Why cyber crime groups are some of the world’s most effective startups

Keiron Holyome, vice-president EMEA at BlackBerry, explores how the top cyber crime groups are deploying talent and technology.

In today’s business landscape, competition is tough. There will always be competitors looking for you to falter so they can capitalise on your success. However, there is one industry that poses arguably the greatest threat of all. One that attracts young talent, is well-attuned to social issues like politics and health, and seizes trends like the subscription model, mobile banking and cryptocurrency.

Your thoughts might jump to marketing, digital banking, IT, or simply a super modern tech startup that knows exactly how to use data to achieve its goals – incorrect. The organisations in question are in fact far more sinister, operating under the radar, using your bank statements, your health records, and your personal details for their own gain in the world of cyber crime.

Forget the stock market; cyber crime is the tech industry we should be watching if we want to protect our precious data.

Cyber crime as a hub of innovation

It cannot be denied that cyber crime is an ultramodern industry – just like Fintech, or superfast delivery apps. Those within the industry that decide to use their knowledge and skill to jeopardise national security and hold infrastructure for ransom are unfortunately some of the best in the business. Any exploration of the vast range of new attack techniques and their advanced capabilities points to an underground industry that’s growing exponentially in size and sophistication.

Like many disruptive industries, it’s home to some of the most intelligent technologists on the planet, who strike time and time again. A case in point: the group behind the huge SolarWinds attack is still at large and now targeting NGOs. In a world full of connected endpoint technologies, both modern tech companies and cyber criminals have the necessary tools and abilities to further their cause. These two industries are growing side by side, thanks to their shared obsession with the value of data.

Why email is still the most significant vector that attackers exploit

Chris Powell, head of cyber labs at 6point6, explores why email remains the most significant attack vector that attackers exploit. Read here

How are hackers harming our industries?

As with any organisation at the top of its game, cyber criminals invest hours of time in investigating the latest consumer trends and understanding innovative technologies to determine their next opportunity to strike. BlackBerry researchers took a closer look – and their worrying findings prove that organisations need to be investing in more powerful defences than ever to stop the dark side of the tech boom.

Social media

Businesses know the power of social media, and so does the BAHAMUT threat group. With targets including NGOs, government leaders and industry figures in India, the Emirates and Saudi Arabia, BAHAMUT’s understanding of targets and attention to detail goes above and beyond many similar groups. This is possible through techniques including manipulating victims via social media, fake news sites and personas of real news anchors. It even uses ‘fake’ apps, which can be readily found on the Android and Google Play stores, to lure victims.

These shiny facades give nothing away through dodgy-looking links or suspicious lines of code. By earning the trust of those who visit their fake sites, the group lines victims up for phishing and threatening personal email messages which include shocking demonstrations of how well they know their victims’ lives. And, like any modern, influential company, it is highly adaptable, quickly changing tactics to correct mistakes which allows them to continue hiding in plain sight.

Next-generation ransomware

Services are sweeping the business scene, as organisations package together their expertise and products to offer easy solutions to those without their own time or resources to complete a task. Ransomware-as-a-service is exactly the same, and it’s already being used as a threat in cases such as Mountlocker. Attack vectors can be loaded up with new capabilities and sold to those wishing to carry out attacks. Worryingly, this diversifies the pool of those with the capability to attack, making ransomware available to all.

Moreover, the way ransomware attackers operate is modernising to capitalise upon fear. No longer are attackers seeking a quick payment in return for the restoration of systems: they know that reputation is worth far more. One particularly worrying example is the Vastaamo ransomware attack, which took place in October 2020. Cyber attackers held therapy records to ransom, threatening to reveal individual patients’ private conversations unless they were paid in Bitcoin. These modern attack techniques aren’t just taking a toll on business – they’re jeopardising long-term mental health.

Weaponised deepfakes

The future of communication is video and audio-based, according to many reports. Techniques used by threat actors are no different. One of the first cases of deepfake weaponisation in the workplace was discovered in 2020, when a senior official was tricked into transferring money after receiving a call from a fraudster impersonating the CEO’s voice using deepfakes. Remote connectivity during the pandemic has seen such techniques boom in popularity, while GIFs, photoshops and face swaps continue to plague the general public.

While the majority of cyber attacks continue to involve ransomware, hacking, and phishing (the latter now complete with psychological tricks based on the pandemic to compel the reader to open the message), threat actors may look towards increasing the weaponisation of deepfakes, as video conferencing and remote connectivity become more widely used in the new world of work.

Double-extortion ransomware: the new trend for businesses to prepare for

Chris Huggett, senior vice-president EMEA at Sungard Availability Services, discusses what to consider about double-extortion ransomware. Read here

How can organisations fight back and reclaim their data?

In possession of a network of experts armed with deep knowledge of today’s latest technologies, and a marketplace for selling malware to anyone who wants it, there is no doubt that cyber crime is an advanced industry with huge potential to make a catastrophic impact. It will only continue to become more powerful as technology develops globally. The only way to stop advanced technologies is to fight fire with fire: deploying the latest cyber security innovations and continually adapting them to tackle new threats.

A prevention-first approach is by far the best way to reclaim complete control of your data, so robust perimeter defences should be every company’s first port of call. To provide expert back-up for hardworking but chronically understaffed cyber security teams, artificial intelligence (AI) is the solution that evolves quickly, responds faster, and never gets tired of fighting against threats. Leveraging AI, machine learning and automation, today’s intelligent technologies are capable of making the superfast, smart decisions required to manage the huge year-on-year increase in cyber attack volume and sophistication.

Ensuring there are no chinks in the armour of organisations is a critical full-time job. Cyber security teams and their intelligent technology counterparts must work seamlessly together to provide the highest level of security and management possible to counter the criminals. By using technology and expertise to analyse and define risks, make decisions based on big data, and dynamically apply a set of zero trust policy controls, organisations can fight back against the these well-trained threats, and reclaim control over their data.

Written by Keiron Holyome, vice-president EMEA at BlackBerry

Editor's Choice

Editor's Choice consists of the best articles written by third parties and selected by our editors. You can contact us at timothy.adler at stubbenedge.com