How Businesses Can Protect Their Assets Against Cybercriminals

How Businesses Can Protect Their Assets Against Cybercriminals

· Cybercriminal ecosystem more mature than ever, reflecting legitimate cybersecurity sector

· Understanding how illicit services interact is key security priority

As the coronavirus pandemic intensifies and workers are asked to work from home, cybersecurity risks increase. Companies have had only a few weeks to set up complex technology that allows their employees to work remotely. Furthermore, the cybercriminal industry is evolving, with a growing shadow economy that trades goods and services in much the same way as the legitimate cybersecurity sector.

This growing service economy has tools for hire, service providers, channels and end users. Cybercriminals of different levels of experience can acquire the necessary tools to launch a malicious campaign designed to attack business, governments and individuals. Particularly remarkable is the commitment of cybercriminals to adjust business practices to meet the needs of their customers, just like organizations in the cybersecurity industry.

A recent report published by Blueliv, a threat intelligence provider, called DARK COMMERCE: Exploring the cybercrime industry and its business models: Part I.,  analyzes all these topics.

According to the report, understanding how attackers use these tools and services helps organizations prepare defenses and protect their assets by:

1. Analyzing trends and patterns across different services: learning about how the cybercriminal ecosystem operates helps identify potential vulnerabilities and apply cyber-hygiene best practices and education programs

2. Building complete threat actor profiles: understanding the interrelations between threat actors enables organizations to put in place effective defensive measures, appropriate to their business size

3. Assigning priorities and accelerating decision-making: attacks can be stopped in their tracks and their impact mitigated with relevant, targeted, actionable threat intelligence

Daniel Solís, CEO & Founder, Blueliv, commented: “The cybercriminal ecosystem is rapidly modernizing and developing – its own industrial revolution. The process has been so profound and far-reaching that cybercrime can legitimately be called an industry in its own right. And just like our industry, collaboration is key and centered around knowledge exchange and enriching services. The reference document we’ve produced contains enriched intelligence for CISOs and threat analysts alike to help them fight cybercrime.”

As the cybercriminal ecosystem matures, most sectors continue to struggle with a cybersecurity skills shortage, along with managing the sheer volume of threats and alerts.

Solís continued: “Intelligence gathering goes far beyond feeds. It means putting the information into context. Intel in this report can be found in Blueliv’s Threat Context module: it offers a comprehensive collection of threat actor profiles, linked to relevant IOCs, fresh campaigns, weaponized tools and exploits, and their behavior mapped to MITRE ATT&CK techniques. Threat Context helps MSSPs and MDRs as well as CISOs and threat hunters do their jobs, and do them well.”

Blueliv’s report is a reference whitepaper for the cybersecurity industry. DARK COMMERCE: PART I is divided into sections that provide detail on: how cybercriminals acquire malicious code; what modifications can be made to improve it using packers/crypters and obfuscators; how to test its effectiveness using no-distribute antivirus scanners. It concludes with a section dedicated to how companies of all sizes can combat this illicit industry.