Think of a cyber criminal and what do you see? For many of us the answer is an obsessive loner, working from ‘criminal headquarters’ that are nothing more than a cramped bedsit.
While that image may still occasionally be true, the worrying fact is that cybercrime is rapidly evolving beyond the bedroom-based hacker.
Those bedsit warriors may still exist, but are more likely to be involved in so-called hacktivism – politically or socially motivated hacking – than fraud or theft.
Crime that pays
Cyber criminals, motivated only by money, are becoming more sophisticated and better organised. Cyber crime has evolved into one of the most lucrative crimes of all, and became the UK’s biggest criminal activity for the first time in 2015. Costs to the UK economy run into billions of pounds.
With those sorts of rewards on offer, it’s easy to see why cyber crime has outgrown the bedsit and moved into the workshops and offices of organised crime.
Research by Jumio, a US-based online payments company, found that most cyber criminals work in groups, often with six members or more. It also found that nearly half of cyber attacks originate in the Asia-Pacific region, often China or Indonesia. Russian criminals are also thought to be behind many cyber threats.
These SME-sized gangs are supported by a burgeoning black marketplace that offers specialist hacking tools and even freelancers-for-hire with expert skills in particular areas, from the production of bespoke ransomware to the criminal use of personal data.
Many gangs can also have links to traditional organised crime, which can help to finance their activities.
“The digital underground is underpinned by a growing Crime-as-a-Service model that interconnects specialist providers of cybercrime tools and services with an increasing number of organised crime groups,” states Europol’s 2016 Internet Organised Crime Threat Assessment.
The damage these organised gangs can do was demonstrated last year, when one cyber criminal enterprise stole money from over 100 banks using sophisticated malware. The gang used spying software to analyse and eventually mimic the behaviour of banking staff. After months of careful observation, the gang had gathered enough insight into the actions of bank employees to transfer an estimated $1 billion in cash into its own accounts without raising suspicion.
Even in the new era of cyber crime, small business and residential users are unlikely to be targeted by such a sophisticated, well-planned attack. But that doesn’t mean they aren’t targets. Most gangs are looking for a lot of small rewards that are difficult to trace, rather than one huge headline-making heist.
Research by Towergate insurance has exposed the extent of the threat. It found that basic but effective malware can be acquired on the ‘dark net’ for just £7. That makes all of us potential targets for smaller hacking gangs, those with basic technical knowledge, or criminals testing new tools and strategies.
But what the research also suggests is that, while it’s true that a lot of internet crime is carried out by organised, well supported groups, most cyber criminals are still looking for an easy, undefended target.
For those of us prepared to take basic precautions, the Europol Internet Organised Crime Threat Assessment has some good news. It states: “A significant proportion of cybercrime activity still involves the continuous recycling of relatively old techniques, security solutions for which are available but not widely adopted.”
A fully managed workstation from Zen MSP will go a long way to protecting you from cyber crime. We do this with scheduled monitoring, vulnerability scans, operating system missing patch scans, best in industry antivirus/anti-malware and cloud backups.