Hide this You're reading Entrepreneur India, an international franchise of Entrepreneur Media.
Today's Most Read

A Peep Into The Murky World Of Cybercrime

A Peep Into The Murky World Of Cybercrime
Image credit: Shutterstock
  • ---Shares
You're reading Entrepreneur India, an international franchise of Entrepreneur Media.
There’s no denying that cybercrime has become a business and it is booming. British insurance giant Lloyd’s of London estimated the cybercrime market at $400 billion in 2015. Again, the World Economic Forum estimates that the total economic cost of cybercrime to be $3 trillion worldwide at present. This has led Cybersecurity Ventures to predict that the crime will cost the world in excess of $6 trillion annually by 2021.

One of the forces behind the explosive growth of cybercrime is the the belief that illegal business can be safely conducted deep in a part of the Internet that most people have never seen and have no idea how to access. Called the “darknet” by some, this part of the Internet lies beyond normal web browsers, is cloaked in anonymity, and has become a haven for criminal commerce, including cyber crime.

Just as legitimate businesses have employees reporting to work everyday for profit, threat actors and agents run their businesses in much the same way with same proficiency. There are three broad segments of the threat marketplace — producers, consumers, and enablers.

Producers are the “rainmakers” of this underground business, developing tools and instruments that are used to generate multiple threats at machine speed. These threats, in turn, create risks for you and your organization. One especially troubling development in cyber threat production is the recent appearance of some very low-priced tools. In the world of ransomware, for example, the relatively new Stampado v2 ransomware is available for anyone to purchase for a price of just $39 in Bitcoins. That is a steal in comparison to other ransomware tools that cost as much as $1,800.

The significant implication of this considerable price difference is that the barrier to entry for this risky business is now very low, which results in a higher volume and frequency of cyber threats, all coming at you fast. At Fortinet’s FortiGuard Labs, we see up to 50 billion threats a day and leverage our machine learning algorithms to help analyze them.

The consumer landscape is vast and complex with all forms of illegal and malicious goods and services available. These include gift cards, illegal drugs, crime ware, data dumps, tools for cracking EMV chip cards, and more. In the deep web, consumers fall into two broad categories— buyers and renters.

Today, the number of illegal options available for purchase is staggering. Buyers can get stolen gift cards, gift cards purchased with stolen credit cards, or simply stolen credit card numbers. They can purchase tools for committing cybercrime, and can even gain access to tutorials to learn how to use them. Many malware creators offer both software for sale and malware-as-a-service in the SaaS model for a range of prices.

The growth of these risky business models has also spawned a category of threat agents called enablers. These are the service offerings that facilitate darknet business transactions, making it easier to purchase goods and services, and even mitigating the risk associated with the transactions. There are several of these — escrow services, money mules, consultants — with the newest being darknet insurance services. Yes, similar to conventional insurance, you can actually protect yourself against loss when buying malicious products from low reputation sellers on the underground.

The speed with which the business of cyber crime is growing can be attributed, at least in part, to the declining barriers to entry we just described — decreasing prices of threat creation tools, ease of access to crime services and the promotion of risk-free transactions. Additionally, the reward potential for these risky businesses is on the increase as the addressable cyber crime market grows into tens of billions of dollars.

Comprehensive Strategy To Mitigate Threats                  

To help mitigate the risks associated with these cyber threats, it’s important to consider a comprehensive strategy that includes actionable threat intelligence. Actionable intelligence about new threats and methods is crucial to improving the overall security posture of your organization, as well as your cyber protections outside of work. By “actionable,” we mean information that’s designed to result in meaningful action, such as updating devices, creating new security policies, or hardening vulnerable or targeted systems.

Another tool effective in fighting these growing threats is collaboration, or the sharing of threat intelligence between organizations and nations. A powerful example of threat collaboration is the efforts by FortiGuard Labs, Interpol, and another security vendor, where the threat research and intelligence is instrumental in uncovering a $60million and cyber criminal ring.

You Need A New Strategy To Mitigate Threats

For organisations, a security cover needs to blanket  their entire environment, providing unified visibility into IoT and endpoint devices, access points, the network core, the data center, the cloud and even applications and data. It’s important to have a collaborative system of tools that work together to monitor their network, share information, and respond to threats, no matter where they occur, at machine speed.

Edition: April 2017

Get the Magazine

Get the monthly dose of Entrepreneur delivered to you.
Subscribe Now