Cyber crime syndicates are forming closer relationships
Cyber crime is a growing scourge and one of the most effective deterrents is to hit threat actors where it hurts the most – their bottom line. The more businesses invest in securing their networks and training their employees on how to operate safely in a digital world, the more difficult and costly it becomes for attackers to disrupt or breach networks.
However, chipping away at malefactors’ return on investments or cutting into their profits only works when they employ the same tools and tricks to commit their crimes, and many do not. Instead of being put off by more effective security tools, and hardened environments, many simply change and adapt their tactics in response.
This was one of the findings of Accenture’s 2019 Cyber Threatscape Report, which revealed that as cyber criminals face effective defences to tried and tested attack vectors, they become digtital chameleons, adapting their tactics, techniques and procedures (TTPs), and still manage to successfully breach organisations.
In particular, Accenture said it is seeing the emergence of new cyber crime operating models among high-profile threat groups.
“Relationships are forming among 'secure syndicates' that closely collaborate and use the same tools, suggesting a major change in how threat actors work together in the underground economy, which will make attribution even more difficult.”
In one instance, Accenture’s security analysts have observed the shared use of tools that automate the process of mass-producing malicious documents to spread malware, such as More_Eggs, which is used in both conventional crimeware campaigns and targeted attacks.
The professional services threat intelligence team says it has also noted a clear and dangerous shift in threat actor TTPs over the last year.
Threat actors are evolving their operations strategically, operationally and tactically, and in doing so, are testing the resilience of businesses who are doing their best to keep up in what is, at best, a catch-up game.
The report noted a dramatic increase in attackers and criminal groups conducting targeted intrusions for financial gain, also referred to as “big game hunting.”
In spite of several arrests of individuals associated with online underground marketplaces, activity among infamous threat actor groups, including Cobalt Group, FIN7 and Contract Crew, has not abated.
Commoditisation of the cyber crime industry
Ilia Kolochenko, founder and CEO of web security company ImmuniWeb, says: “We can expect further commoditisation of the global cyber crime industry. Unlike lavish cyber security start-ups, which can usually “repair” any mistakes or omissions with a next funding round, cyber criminals think rationally and plan effectively.”
He says they cunningly implement machine learning and cloud to accelerate diverse hacking tasks, and also outsource some of their activities to other gangs to cut their costs, increase profits and add a supplementary smokescreen for understaffed and underpaid law enforcement agencies.
“Mushrooming crypto-currencies will soon make sophisticated crimes technically impossible to investigate. Given the modest financial opportunities available to bug bounty hunters compared to unscrupulous cyber mercenaries, we will likely see further proliferation of skilled and sophisticated cyber gangs capable of making entire countries tremble.”