While your first mental image of a hacker might be the stock photo of a hooded teenager in a dark basement, most cybercriminals work out of polished organizations with executive teams and abundant staff.
It’s actually a hooded millennial in a dark server room. Close enough.
Why does it seem like this industry is always thriving?
Cybercrime is booming
That’s because it is. Cybercriminals run such a prolific and productive economy that they’re costing the world hundreds of billions of dollars every year. If that’s too big to wrap your head around, think of how much they profit from data breaches alone targeting giants like Twitter and Walmart.
An economy so large means two things: it’s easy to access their tools and expertise, and the attacks that cybercriminals can engineer are getting more sophisticated, disruptive, and costly by the minute.
In a report on global economic risks for 2020, the World Economic Forum projected their list of biggest technological threats to global commerce for the next ten years. Guess where cybercrime landed in the ranking?
And while we fret about those impacts, cybercrime organizations don’t see the same world we’re seeing right now. When they conduct their SWAT analyses, they see global pandemics and panic-inducing global events as opportunities. Opportunities to capitalize on uncertainty and on vulnerable organizations that can’t afford even basic defenses against security breaches.
You study your competitors, right? Now is the time to study your truest enemies: the organizations that are literally stealing from you.
How the cybercrime industry works
From product development and distribution to tech support and QA (and sometimes even customer service), cybercrime organizations do everything that lawful businesses do. And since they act outside the law, they regularly rob other tech companies and exploit their technologies or strategic plans to gain a competitive edge.
In this industry, stolen information is the primary commodity. That can include:
- Organizational information
- Personally identifiable information (PII)
- Authentication credentials
- Financial data
The resources they use to mine that information include malware—think viruses, ransomware, Remote Access Trojans (RATs), and other malicious software—software or system exploits, control over compromised machines, and threat actor training.
The opposite of cybersecurity services
On the services side, cybercrime organizations will sell dark web services such as:
- Distributed Denial of Service (DDoS) attacks
- Ransomware as a Service
- Access to servers
- Exploit kits (EKs)
- Infrastructure rental
Let’s look at Ransomware as a Service (or RaaS, if you will). On the dark web, ransomware is sold just like legal software. RaaS providers offer updates, technical support, and even a range of subscription plans. The key difference in these unlawful counterparts to software providers is that they are responsible for unleashing and spreading the ransomware to the customers’ targets.
It’s like getting paid to spread a virus. And in some payment models, these ransomware providers are only paid in commission, i.e. from cuts of the payments received from ransom victims.
How do you defend your organization?
As our friend Will Shakespeare wrote in Henry V, “in cases of defense, 'tis best to weigh the enemy more mighty than he seems.” Spoiler alert—King Henry didn’t defeat the French army with just one longbow and arrow.
There’s no single tool, no piece of software, that will defend you against dark web enemies. But don’t panic just yet. While you think about what you can do about these threats ASAP, consider this two-pronged approach to defensive cybersecurity:
- Up-to-date knowledge of the newest threats
- Security at the deepest level of your infrastructure
If you don’t want your ransom money to pay for some hacker’s brand-new Lamborghini, find a team that has the knowledge and the infrastructure to protect you.
We aren't just telecommunication IT service providers — we're problem-solvers. Find out how Cywest's custom network design can protect you from cybercrime.