Cybercrime is world’s third-largest economy
Cybercrime has emerged as the dark underbelly of the digital era, growing at an alarming rate and now standing as the third largest economy in the world. It is imperative that individuals, businesses, and governments recognise the magnitude of this threat and take proactive measures to secure our digital landscapes. Ignoring this type of organised criminal activity is not an option; it’s time to invest in robust cyber security measures and collaborative efforts to safeguard our interconnected world.
According to the World Economic Forum (WEF), cybercrime has emerged as the world’s third-largest economy, trailing only the United States and China.
Cybersecurity Ventures, projects that its impact will reach $10.5 trillion by 2025… The availability of online access to networks and ransomware has played a pivotal role in driving this exponential growth, and this accessibility has opened the doors for individuals with varying levels of technical expertise to launch sophisticated cyber and ransomware attacks.
A detrimental impact on the global economy
As with any type of theft, there are going to be losses… Unsurprisingly, cybercrime is having a detrimental impact on the global economy. Business losses continue to mount, and economic gains continue to rise – even surpassing the combined revenues of tech giants like Tesla, Facebook, Microsoft, Apple, Amazon, and Walmart, which amount to $1.28 trillion annually.
This burgeoning “cybercrime economy” thrives on exploiting vulnerabilities in technology and human behaviour, generating staggering amounts of ill-gotten gains. With the global dependence on digital infrastructure, the scope and impact of cybercrime continue to grow, yielding substantial profits that rival the economic outputs of entire nations.
This digital dependence, as we all know, drastically increased with the COVID-19 pandemic. With more employees than ever relying on the internet for remote connectivity and the transfer of official documents and files, previously restricted and confidential information becomes more vulnerable to hacking attempts. Couple these digital dependencies with the rate at which technology changes, and the security landscape becomes even more vulnerable.
Artificial Intelligence (AI) is both a revolutionary tool and a double-edged sword in the realm of cyber-attacks. Its accelerating role in these attacks can be attributed to several key factors.
Automation: The automation of complex exploits and optimizing malware.
Hyper Targeting: AI enables hyper-targeted attacks through personalized data analysis and aids rapid reconnaissance for vulnerability identification.
Speed: AI-driven bots can quickly perform tasks like credential stuffing.
This escalating trend creates an arms race in cybersecurity, where attackers use AI to bypass AI-driven defences, and as AI evolves, adapting cybersecurity measures becomes crucial to outpace this evolving threat landscape.
However, it’s not just the technology that’s getting smarter.
To avoid detection from law enforcement and other fraudsters, cybercriminals have formed exclusive and secretive discussion boards, further fragmenting the cybercrime markets. Several years ago, the cost of global cybercrime had already surpassed the size of India’s economy, illustrating the magnitude of this issue. The value of a business now heavily depends on its ability to safeguard its data, maintain robust cybersecurity measures, and demonstrate a high level of cyber resilience.
After the high-profile attack on Colonial Pipeline, cybercriminals have become increasingly greedy, leading to a surge in ransom demands. The attack inflicted a staggering $4.4 million extortion on the company in 2021, further incentivising other threat actors to escalate their efforts.
According to research conducted by Sophos last year, the average ransom payment skyrocketed to $800,000, and a recent report from Nozomi has suggested that cyber insurance might be partially responsible for this trend.
The report also highlighted that cybercriminals are meticulously studying cyber insurance claims policies and tailoring their ransom requests to align with potential insurance pay-outs.
To combat this, I want to emphasise the need for companies to prioritise investing in proactive cyber prevention, protection, and remediation measures as their primary defence strategy. While some victims still view making an extortion payment as the easiest way to resolve a ransom attack, others are starting to follow a different path.
Chainalysis reported a 40% drop in revenue from ransomware attacks in 2022. This indicates a shift in response strategies among targeted entities.
Organised crime also finds a haven on the dark web. A concerning trend is the increasing collaboration among cybercriminal entities, leading to more severe future attacks and refined targeting strategies.
Ransomware developers are collaborating to pool hacking methods, malware codes, tech resources, and target lists. Distinct hackers are honing expertise in specific hacking phases—some in footprinting and reconnaissance. This intel is relayed to another group for scanning, and another for gaining access. This collaborative approach enhances their capabilities and chances of success.
The realm of cybercrime is intricate and concealed underground. Across various nations, cybercriminal gangs forge alliances to exchange intelligence, research, and potential exploits. They collaborate, disband, and reassemble, employing this strategy to remain invisible.
These threat actors will continue to target organisations that have failed to patch their software vulnerabilities. To mitigate the impact of ransomware attacks, it is crucial for companies to implement secure access controls, segment their networks, enable multi-factor authentication, and regularly assess and test backup strategies. Ongoing employee training and the strengthening of email security solutions play a vital role in detecting and intercepting threat actors before they breach network perimeters.
The Gamification of Extortion
As the economy of cybercrime grows bigger and more powerful, cybercriminals naturally become even more confident with their attacks. This shift is prevalent through the behaviour of infamous hacker group, Lapsus$.
Since at least 2019, Lapsus$ has been an active hacker group, gaining notoriety for its high level of organisation and substantial funding, drawing members from various countries worldwide.
Lapsus$ has earned a reputation for targeting high-profile government and corporate entities, using sophisticated malware and encryption techniques in their cyberattacks. They have displayed a knack for infiltrating their targets through social engineering or bribery, resulting in successful attacks on prominent organisations such as Nvidia, Samsung and Uber, leading to significant financial losses and raising concerns about security.
Currently, LAPSUS$ operates a Telegram channel, permitting posts from the group itself, sharing information regarding new breaches or links to access released data, another use of the channel is as an open chat room, welcoming anyone to join and post messages. According to Vice, this channel hosts over 10,000 members, with many engaging in light-hearted interactions and sharing memes, much like other hacking communities on platforms like Telegram or Discord.
In the past, LAPSUS$ also had its own website. Security researchers have noted that LAPSUS$ stands out for its use of Telegram to publicly announce breaches, which is an uncommon practice. The group demonstrates a desire for attention, frequently involving the public in voting on which victim’s data to leak next through their Telegram channel.
Unfortunately, it appears the gamification of cyber-crime isn’t going anywhere any time soon…
Key Takeaways 2023 – So far, a year of high-profile attacks.
In 2020, cyber attacks emerged as the fifth highest-ranked risk, now pervasive in both public and private sectors. This high-risk landscape persists, and by 2023, IoT cyber attacks are projected to double by 2025. Alarmingly, the World Economic Forum’s 2020 Global Risk Report underscores the challenge, revealing a mere 0.05 percent rate of detection or prosecution for these threats.
The world has seen direct attacks against organisations like Twitter, which lead to one of the most significant data leaks to date, and JD Sports whose breached servers exposed online order information of 10 million customers.
Alongside these direct attacks, we have witnessed third-party supply chain attacks, which subsequently left The BBC, Boots and British Airways vulnerable to malicious actors (notably via the MOVEit data breach). If large organisations can be compromised, it raises serious concerns about the vulnerabilities faced by smaller businesses and SMEs…
With ongoing new stories highlighting ‘yet another breach’, it often seems that the hackers are always one step ahead. But this is not the case.
Toolsets and strategies are out there to proactively defend against an attack, however many organisations are still yet to recognise this – the recent Cyber Security Breaches Survey found that in the last 12 months only 21% of businesses have a formal incident response plan and only 11% of organisations have carried out a pen test.
How to mitigate the threats
It is important to highlight the role of employees in protecting sensitive information, an aspect often overlooked in many reports that primarily focus on external threats. Human errors, such as falling for phishing scams, unknowingly downloading malware, using weak passwords, or neglecting security protocols, contribute to many successful breaches.
In fact, studies have shown that 70% of corporate data breaches result from employee error or malicious intent. To successfully defend against cybercrime, organisations must recognise that everyone has their responsibility and role to play in this ever-changing landscape, and that a 360 solution is the best chance a business has to mitigate cybercrime threats.
So how exactly can this be done?
If you’re looking for proactive solutions, both training and testing are recommended:
User Training: Users are your first line of defence, and so investing in comprehensive user training and phishing awareness is key in preventing hackers from gaining access to private systems. Further necessary measures involve conducting a digital footprint review with senior stakeholders, as a pre-emptive measure against hackers by assessing online traces left by an individual or organisation.
Offensive Testing: Offensive testing involves diverse approaches, designed to evaluate security measures. These approaches include:
- Red Teaming to simulate advanced threats.
- Breach and Attack Simulation Services to identify vulnerabilities and enhance incident readiness.
- Vulnerability Assessments which provides a foundation for prioritised mitigation.
- And finally, Penetration Testing to replicate real-world attacks. These tests collectively bolster security by detecting and mitigating potential weaknesses.
We highly recommend Penetration testing, as it plays a vital role in understanding the vulnerabilities hiding within the infrastructure of your organisation.
Some organisations are now taking pen testing one step further, and one of the best ways to do this is through a penetration testing retainer. Retainers (usually quarterly) provide ongoing, proactive security assessments rather than one-off tests, ensuring consistent monitoring of vulnerabilities and adapting to evolving threats. Retainers enable swift response to emerging risks and allow for regular testing as systems change.
Investing in robust penetration testing enables you to critically evaluate your cyber resilience and put the correct security measure in place, to avoid a real attack from costing you time, money and your reputation.
If you’re looking for 24/7/ support, choose:
Ongoing Threat Hunting and Real Time Defence: For 24/7/365 peace of mind, a proactive SOC team is indispensable in the ongoing battle against cybercrime for any organisation. In today’s digital environment, where cyber threats are constantly evolving and becoming more sophisticated, a SOC team serves as a critical line of defence and visibility of your infrastructure. They possess the specialised knowledge, skills, and tools necessary to actively monitor, detect, analyse, and respond to cyber threats in real-time.
People ultimately play a pivotal role in enhancing the overall cyber resilience of an organisation, and in a digital age defined by innovation and connectivity, the power to halt the surging economy of cybercrime rests within our collective determination. By fostering a culture of cybersecurity awareness, educating ourselves about potential threats, and implementing robust protective measures, we can dismantle the very foundations upon which cybercriminals thrive.
If you’re looking for more information about how and where you can improve your organisation’s security posture, get in touch today.
Want more updates from Andrea and the Stripe OLT security team? Our monthly newsletter Access Granted provides a full round up of the latest cyber security news and views to stay up to date – you can sign up here today.