The cyber threat scenario is growing at an unprecedented speed and pace, giving rise to new forms of attacks that, like Crime as a Service (CaaS), are increasingly in demand. To stop their expansion, Netskope supports collaboration between governments and private industry to share information, coordinate and refine protection capabilities in order to curb their proliferation.
“Just as organizations introduce new products and services to build loyalty and attract users, cybercriminals build and develop sophisticated tools, platforms and capabilities and then sell or rent them to other criminals without the expertise to create them. As a result, these capabilities become highly profitable and cybercriminals seek to make them scalable and consumable for their customers. The barrier to entry to cybercrime and the illegal economy is shrinking, while the risk to the general public, industries and companies is growing,” says Alain Karioty, Regional Director of Netskope at Latamope Iberia.
Among the main services that can be obtained as CaaS, the following stand out:
- Phishing kits/platforms: Available on the Dark Web for as little as $2 or $10, these kits and platforms can be customized with little knowledge and have various levels of automation, making them very attractive to criminals.
- Exploit kits: These include the development of exploit code and tools to exploit known vulnerabilities. One of the most popular, RIG, costs $150/week and can spread ransomware, Trojans and other forms of malware.
- DDoS services: DDoS services are cheap and accessible, and many providers offer subscription plans on the Dark Web. Others perform DDoS attacks on servers or websites that use protection, and some even offer attacks on specific government resources.
- Ransomware-as-a-Service: These services provide the technical depth and skills required, plus all the information needed to carry out an attack. In some cases, they offer a dashboard and status reports.
- Research-as-a-Service: Involves the legal or illegal collection of information on targeted victims, as well as the resale of stolen personal data, such as compromised credentials. It may include the sale of information about possible exploits within software or systems.
In addition to easy access to different services, cybercriminals have other elements to hide their connection to crime, such as cryptocurrencies, a method that, due to its anonymity, ease of use and lack of international borders and restrictions, is widely used by these actors to transfer and collect funds.
Bitcoin is the preferred currency of cybercriminals and ransomware attack demands are often requested in bitcoin. In this sense, a 2015 Europol report reflects the use of bitcoin in over 40% of illicit transactions in the European Union. The reason for such high handling may be the fact that bitcoin accounts registered on the blockchain are not associated with specific individuals, only the bitcoin wallet account holder receiving the transaction can see this information. This lack of information causes a big headache for the authorities, as it is very difficult for them to follow the connections and tracks of criminals, who have almost a free hand to easily finance, manage and organize their activities.
How can the cyber industry help?
There is no doubt that cybersecurity is playing an increasingly important role in the fight against financial crime and the illegal economy.
This certainty has led cybersecurity teams to work more closely with fraud and financial crime teams, especially in sensitive sectors such as banking, where the implementation of this operating model has led to great benefits. Establishing this operating model, either through agreed roles and responsibilities or through organizational restructuring, will allow access to more transparent management, the ability to establish an end-to-end operating model, and easier collaboration and consolidation on threats and actions relevant to others. Another clear benefit is the elimination of duplicate resources and work that would otherwise go undetected, improving efficiency and saving costs.
Now, how is this operational model sustained? Primarily, on the basis of a data model that will facilitate intelligence- and data-driven decision making and activities. Bringing together these normally dissimilar data sets and performing advanced analytics, including AI and ML techniques, can generate insights that would not typically be obtained. Using these approaches, including cluster analysis and neural network analysis, an organization can identify anomalies that can lead to the identification of the facilitation of the illegal economy, enabling that organization to take action, including the disruption of this activity.
In addition, the cyber industry needs to be aware of what cryptocurrency providers are available, what their features are and how criminal organizations are going to make use of those services. We also need to be aware of how the authorities are tracking these transactions and how they plan to do so as cryptocurrencies become more anonymous and even go offline.
“We have seen some very good examples where the cybersecurity industry is working to address this threat at a macro and systemic level, but this alone will not eradicate this threat. Just as cybercriminals continue to share information, coordinate and evolve their capabilities, so too must private industry and government. Deeper relationships between government and industry must continue to grow and evolve with the support, research and advancements of the cybersecurity and technology industries working together hand-in-hand. There has never been a better time to accelerate this collaboration,” concludes Karioty.