lolloj - Fotolia
- Kathleen Richards, Information Security
Law enforcement in 12 countries joined forces earlier this year to take down DDoS-for-hire site Webstresser.org. Early reports claimed that distributed denial-of-service activity dropped by as much as 60% in Europe in the days following the arrests of the website's operators in April.
That small victory is promising, but more needs to be done.
Organized cybercriminals are gaining momentum and profiting from an economic ecosystem of systematic activities and hyper-connected infrastructure. A cybercrime study released in April describes this economy as platform criminality, a term coined by author Michael McGuire, a senior lecturer at University of Surrey, a public research university located in Guildford, U.K. It is similar to platform capitalism, the business model used by companies such Facebook, Google and Amazon to connect individuals with data and tools that benefit them. Crimeware as a service is an example of platform criminality, according to the cybercrime report "Into the Web of Profit," sponsored by Bromium.
Walmart CISO Jerry Geisler said this emerging threat landscape and the frequency and sophistication of attacks is a key challenge for modern CISOs.
"If you go back to when you first started seeing cybersecurity issues in the 1980s, the attacks were not consumerized," he said. "They required someone with a fairly high degree of knowledge to execute the attack, and the attack may not have been that sophisticated."
Instead of dealing with a handful of skilled individuals with some technical savvy, today organizations may face thousands of potential cybercriminals with limited knowledge who purchase malicious software, namely exploit kits and other crimeware, to carry out illicit activities online.
According to McGuire, data is what fuels this "web of profit," and valued information has expanded beyond personally identifiable information on credit and debit cards to include login information for banks and other accounts, schemes involving travel loyalty points, and government hacking tools. The revenues from cybercrime -- which include illicit and illegal markets (50%), trade secrets and IP theft (35%), stolen data trading (11%), crimeware as a service (less than 1%) and ransomware (less than 1%) -- have already reached an estimated $1.5 trillion annually, according to the cybercrime study.
The shift toward organized cybercrime started years ago with high-profile attacks documented in the 2013 to 2014 time period. As the problem gets worse, information sharing among companies remains limited. Collaboration among law enforcement and companies worldwide could help. New technologies that recognize the increased value of data -- as currency -- may also be needed to weaken the forces driving the cybercrime economy.