Surge In Organised Cybercrime Prompting Huge Growth Opportunity In Cybersecurity Sector
Hardly a day goes by that we don’t hear about the latest cyber-attack. Cybercrime has become all too common. Today, cybercriminals are hiding out in our digital backyards.
Having watched this space for more than five years now, what’s been most notable to me is how cybercriminals have become smarter over the years. Gone are the days of the lone-wolf, nonpartisan computer geek looking to make a quick buck. Today, your ‘typical’ cyber-attacker is part of a nefarious organisation that looks far more like a corporate enterprise than ever before. Kevin Curran, a professor of cybersecurity at Ulster University, notes that some of these “enterprises” even have “dedicated call centres” to assist victims of ransomware attacks they themselves carry out. Just let that sink in for a second.
Pyramids of organised cybercrime
Last year, Raconteur published an example of a typical organisational hierarchy for a cybercriminal enterprise. The hierarchy included coders, network administrators, intrusion specialists, data miners and money specialists. The roles were well-defined and structured, with command centralised into one key person, no different to most organised crime syndicates. Finally, each role served to ensure that the malicious activity (i.e. software) being directed at the targeted entities (i.e. machines) succeeded in delivery and installation, remained in place for as long as possible, and achieved the end goal (i.e. whatever nefarious outcome the hacker wanted such as receiving a payment in Bitcoin).
Cybercrime as-a-Service (CaaS)
At the same time as culprits of cybercrime have matured from hackers to businesses, the cybercrime itself has become a lot more efficient than ever before. Indeed, the market is so efficient today that a hacker can actually ‘outsource’ the work required for each link in a ‘cyber-attack chain’ to different parties. A hacker can do this at a relatively low cost, while also maintaining complete anonymity between each link. These kinds of ‘distributed’ attack chains allow a hacker to dampen the risk of ‘blowback’ on the chain, should one party get discovered. Distributed attack chains also allow the cybercriminal to become an increasingly invisible threat than he or she already was. This also creates a bigger feeling invincibility, making the cybercriminal even more dangerous, and able to disappear into the cyberspace away from law enforcement and security professionals alike.
The dark web
In fact, in deep cyberspace lurks a dark web. For those who don’t know, the dark web is the non-indexed part of the world wide web. It can’t be accessed by standard search engines and requires encrypted networks such as the Tor browser. As cybercriminals become better at covering their tracks, dark web dangers are growing. Perhaps the most significant feature of this world is that user identities are hidden. Earlier this year, some 617 million online account details were available for sale on Dream Market, an online bazaar on Tor. That’s a lot of account details… the population of the United States, twice!
For less than 20,000 US dollars in Bitcoin, the company account databases of the likes of My Heritage (92 million accounts), Dubsmash (162 million), MyFitnessPal (151 million) have also been listed for purchase. But the dark web is not just a place where cybercriminals go to sell stolen data. In recent years, it has become a breeding ground new kinds of cyber-attacks. The dark web now houses a host of professional training manuals and cyber-attack learning applications. According to Corey Milligan, one of the first cyber technicians for the US Army, today, a wannabe cybercriminal can simply “purchase any number of password-cracking programs” on the dark web and effectively train themselves. This type of ‘democratisation’ of cybercrime has meant that these attack tools are now available for anyone willing to purchase them.
In recent years, cybercriminals have also been upgrading to the world’s most potent technologies. According to Webroot, an internet security firm, 86% of cybersecurity professionals already believe that artificial intelligence (AI) based malware is an impending reality. Indeed AI is already being used in the fight against cybercrime, especially in the United States. Joe Levy, Chief Technology Officer at Sophos, notes that the company is preparing for AI based attacks using “a number of advanced protection techniques [such as] deep learning, which provides the best static prediction of malware at scales never before achieved; and behavioural detections that provide runtime defenses against such would-be epidemics.” Predictive cybercrime will have to be met with predictive security, in a game of probabilities that will take a leaf out of the Steven Spielberg movie Minority Report featuring Tom Cruise and Collin Farrell.
Cybercrime is not going away
Cybercrime is no longer an existential threat, it is a real risk. More than that, it is a potential systemic risk. As cybercriminal groups find ways to launch new types of attacks, and as latest technology democratises access to nefarious malware and exploit kits, carrying out cyber-attacks is expected to get cheaper and easier in the years ahead. At the same time, attacks are expected to become more complex and sophisticated over time. This means that cybercrime is an omnipresent threat; one that is here to stay.
But neither is cybersecurity
That also means that cybersecurity is here to stay. Research from Gartner finds that current worldwide corporate spending on cybersecurity lies at around $184 billion. This is predicted to grow to around $250 billion by 2023. The forecasts were made before the onset of the coronavirus, which has instigated cybercrime like never before, as ‘work from home’ and ‘work from anywhere’ have become the norm. Therefore, cybersecurity is not just a consideration for today, but represents, instead, a long-term theme that can be expected to be continually catalysed by new and evolving threats.
 Raconteur, “How organised is organised cybercrime?”, December 2017. Available at: https://www.raconteur.net/risk-management/how-organised-is-organised-cybercrime
 Forbes, “Hackers Have Just Put 620 Million Accounts Up for Sale On the Dark Web — Are You On the List?”, February 2019. Available at: https://www.forbes.com/sites/kateoflahertyuk/2019/02/12/hackers-have-just-put-620-million-online-account-details-up-for-sale-is-yours-on-the-list/#fabdf0a44188
 Raconteur, “Cybercrime is learning from business, and it’s paying off”, February 2019. Available at: https://www.raconteur.net/technology/cybercrime-business
 Webroot Smarter Security® Report, “Game Changers: AI and Machine Learning in Cybersecurity”, December 2017. Available at: https://www-cdn.webroot.com/8115/1302/6957/Webroot_QTT_Survey_Executive_Summary_December_2017.pdf
 Sophos, “SophosLabs 2019 Threat Report”, November 2018. Available at: https://www.sophos.com/en-us/en-s/medialibrary/PDFs/technical-papers/sophoslabs-2019-threat-report.pdf
 Statista, “Size of the cybersecurity market worldwide, from 2017 to 2023”. Available at: https://www.statista.com/statistics/595182/worldwide-security-as-a-service-market-size/