Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Cybercrime

Who’s Winning the Cybercrime Battle?

Although the U.S. Congress must have designated literally thousands of commemorative days, weeks and months, I’m a bit partial to this month’s designation, National Cybersecurity Awareness month, now in its 15th year. Although I tend to think quite a bit on this topic during the other 11 months as well, it does make me pause to reflect on how cybersecurity awareness has evolved over this time period, and contrast that with the evolution of cybersecurity effectiveness. 

Although the U.S. Congress must have designated literally thousands of commemorative days, weeks and months, I’m a bit partial to this month’s designation, National Cybersecurity Awareness month, now in its 15th year. Although I tend to think quite a bit on this topic during the other 11 months as well, it does make me pause to reflect on how cybersecurity awareness has evolved over this time period, and contrast that with the evolution of cybersecurity effectiveness. 

In terms of general awareness, I’d say the ongoing battle against cybercrime, once relegated to implausible Matthew Broderick movies, is today a mainstream topic and has woven its way globally into our every-day culture—as the subject of an upcoming new television series, at packed-house scam prevention seminars, and even as a subject for placard-waving flash mobs. My barber is eager for tips on web and email security.

How Effective Is Security Today?

In terms of effectiveness, it would appear the security industry has a long way to go. I’ve just read a recent benchmarking study by Osterman Research, which documents an increasing rate of attacks, an increasing rate of breaches, and rising concern among IT managers from one year to the next. The survey says that the incidence of reported security failures during the prior 12 months is up, with 70 percent of organizations having suffered one or more successful attacks, compared to 68 percent in 2017. While the top source of infections was “other” malware like viruses and worms, I was struck by the fact that 44 percent say they suffered a successful phishing attack—an average of 11.7 times over the year. Almost half of IT and security managers indicated that the number of phishing and spear phishing emails getting through their current security and reaching end users was up substantially from a year ago. 

Threat Industry Keeps Innovating and Lowering Barriers

Last month’s news of the 14-year prison sentence for the operator of a VirusTotal-like multi-engine scanning service, that allowed hackers to QA their product’s performance against numerous security engines, was as welcome and laudable as it is rare, due to the obvious challenges in investigating and prosecuting what are invariably transnational crimes. This particular QA service was representative of a threat-as-a-service economy making threat campaigns and distribution a point-and-click affair, effectively multiplying the number of cybercriminals at work.

I discussed in my last blog how a good part of malware and phishing campaign authors have “professionalized” and are working for highly structured criminal enterprises, which continue to incessantly test and evolve their methods. Among new ransomwares we’ve analyzed in detail recently, the ‘Termite’ ransomware was built based on three other different ransomwares—Gibon, NinjaLoc, and XiaoBa—and the Ryuk ransomware revealed several interesting ideas. Attacks are highly targeted and tailored to each organization; it searches for and kills an impressively large list of processes for antivirus programs, backup systems and databases; and after encrypting the files, it destroys the encryption key and removes shadow copies and backup files. One can see the authors market testing different non-technical aspects, as Ryuk uses two different ransom notes, one longer and more detailed than the other, and with varied values. A search for payment of one payment demand variation shows a single payment of 50 Bitcoin, around $325,000, which was then split into multiple Bitcoin wallets in order to (in theory) complicate tracing, with other payments varying from 15-35 Bitcoin.

Phishing attack services proliferating

Advertisement. Scroll to continue reading.

On the phishing front, the threat business ecosystem keeps lowering barriers to entry and providing turnkey attack services. We’ve been analyzing a rash of new phishing kits appearing in the market that are cheap to buy or subscribe to, easy to deploy, and are layering in detection evasion techniques, like block lists for security companies’ crawlers. With phishing kits selling for as little as $50 on the dark web—which in one actual example for that price includes a hosted website, one link directly to the website for a period of a month, and three extra links for backup if one was taken down or blocked—it’s no wonder that attack volumes are up and more organizations are being affected. 

If I have one wish for ‘Cybersecurity Awareness Month,’ it’s that we all need to be aware of the need for innovative responses on the part of the security industry, to counter a threat industry which is innovating both technical and business models at a rapid pace.

Written By

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join the session as we discuss the challenges and best practices for cybersecurity leaders managing cloud identities.

Register

SecurityWeek’s Ransomware Resilience and Recovery Summit helps businesses to plan, prepare, and recover from a ransomware incident.

Register

Expert Insights

Related Content

Cybercrime

The changing nature of what we still generally call ransomware will continue through 2023, driven by three primary conditions.

Cybercrime

A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...

Cybercrime

As it evolves, web3 will contain and increase all the security issues of web2 – and perhaps add a few more.

Cybercrime

Luxury retailer Neiman Marcus Group informed some customers last week that their online accounts had been breached by hackers.

Cybercrime

Zendesk is informing customers about a data breach that started with an SMS phishing campaign targeting the company’s employees.

Cybercrime

Patch Tuesday: Microsoft calls attention to a series of zero-day remote code execution attacks hitting its Office productivity suite.

Artificial Intelligence

The release of OpenAI’s ChatGPT in late 2022 has demonstrated the potential of AI for both good and bad.

Cybercrime

Satellite TV giant Dish Network confirmed that a recent outage was the result of a cyberattack and admitted that data was stolen.