In many regards cyber crime is no different to other industries. External factors such as regulation, competition, and even inflationary pressure cause cyber crime to ebb and flow. Since mid-2021 the cyber security industry has been relatively quiet, with few major incidents making it to front page news. While cyber security professionals still warned about the risks posed by evolving threats, by most measures cyber criminals were being kept at bay.
But this appears to have changed over the past few months, with major attacks affecting brand names. In early September MGM was hit by a social engineering attack which paralyzed their systems costing millions of dollars per day and impacting customers. A few days later Air Canada announced that the server holding employee records was breached, and more recently Sony has allegedly suffered a catastrophic breach with various hacking groups threatening to release confidential records.
Three of the largest enterprises suffering cyber attacks in the same month is hardly a coincidence and is indicative of an uptick in malicious cyber activity. And make no doubt, CISOs and cyber security consultants are rejoicing the world over that alas their concerns are falling on open ears. But the obvious question that nobody seems to be asking is why this is happening. So why is it happening?
Before answering that question it’s important to first understand the cyber security landscape, going all the way back to 2012. Back when Korean K pop was becoming popular the cyber security industry was facing the largest threat it had ever seen. A virus called Reveton was spreading throughout Europe. At first glance Reveton wasn’t anything special. The virus was based on a well known malware called Citadel, and experts were largely underwhelmed by its technical prowess. But Reveton was unique in one key area; it’s ability to be monetized.
Reveton tricked users into thinking their computer had been locked due to illegal activity such as pirating videos and in order to unlock the device you would have to pay a fine to the ‘police’. This allowed cyber criminals to make significant profit without the time consuming and often tedious process of selling PII. This launched a paradigm shift in the cyber landscape which we all know today as Ransomware.
The scale of Ransomware was mind boggling. By some estimates, if Ransomware was a country it would have the worlds 5th largest GDP. At first Ransomware targeted large multinational companies, extracting huge sums that seem unfathomable. As enterprises deployed defense mechanisms to counter Ransomware, such as backups, encryption, and disaster response, cyber criminals simply went downstream to small and medium sized businesses who didn’t have protection. It was shooting fish in a barrel.
But Ransomware has been prevalent for about 10 years now, and as with any technology its time has come and passed and now it’s on the way out. Businesses have been successful in deploying the simple combination of encryption and backups to where now ransom demands often go unpaid. Q1 2023 marked the first time global Ransomware payments decreased quarter over quarter. And much like Blockbuster it seems like Ransomware’s fate is sealed.
But if Ransomware is on the downturn how is cyber crime seemingly increasing? It’s possible to argue external factors are to blame. Geopolitical relations with Russia, China, and Iran (jointly responsible for more than 75% of the world’s cyber crime) can hardly be described as peachy. But this fails to encapsulate a core tenant of cyber crime: in nearly all cases cyber criminals are economically motivated.
Therefore the increase in cyber crime should really be attributed to a far more concerning problem, cyber criminals have figured out a new way to monetize. With companies unlikely to reward criminals attacking them with large payouts, attackers are forced to look for new methods.
One long standing theory in cyber security is that records, specifically high value files that contain personally identifiable information (PII), are the ‘crown jewels’ of the organization. While data theft is undeniably a huge problem and remains a lucrative source of revenue for criminals, it’s often taken out of context. In the past 15 years there has been an estimated 4.5 billion records leaked, and unsurprisingly to those who understand how free markets work, the price of an individual record has decreased significantly as a result. These days, the going rate for a credit card on the black market is around $75 – hardly the big payout criminals work tirelessly for.
In analyzing the three most recent cyber attacks there is a thread that ties them together: identity. All three attacks leveraged identity to both compromise their victims and make a profit. With readily available AI tools only helping criminals carry out flawless attacks, it’s highly likely this is just the tip of the ice burg. While the cyber security industry is rarely described as slow to innovate, cyber security teams need to evolve, and fast. Because before long it will be too late, and the memories of 2012 will resurface only nastier and more expensive than before.
Written by Eddie Rankin
Comentarios