Hackers are no longer a group of nerds sitting in a back bedroom, breaking into computer systems just for the fun of it. There are rewards to be reaped from hacking computer systems, and cybercriminals have become increasingly professional. Sometimes they are funded by foreign powers to spy on and cripple critical infrastructure – but more often, cybercrime is simply an illegal form of business. After all, there is a lot of money to be made.
Ransomware, which involves effectively taking your data hostage, has been on the rise for some time now. Even if you have backed up your data, you are not safe. This is because cybercriminals usually threaten to make the stolen data public if you do not pay up. This huge loss of privacy and client confidentiality is an extra incentive to pay the ransom.
DDoS (distributed denial of service) is an attack whereby multiple requests completely overload your servers. It is fast becoming another common weapon used by cybercriminals. In the past, DDoS attacks were occasionally carried out as a protest, usually for ideological reasons, but nowadays they are mostly used for extortion or to discredit the target company. The criminal will continue to attack your server until you pay up. If your turnover depends on the accessibility of your website, for instance, if you provide an online service, attacks like these can cripple your business and cost you a lot of money.
Cybercrime as a service
Cybercriminals can only attack a limited number of companies at any one time. That is why, a decade or so ago, many scaled up their “business model” to a sort of black-market franchise. The franchisor develops the tools and then rents them as a service to other cybercriminals. We call this “Ransomware as a service” (RaaS). DDoS can also be hired by cybercriminals.
So, cybercriminals can easily buy these tools without having to have the expertise to develop them themselves. They can purchase licences, and there are even different pricing models available. Then they use these tools to attack companies. A DDoS attack can be launched for as little as four euros (five dollars) a month, and RaaS kits are available for just fifty dollars.
Low learning curve for cybercriminals
These criminal enterprises operate on a highly professional basis. One infamous example is the DarkSide, an Eastern European criminal group responsible for the cyberattack on the Colonial Pipeline in the US. DarkSide, even sent out a press release at their inception. DarkSide has since disappeared off the grid but appear to be back in business under the new moniker "Black Matter." They also ran a help desk to aid the cybercriminals who used their tools and a phone number for victims to call. DarkSide even assisted in the negotiations between the cybercriminals and their victims.
So, cybercrime no longer requires specialist knowledge or deep pockets: getting in is very easy. Cybercriminals can simply visit dark web forums to find the weapons they need to get started. As such, committing cybercrime has never been easier.
Cybercriminals go for easy targets
In the past, cybercriminals often preferred the big targets such as international companies or government institutions. Intrusions like these were complex and time-consuming, so not every criminal could pull them off. But they only needed to accomplish one or two hacks to be able to ask for a large ransom. Therefore, the hard work involved was worthwhile.
But with Ransomware as a service, cybercrime is now within the reach of every criminal. Ransomware has become a commodity and cybercriminals are using it on a massive scale, seeking easy targets. Smaller companies, too, are in the crosshairs these days, as they generally do not have as strong a security presence as bigger organizations. Organizations are becoming more and more dependent on Internet-connected IT to operate, allowing cybercriminals to demand more money for a successful ransomware attack.
It is mainly the large companies that fall victim to ransomware that are in the news; banks being unable to process transactions, large data leaks for government departments or social media platforms having account details exposed. Because of this, smaller companies experience a false sense of security, believing that they will never be the victim of cybercrime. This is a misconception: nobody wants to read about the small businesses that are victims of ransomware, so they do not make headlines. But attacks are happening every day. What is more, before GDPR came into force, only an estimated 10% of cyberattacks were actually reported to the authorities. Research by Trend Micro Research shows that Belgium was one of the countries that was most frequently attacked by DarkSide. And although DarkSide made claims to have shut down, it is well known that cybercriminals are skilled at reviving themselves and continuing their hacking activities under a new guise.
How can organizations protect themselves against cybercrime?
The professional approach and advanced attack systems used by cybercriminals mean that simply having an antivirus package is no longer enough to protect you. Instead, you need a more sophisticated system, so that cybercriminals are less likely to try to hack into your organization and, if they do attempt to, they will face a strong defence.
Detecting cyber breaches is an important step in your defence. Without a detection system in place, cybercriminals cannot only break in without being noticed but they can also stay under the radar for longer. This gives them the time to steal more data and then demand a higher ransom.
Detect and respond
In our blog post “Becoming cyber resilient: Managed Detection & Response shuts down security breaches quickly and efficiently”, we explained how you can detect cybersecurity threats and respond to them immediately to minimize damage.
In the same way that cybercriminals have moved to an as-a-service model for scalability, you can also enjoy the benefits of a scalable model. There is a lot of work in being responsible for protecting yourself against cybersecurity threats, and it requires a high level of expertise. With Managed Detection & Response (MDR), Cegeka can keep an eye on your security 24/7. We have the professional tools and experienced security experts needed to respond to security incidents quickly and effectively.
Cybersecurity with zero worries
In our blog post "Using MDR cost-effectively against cyberattacks", you can find out more about the benefits of Managed Detection & Response (MDR) as well as about Cegeka's modular portfolio of advanced security services.
As part of this service, the Cegeka Security Operations Centre will protect you against cybersecurity threats every day, around the clock, so you can focus on your core activities without worrying about who might be trying to access your data and if you have put the right measures in place to protect it.