Cybercrime as a business model
According to FortiGuard Labs by Fortinet, average weekly ransomware activity in June 2021. was more than ten times higher than a year earlier. The situation is aggravated by the fact that even several thousand entities may become victims of a single campaign. The success of cybercriminals and the trillion-dollar-a-year ransomware they raise allows them to continue to grow their business, which now resembles the structure of a large enterprise. Therefore, combating them is becoming increasingly difficult and requires disrupting their supply chain through the use of artificial intelligence, user education, and collaboration between businesses, law enforcement and government institutions.
Cybercrime is a business – how to break its supply chain?
Cybercrime is becoming an increasingly developed business activity. For example, special call centers are used to help victims pay the ransom. For this purpose, technical facilities are created, which provide appropriate support. Areas of concern for criminal collaborators include financial transfers, money laundering, and managing Dark Web forums where malicious tools are sold. The structure of such an organization resembles a corporation, as it also includes account managers who coordinate the entire process.
In the cybersecurity supply chain, vendors design and create malware and exploits, then license, sell and share them with distributors and collaborators. They then offer these solutions to customers who, using their supply chain, are better able to infiltrate potential victims.
An example of this operating model is Ransomware-as-a-Service (RaaS), which operates on a subscription basis. In this case, permission is granted to use ransomware previously developed by someone else. The various supply chain partners receive a percentage of the ransom they obtain, sometimes as high as 80%. The system generates more than $1 trillion in revenue annually. This means that cybercriminals have more and more financial resources to develop their activities and improve their techniques. Therefore, their strategy is changing – the emails used so far are being replaced by captured access data to corporate networks.
To defeat cyber criminals, their supply chains must be disrupted
We are now seeing an increase in cyber attacks that affect thousands of entities in a single incident. This marks a major turning point in the war on cybercrime. According to FortiGuard Labs, average weekly ransomware activity has increased 10-fold over the year. This is now a major threat to the IT security of many enterprises. The effects of attacks are not only felt by the companies directly affected. Supply chain paralysis affects the daily lives of many people, such as. through problems in the trade area. For this reason, cyber threats are not just a matter for security teams. IT. In the fight against this practice are involved law enforcement agencies, working together with specialists in. digital security. The basis for action today is to track the movements of cybercriminals and study their methods. In order to analyze the acquired data, the so called “data mining” is used. heat maps, The data is collected in a form that allows to find out what the latest techniques have been implemented and what the next step of the hackers could be.
Because many cybercrime organizations operate like businesses, their own tactics can be used against them by disrupting supply chains. This will make their activities more expensive and force them to change the way they operate.
The strategy is working. In 2021. The creator of TrickBot was indicted and the codes of Emotet – one of the most expansive malicious tools – were seized. Action taken against the Egregor and NetWalker ransomware campaigns has also been successful. This has been made possible by the cooperation of governments and law enforcement agencies around the world. Accountability applies not only to malware creators, but also to their business partners. One of the first cases involved an individual associated with NetWalker who was indicted by the US Department of Justice. Such examples can break the cybercrime supply chain. Several ransomware operators have gone out of business just after being scared of too much public attention. However, the above measures will not suffice without the proper behavior of every network user.
Education, artificial intelligence and collaboration in the fight against cybercrime
Responding to security incidents is not enough. The key is to stop them before the damage is done. This is possible if more and more people educate themselves in cyber hygiene practices. Today’s widespread use of remote learning and working has greatly expanded the field of activity for cybercriminals. They are targeting not only organizations and businesses, but also people who work and study from home. Therefore, every user should know and apply basic security principles, and emphasis should be placed on providing adequate training. The use of artificial intelligence (AI) is also important in the fight against cybercrime. It makes it possible to integrate threat prevention, detection and response mechanisms across the entire IT infrastructure: end devices, network and cloud.
Additionally, a Zero Trust approach should be implemented to enable secure access for remote working and learning. All of this, however, requires the cooperation of many actors. None of them will be able to achieve on their own the effects that are possible through cooperation.