MEET THE THREAT ACTORS
Meet The Threat Actors, Part 5: Organized Crime
Andrew McIntosh | June 29, 2020
I’ll make him an offer he can’t refuse.
That’s right, this week we’re looking at the mafia. Wait no not that kind. The cyber mafia, and they’re here to break your cyber kneecaps.
Not that that’s any better.
With buzzword bingo out of the way, what are we talking about? I thought blackmail and extortion were only in those gangster movies you like watching so much.
Unfortunately, not. Just like how your mom got online with an iPad and her reading glasses, organized crime groups are doing this too. For them it just makes sense – why hold someone hostage in person when you can hold their computer hostage instead? It’s a much lower risk for a much greater reward.
At the moment, organized crime groups are looking to do one of two things to your company – they either want to grab as much personally identifiable information as they can, or hijack and ransom all of your business-critical resources. Both pretty bad outcomes.
Looking at current trends, it’s especially worrying – in the first 6 months of 2019, ransomware attacks have nearly doubled and business email compromises are up over 50%.
And it’s not just the big fish that are under siege – small businesses are softer targets, since they don’t invest as much money on security. Malware and ransomware kits are sold on the dark net and often come with instructions to get started, and possible targets.
You heard me right. Literally attack in a box kits. Less happy meal and more crippling systems.
We’re in uncharted territory and the cyber sharks are circling – so what can you actually do to stop them?
Well this is where it’s good news for once!
Because organized crime is just that – crime on a huge scale, law enforcement are rounding up the cyber bandits and taking them to the cyber slammer! Wait what do you mean that isn’t how it works? Oh, right. Regular jail.
Within your business there are also steps that you can take, to reduce your attack surface and lower risk. Defense in depth is your biggest tool here – the more layers you can put in front of an attacker, the more difficult it’ll be for them to break through – just like how you put more layers on when it’s cold outside.
Antivirus, firewalls, user training and more – all of these safeguards can be built into your network design and will help. Of course the incident response plan is always handy to have too – as we’ve discussed before, knowing what to do when you think you may have suffered a breach is incredibly important.
With organized crime, threat intelligence can also be used to help inform your defense strategy.
Threat intelligence at its most basic form, is external information about threats that you can consume and use to inform your decision making process. It’s best to implement all three types where you can, to ensure you’re getting as complete a picture as possible:
- Strategic: taking the reports that get released looking at various specific groups, and using that information within your IT team to bolster defenses
- Tactical: looking at the techniques and processes that threat actors take to inform your design considerations
- Operational: arguably the best at a “knee jerk” reaction – information from your operating systems, to work out if someone’s planning to tangle with your business
At Skye technologies we are well equipped to help you implement the security safeguards that fit your organization the best – taking into account all the processes within your business. We also have experience with threat intelligence so can always rest assured there’s someone keeping an eye on your network. Get in touch today to hear more.
Guide: 10 Steps to Improve Your Business Technology
We put together an “IT recipe” that can produce better results, tighter security and higher productivity for your business.
Enter your email address below to get it now!