The [Cyber] Barbarians are at the [Internet] Gateways?

If you follow security news in media you get the impression that there are millions of super-evil super-intelligent nation state and hacktivist hackers constantly attacking you, and you specifically, in order to ruin your day, your business, your life, and perhaps even the lives of everyone you have ever known. Is this true? Are there hordes of barbarians targeting you specifically? Probably not.


Monsters waiting outside your gates to attack at first opportunity? That may be, but it is most likely not because they think your infrastructure is particularly tasty!



So what is the reality? The reality is that the threat landscape is foggy; it is hard to get a clear view. What is obviously true, though, is that you can easily fall victim to cyber criminals – although it is less likely that they are targeting you specifically. Of course, if you are the CEO of a big defense contractor, or you are the CIO of a large energy conglomerate – you are most likely specifically targeted by lots of bad (depending on perspective) guys – but most people don’t hold such positions, and most companies are not being specifically targeted. But all companies are potential targets of automated criminal supply chains.

The most credible cyber threats to the majority of companies and individuals are the following:

  • Phishing attacks with direct financial fraud intention (e.g. credit card fraud)
  • Non-targeted data theft for the sake of later monetization (typically user accounts traded on criminal market places)
  • Ransomware attacks aimed at extorting money

None of these attacks are targeted. They may be quite intelligent, nevertheless. Cybercriminals are often quite sophisticated, and they are in many cases “divisions” in organized crime groups that are active also in more traditional crime, such as human trafficking, drug and illegal weapons trade, etc. Sometimes these groups may even have capabilities that mirror those of state-run intelligence organizations. In the service of organized crime, they develop smart malware that can evade anti-virus software, analyze user behaviors and generally maximized the return on their criminal investment in self-replicating worms, botnets and other tools of the cybercrime trade.

We know how to protect ourselves against this threat from the automated hordes of non-targeted barbarians trying to leach money from us all. If we keep our software patched, avoid giving end-users admin rights, and use whitelists to avoid unauthorized software from running – we won’t stop organized crime. But we will make their automated supply chain leach from someone else’s piggybank; these simple security management practices stop practically all non-targeted attacks. So much for the hordes of barbarians.

These groups may also work on behalf of actual spies on some cases – they may in practice be the same people. So, the criminal writing the most intelligent antivirus-evading new ransomware mutation, may also be the one actively targeting your energy conglomerate’s infrastructure and engineering zero-day exploits. Defending against that is much more difficult – because of the targeting. But then they aren’t hordes of barbarians or an army of ogres anymore. They are agents hiding in the shadows.

Bottom line – stop crying wolf all the time. Stick to good practices. Knowing what you have and what you value is the starting point. Build defense-in-depth based on your reality. That will keep your security practices and controls balanced, allowing you to keep building value instead of drowning in fear of the cyber hordes at your internet gateways.

Cybercrime one of 5 top organized crime threats to Europe according to EUROPOL

Europol has recently released its 2017 report on organized (SOCTA) crime in the EU. In this report they identify 5 key threats to Europe from organized crime groups. In addition to cybercrime itself, the report pulls forward illicit drugs crimes, migrant smuggling, organized property crime and labor market crime. Cybercriminal activities are often integral to or supporting also the other key operations of organized crime groups.

Organized crime groups are highly adaptable, and cybercrime is not an enabler of much of their more traditional criminal businesses. Threat intelligence becomes a key part of any defense strategy when the adversary is a powerful and diverse organization. 

Key tools of organized crime groups are

  • Corruption
  • Counterintelligence against law enforcement
  • Money laundering
  • Document fraud
  • Online trade
  • Technology
  • Violence and extortion

They carry out crimes through currency counterfeiting, various cybercrimes including child exploitation, payment fraud, data trade and malware campaigns. Also sports corruption is a major area for organized criminals, drawing profits from the gambling markets.

Document fraud is increasing and is a significant threat to Europe. It is an enabler of types of criminal activities, including terorrism. These documents are increasingly traded online.

Document fraud is one of the key drivers of identity theft. Document fraud can be necessary to facilitate other criminal activities, and cyberattacks may be used to steal credentials used to obtain documents.

Trade in illicit goods is increasing, and a lot of this trade is conducted on darknet sites. Key products are drugs, illegal firearms and malware. Other Crime-as-a-service segments are also of interest, like botnets for hire, ransomeware-as-a service, exploit coding. Europol sees Crime-as-a-Service as a growing threat to society, according to the SOCTA 2017 report. In particular the growth in ransomeware (#fiction #usecase) targeting not only individuals but also public and private organizations is worrying.

Geopolitical events are driving changes in organized crime in Europe. Conflicts close to European borders are influencing crime through migration, need for illicit goods, as well as European targets being picked by non-European fighters performing terrorist acts in Europe. Cybercrime is one source of funding for such terror groups, in addition to cybercrime being an enabler of the organized crime groups that support the needs of terrorism through illicit firearms trade, trade in drugs and narcotics and human trafficking.

Pulling EUROPOL’s intelligence into your cybersecurity threat context

What does this mean for European businesses? Depending on your exposure, technology base and value chain, this may affect the threat landscape for your organization.

  • Increasing the direct threat level, e.g. ransomeware and payment frauds
  • Supply chain effects, including money laundering schemes
  • Threats to your intellectual property
  • Corruption affecting your markets, including partners, owners, suppliers and customers
  • Potential investments from money laundering schemes into your infrastructure

If growth in the activities of organized crime groups affects your threat landscape, it may also mean that you need to rethink your cybersecurity defense priorities. Is availability still the main threat, or are confidentiality issues coming to the forefront?