Takeaways from Usherwood Webinar: "The Business of Cybercrime"
On Thursday, October 5th, Usherwood partnered with Huntress to present a cybersecurity webinar addressing the growing business of cybercrime. Ethan Tancredi from Huntress spoke about how hackers are making money using the unique underground market for cybercrime and malware as a service.
An Underground Market Is Surfacing
It may surprise you to learn about the platforms and business models offering hacking services for cybercriminals to shop around for. Tancredi spoke about the once obscure and now ever-growing business of cybercrime, where talented hackers will list their hacking and internet scam services for tiered pricing.
It’s Harder Now to Get Away With, So Criminals Have Gotten Smarter
Tancredi talked about how difficult it is for hackers to make money with their nefarious services since money transactions can be tracked and link them to criminal activity. However, the hacker community has found ways around this by buying and selling cryptocurrency services. This allows them to anonymously send and accept money transactions, which, unlike regular currency transfers, cannot be undone.
Even with the loopholes for making money through cybercrime, hackers tend to be more interested in activism and fame. This makes them even more aggressive in their transgressions against businesses because they are not likely to let up.
How Cyber Attacks Have Changed Over Time
Cybercrime has not always been so aggressive or sophisticated, Tancredi said. For one, it used to be a bigger problem for individuals than businesses. It was simply a small annoyance for companies that had backups for data anyway. When hackers realized that individuals usually don’t have substantial resources to steal, they moved on to targeting businesses.
“It’s kind of like, why do you rob a bank? That’s where the money is. So, why would you target businesses? That’s where the money is; that’s where they can get it,” said Tancredi.
Originally, cyber-attacks would target only a small handful of devices on a network, which quickly changed when hackers realized they could make real money through more aggressive takedowns.
“The threat actors were like ‘Hey, just like any good business, we need to remove barriers to the expansion of our business’,” Tancredi said
This led them to advance their hacking capabilities so it would be easier to “detonate” across all of the machines in a network, completely compromising a business all at once.
What are Malware and Ransomware?
Malware can take many forms, and since hackers target businesses that have more money to steal, ransomware is a common type used. Ransomware is when cyber criminals steal and hold sensitive data hostage and demand money to give it back. They will also threaten to keep essential networks shut down, grinding productivity to a grinding halt.
Ransomware Attack Negotiation
The real evolution of cybercrime as a business happened when professional ransomware negotiators emerged to consult businesses that fell victim to these attacks. Once cybercrime gangs noticed this trend, they started developing counter-negotiators to fire back and get the most amount of money out of ransom negotiations.
Does this sound familiar yet? This is where the “business of cybercrime” emerges, which refers to the mini economy of cybercrime networks that seem to function like any reputable business would.
Big Money to Be Made in the Business of Cybercrime
“The ransomware cartels [function] as businesses- they have the monetary resources equivalent to small nation-states,” Tancredi said of recent studies into the staggering statistics of cybercrime.
Hackers can make a lot of money doing this just for creating specialized tools that can skim information.
“The most successful businesses are those that specialize. Cybercriminals are specializing,” Tancredi said. “One of these ‘bot masters’ earned $100,000 per year, and all his bot did was crack into Netflix and other streaming accounts that he then resold on cybercrime forums.”
Cybercrime Forums and Dark Web Commerce
“Breach Forums” was a forum that was recently shut down by the federal government hacking services bought and sold by cybercriminals. Tancredi dug into the ins and outs of this Amazon-like platform, showing how easily users can advertise their services. These would include phishing email templates, service listings with prices, and more. There was even a ranking system for users, including titles like “VIP” and “God”.
“Maybe you just want to buy some victims. Well, here you go,” said Tancredi, showing a listing on Breach Forms for a list of leaked information for hackers to target.
Ransomware As a Service
Another topic explored was the buying and selling of malware services that nefarious actors can purchase to do the work for them in their cyber-attack attempts. Just like regular software, users can pay to download these malware programs to easily target their list of victims.
Methods of Cyber Attacks and What You Can Do
“To be honest with you, the biggest threat is actually business email compromise,” said Tancredi.
To provide a solution to those worried about cybercrime, Tancredi laid out some best practices for businesses to follow to protect themselves. These steps included:
- Taking an asset inventory (systems, applications, users) to evaluate vulnerabilities and sensitive data
- Basic IT hygiene, including software patching, MFA (Multi-Factor Authentication), segmentation, and other best practices
- Reducing attack surface by getting rid of old devices and data management systems
- Have data backups and assume an incident will happen, instituting a Business Continuity Plan
- Monitor, detect, respond, and actively hunt down threats
Even with these plans and defenses in place, Tancredi made it clear that hackers will continue to innovate and find new ways around security protections.
“The more protective layers put in place, the harder it is to get in. But nothing is impossible. There should be no vendor out there that says they can protect you 100 percent,” warned Tancredi.
For this reason, Tancredi said, you will need to partner with an experienced managed cybersecurity service provider that will be able to help you effectively use all the latest tools in the industry.