FBI, they’ve learned that law enforcement is much more capable than they thought. Which leads us to the next optimistic prediction…
Prediction: Law Enforcement is Getting Better
A decade ago, actions taken by the law enforcement community to improve international collaboration has shown promise to put them in a better position to fight cybercrime. In my revisit of this prediction, I’ve noted several key arrests that took place that year. Looking back on this decade, it seemed that every year had several major cases that ended up with criminals behind bars. Improved international collaboration did make a difference – in cases such as the InFraud forum takedown in 2018 AlphaBay shutdown in 2017, and the Madonna hacker in 2015.
These success stories, that demonstrate how far law enforcement agencies have come both locally and internationally, are despite the fact of several trends that made law enforcement work more difficult over the decade. Drug marketplaces moved to TOR, forcing law enforcement agents to be more creative in exposing the people who operate these sites. Certain criminals also moved to Telegram and other secure chat applications, creating a new playing field that forced law enforcement to adopt new strategies and to tackle new challenges. Despite these challenges, law enforcement was able to adapt and end up with successful busts – including notable cases such as the arrest of Ross Ulbricht of Silk Road in 2013, as well as the Israeli police’s takedown of Telegrass, the country’s number one source of recreational drugs purchase, via Telegram.
Over the decade, law enforcement agencies were able to take down multiple marketplaces that operated on TOR – Silk Road, Silk Road 2, AlphaBay, Hansa, Wall Street Market, and the list go on – show these busts are not a luck of the draw, but an efficient investigation methodology by agencies worldwide that yield results time after time.
Prediction: It’s Getting Harder to Become a Fraudster
In my original predictions, I’ve noted that the takedown of several major boards suggest that it would become harder to becoming a fraudster, as their gateways into this world are disappearing. Revisiting the predictions a year later have shown that I was wrong, as another type of criminal resource blew up that year – credit card stores. Automated stores that sell credit cards have made stolen credentials cheap and accessible, 24×7. Thus, reducing the bar of entry into the cybercriminal world even lower than when I made the predictions in the first place.
A decade has passed and credit card stores are still alive and kicking. Not only that, but fraudsters have expanded the concept to include compromised credentials for online services as well. However, there are a few points of optimism in this regard. First, EMV has finally been implemented in the United States during this decade, pushing fraudsters away from “dumps” (magnetic stripe data from stolen cards, enabling the cloning of physical cards), pushing fraudsters into the much less lucrative business of online carding. Second, while credit card stores are still very active, many other sites on the dark web did not have the same fate – Altenen, one of the most active English-speaking boards for novice fraudsters worldwide has been taken down. While others have rose in its place, as is often the case with takedowns of major site, the following ones aren’t as active. Furthermore, as noted, TOR marketplaces have been consistently taken down by law enforcement. While their main focus was drugs, the second most popular category was fraud. With each takedown, fraudsters received a major blow in terms of sources for them to purchase what they need.
With law enforcement’s ability to adapt, showing consistent results despite cybercriminals’ adoption of new technologies, as well as the increase in awareness of cyber attacks, there’s still a room for optimism – not only for the next year, but also for the next decade.
