In the past, we’ve written about the dramatic increase in cyber attacks, since the spring of 2020, that spread as quickly and mercilessly as Covid. How bad has it been? A recent study by McAfee – a worldwide leader in online protection – found that cyber attacks have increased 81% since the global pandemic began. As previously stated, there are many reasons for the increase in cyber attacks: the mass migration to remote work, the increase in Ecommerce, and the vulnerable infrastructure in supply chains and logistics.
But, what we haven’t mentioned before is a very basic catalyst for drug cartels to leave the illicit world of drug trafficking and turn to cybercrime… it pays better.
You may be thinking, How do drug lords turn into cyber criminal experts? The answer is… they don’t. Just like in the world of drugs, the cartel doesn’t manufacture or mass-distribute cyber attacks. They out-source IT experts to do the dirty work for them. ALL of the work – from finding vulnerable targets, to infiltrating businesses’ IT infrastructure, to collecting crypto payments.
There’s even a term for these cyber groups for hire…Crimeware-as-a-Service. More about that topic soon.
In excerpts from an article by MetCloud, They wrote, “Small-medium enterprises are most susceptible to cyberattacks as the global returns for cybercrimes eclipse revenue from the drug trade. The global cost of cybercrime is predicted to top $10.5 trillion by 2025.
It is no wonder that ransomware gangs have been likened [or linked] to cartels. Some of the biggest ransomware gangs like DarkSide are backed by ‘investors’ who take a cut of the payouts when ransoms have been paid. Furthermore, there is a surge of Crimeware-as-a-Service providers that aid criminals who don’t have technical IT backgrounds to execute the most heinous and sophisticated cyber attacks with the intent of extortion.”
In a DarkSide blog leak, the hackers wrote, “We are apolitical, we do not participate in geopolitics. Do not tie us with a defined government or look for other motives. Our goal is to make money, not create problems for society. From today, we introduce moderation and check each company that our partners want to encrypt to avoid social consequences in the future.”
WHICH SMB’s ARE CYBER CRIMINALS TARGETING?
In other words, they are not going after government agencies, healthcare providers, energy industries, or educational institutions. Although most media reports focus primarily on larger cyber-attacks, such as the breaches at Target, Netflix, and JP Morgan, the most frequent threats have been on small and medium-sized businesses.
Industry experts say that 60 percent of SMBs will fail within 6 months as a result of a cyber-attack which can include anything from phishing scams to malware attacks. Furthermore, there are certain SMB industries that appear to be cybercriminals’ favorites: financial and legal services, small franchised businesses, construction companies, manufacturing plants, and “every company that stores intellectual property or sensitive data of any kind.”
The article by MetCloud went on to say, “SMBs make up [much of] the economy and they are particularly vulnerable to cyberattacks for various reasons. Although not as ‘lucrative’ as targeting large, multinational businesses, cyber criminals generally see SMBs as ‘easy targets’ as many of them have not scaled their cybersecurity measures to fit the size of the business.
Often, they also lack the in-house resources to implement robust network security and education on internal threat vulnerabilities. [They also resist] finding capable cybersecurity support. In the case of cybersecurity, internal threats and breaches typically come in the form of human error. Due to the lack of understanding, employees may accidentally click on malicious links – divulging sensitive information – or plug compromised devices into the company’s network.
Furthermore, when an SMB without technical cybersecurity support has been struck by ransomware, they tend to feel that they have to pay the ransom in order to minimize the loss-making downtime.
SHOULD SMBs BE PAYING THE RANSOM?
While it is definitely not uncommon for businesses to pay the ransom demanded by cybercriminals, it is strongly not advised by law enforcement and experts.
80% of businesses that choose to submit to the ransom demands actually get hit again by a subsequent attack. Almost half of which have discovered that some, if not all, of the data that they have retrieved has been corrupted.
In short, paying the ransom does not guarantee the safeguarding of your business data when it is returned. Without a dedicated cybersecurity team to detect where the vulnerabilities are, the targeted company will continue to be vulnerable and poised for another attack.
PREVENTION IS BETTER THAN CURE
The best way for SMEs to protect themselves against being a cybercrime statistic is to take strong preventative measures. Here are three easy ways to reinforce your company’s moat against cyberthreats:
- Educate your team regularly
- Scale your company’s cybersecurity measures to ensure that they are fit-for-function
- Brace for an attack – even if it feels unlikely.”
Cybercrime To Cost The World $10.5 Trillion Annually By 2025
According to excerpts from an exhaustive report by Cybercrime Magazine, they wrote, “Cybersecurity Ventures expects global cybercrime costs to grow by 15 percent per year over the next five years, reaching $10.5 trillion USD annually by 2025, up from $3 trillion USD in 2015. This is exponentially larger than the damage inflicted from natural disasters in a year, and will be more profitable than the global trade of all major illegal drugs combined.
Cybercrime costs include damage and destruction of data, stolen money, lost productivity, theft of intellectual property, theft of personal and financial data, embezzlement, fraud, post-attack disruption to the normal course of business, forensic investigation, restoration and deletion of hacked data and systems, and reputational harm.
A cyberattack could potentially disable the economy of a city, state or an entire country. Billionaire businessman and philanthropist Warren Buffet calls cybercrime the number one problem with mankind, and cyberattacks are a bigger threat to humanity than nuclear weapons.
Cyber threats have expanded from targeting and harming computers, networks, and smartphones — to people, cars, railways, planes, power grids and anything with a heartbeat or an electronic pulse. Many of these things are connected to corporate networks in some fashion, further complicating cybersecurity.
As a result of the COVID-19 pandemic, nearly half the labor force is working from home. As employees generate, access, and share more data remotely through cloud apps, the number of security blind spots balloons. Data is the building block of the digitized economy, and the opportunities for innovation and malice around it are incalculable.
66 percent of SMBs had at least one cyber incident in the past two years, according to Mastercard. More than half of all cyberattacks are committed against small-to-midsize businesses (SMBs), and 60 percent of them go out of business within six months of falling victim to a data breach or hack.
Cybersecurity begins at the top. The value of a business depends largely on how well executives guard its data, enhance the strength of its cybersecurity, and monitor its level of cyber resilience. If there’s one takeaway from this report, then let it be this: Don’t let your leaders be the weakest cybersecurity link.”
Crimeware-as-a-Service
In excerpts from an article by CyberNews, they wrote, “Crimeware-as-a-Service (or Cybercrime-as-a-Service) has increasingly enabled technically inexperienced criminals and advanced threat actors to rapidly arrange sophisticated attacks. This model facilitates the activities of cybercriminal groups and helps criminals to carry out complex attacks without the need for advanced technical skills.
CaaS has decreased the barrier of entry for new, less savvy threat actors, and now represents an optimum choice for advanced attackers that want to conduct hit-and-run operations. The Crimeware-as-a-Service model makes it difficult to attribute the crime to a particular individual [or group] because the means and the infrastructure are shared among multiple bad actors.
CaaS services in cybercrime forums and marketplaces hosted on the dark web are quite easy to find and feature a broad range of offers. Most of these services are characterized by their ease of use and strong ‘customer’ orientation. They usually have user-friendly administration consoles and dashboards to [track and] control the earnings.
By using combination attacks, criminals effectively challenge law enforcement’s capacity to investigate incidents and attribute attacks to specific perpetrators and crime groups. Another factor that makes Crimeware-as-a-Service very attractive to the criminal underground, is the availability of stolen data that could be used to run further attacks.
The model is efficient and especially dangerous when applied to malware, such as ransomware. In the recent months, there was a surge in the number of ransomware attacks fuelled by the diffusion of the Ransomware-as-a-service model (RaaS).
***More on that soon
RaaS is available on a cloud-based subscription model to anyone who pays a subscription fee. On the other hand, some ransomware operators don’t ask for subscription fees and instead use an “affiliate” model where they receive all of the ransom amounts extorted to the victims by the affiliates, keep some percentage as commission for themselves, and then pass the rest to the affiliates.
What can be done to combat CaaS?
Unfortunately, there isn’t a definitive solution to mitigate the risks associated with the diffusion of the CaaS model. The fight against this paradigm urges a holistic approach and continuous information sharing from security firms and law enforcement agencies.
Security experts have to monitor cybercrime and hacking forums, especially those hosted on the darknet, in the attempt to identify new threats early and rapidly share information to detect them and limit the dangers caused by the cyberattacks.
Early identification of the threats could allow experts to share Indicators of Compromise to detect the attacks and mitigate them, while law enforcement agencies could attempt to identify and shut down the infrastructure used by crooks to offer their products and services.”
Ransomware-as-a-Service
According to excerpts from an article by InfoSec, they wrote, “The rise of the RaaS business model is giving wannabe cyber criminals an effortless way to launch a cyber-extortion campaign without having technical expertise, and it is flooding the market with new ransomware strains.
Malware sellers, using this approach, can acquire new infection vectors and reach new victims that they are not able to reach through a conventional approach, such as email spamming or compromised websites. RaaS ‘customers’ can easily obtain ransomware via RaaS portals, just by configuring a few features and distributing the malware to unwitting victims.
Surfing the dark web through unconventional search engines, you can find several websites that offer RaaS. Each one provides different features for their ransomware allowing users to select [things like] the ransom demanded to the victim and other technical functionality that the malware will implement.
Historically, this commerce has always existed, but it was specialized for cyber-attacks, such as espionage, hack of accounts and website defacement. Only when hackers understood it could be profitable, they started to provide this specific service. Now, countless RaaS providers offer customized ransomware packages that are ready to be distributed.”
CYBERCRIME: The Next Entrepreneurial Growth Business?
In the past five years, ransomware attacks have evolved from rare misfortunes into common and disruptive threats. By hijacking the IT systems of organisations and forcing them to pay a ransom in order to reclaim them, cybercriminals are freely extorting millions of dollars from companies. Meanwhile “investors” are enjoying a remarkably low risk of arrest, and high returns despite negligible involvement. No wonder cyber crime is more appealing to the drug cartel – more money and far less risk.
In excerpts from an article by Wired, they wrote, “Cyberspace has become an increasingly attractive hunting ground for criminals, activists and terrorists motivated to make money, get noticed, cause disruption or even bring down corporations and governments through online attacks. In this day and age, organizations must be prepared for the unpredictable so they have the resilience to withstand unforeseen, high-impact events.
McAfee recently reported that cybercrime is a growth industry where the returns are great and the risks are low. In fact, McAfee estimates that the likely annual cost to the global economy from cybercrime is more than $400 billion, a number that is more than the national income of most countries. Unfortunately, [most] businesses tend to underestimate how much risk they face from cybercrime and how quickly this risk can develop.
The increase in cost of compliance, to deal with the uptick in regulatory requirements, coupled with the relentless advances in technology against a backdrop of under investment in cyber security, can cause the perfect storm.
Understanding cyber risks and rewards is also fundamental to trust. If organizations can’t maintain a trusted environment in which to communicate and interact with their customers, their business could suffer or even collapse.
Creating a Cyber Resilience Team
Cyber resilience requires recognition that organizations must prepare now to deal with severe impacts from future cyber threats that cannot be predicted or prevented. Traditional risk management is insufficient to deal with the potential impacts from unforeseen activities in cyberspace. That’s why enterprise risk management must be extended to include organizational risk and cyber resilience.
To achieve this goal, I strongly recommended that your organization establish a crisis management plan which includes the implementation of a formal Cyber Resilience Team. This team, made up of experienced security professionals, employees, investors, customers and others, will become the driving force behind your cybersecurity initiatives.
The Cyber Resilience Team will be charged with ensuring that necessary communication takes place between all relevant players, and making sure all facts are determined for each incident in order to put a comprehensive and collaborative recovery plan in place.
The real difficulty lies in acknowledging that breaches are inevitable, and that resources invested in advance can pay dividends when a crisis occurs. It takes maturity for an organization to recognize it cannot control the narrative after a data breach goes public.
In a world where data breaches are becoming all too common, organizations that produce an imaginative and credible response will have a comparative advantage over those that are slow and confused, and this will translate to tangible business value. By instituting a Cyber Resilience Team, and adopting a realistic, broad-based, collaborative approach to cybersecurity and resilience, businesses will be better able to understand the true nature of today’s increasing cyber threats and respond appropriately.”
Businesses can no longer solely rely on out-of-the-box cybersecurity solutions like antivirus software and firewalls. Cybercriminals are continually developing new, sophisticated ways to hijack data, demand ransom payments, and steal identities. When your network suffers from unknown security gaps, hackers can easily gain access to your entire network infrastructure, resulting in data loss, costly downtime, and irreparable damage to your business and reputation.
At Adaptive Office Solutions, cybersecurity is our specialty. We keep cybercrimes at bay by using analysis, forensics, and reverse engineering to prevent malware attempts and patch vulnerability issues. By making an investment in multilayered cybersecurity, you can leverage our expertise to boost your defenses, mitigate risks, and protect your data with next-gen IT security solutions.
When you know your technology is being looked after, you can forget about struggling with IT issues and concentrate on running your business. By making an upfront investment in your cybersecurity, you can lower your costs through systems that are running at their prime; creating greater efficiency and preventing data loss and costly downtime.
To schedule your Cyber Security Risk Review, call the Adaptive Office Solution service hotline at 506-624-9480 or email us at helpdesk@adaptiveoffice.ca