Page 46 - Cyber Warnings
P. 46
To fight cybercrime effectively, understand the new business
model
By Tom Gilheany, project manager, CISSP, Cisco Systems
Malware as a Service? Now that’s a nightmare.
Yet MaaS is available—for a fee, of course—for those who know where to look for it and have
nefarious reasons to want it.
Welcome to the wild new world of cybercrime organized very much along the lines of legitimate
business. Once upon a time, enterprises may have thought regulatory compliance was enough
to keep sensitive information safe. Not anymore.
The business model of cybercriminals has evolved in the last few years, and companies that
remain unaware and thus fail to keep up will find their data and other precious information
assets are vulnerable in ways that cost them dearly.
Back in the early days of the Internet, cybercriminals needed to know how to control, implement
and perform the entire theft process. They gained access to machines and identified useful
resources.
Then they sold and monetized those secrets. These days, however, they can outsource
expertise to contractors who specialize in expertise that includes infiltration, social engineering,
malware customization and the sale or brokering of stolen information or access.
Criminal enterprises are leveraging a global network of technical specialists in hard-to-extradite
or hard-to-prosecute places, and paying them in hard-to-trace digital currencies. In a few
instances, their part in the overall crime they are committing may not even be illegal in their
jurisdiction.
With teams dispersed worldwide and specialized division of labor, it is tough to track the entire
crime to compile a comprehensive evidence file.
Cybercrime’s business-like structure
Criminal organizations nowadays uncannily resemble their legitimate counterparts. They use
many of the same tools and are motivated by many of the same factors as regular businesses,
with a fraudulent twist. They seek to:
46 Cyber Warnings E-Magazine – September 2016 Edition
Copyright © Cyber Defense Magazine, All rights reserved worldwide
