Talk about white-collar criminals. No longer does a bunch of scruffy hackers performing their dark deeds in a basement represent the most accurate image of the cyber criminal. More typical are rows of clean-cut employees working regular hours, doing their jobs as part of a large commercial enterprise that might resemble the one you’re working for right now.
“Cyber crimes have become much more professionalized over the last five years,” said Steve Meckl, director of Americas incident response for the cybersecurity services team atSymantec. “Whereas before they were small cells of people trying to monetize attacks, now they are professional organizations akin to companies. They have people who go to work 9 to 5.”
While they’re at the office, these employees work with off-the-shelf ransomware and have 24/7 call centers to provide them with technical help, according to Meckl, who spoke during a panel on cyber extortion last week at the Cyber Risk Insights Conference held by Advisen, a risk management data firm, in New York.
Like conventional corporations, these cybercrime enterprises allocate capital to respond to their own set of market forces. “Right now, the market for crypto ransomware is really hot, so a lot of these enterprises are investing in it,” said the Symantec executive.
This new emphasis on market forces “is changing the game in terms of responding, because you’re no longer dealing with individuals,” he added. “Now you’re dealing with organizations who are behaving more like businesses.”
And the bigger the criminal enterprise, the scarier it is for the company victimized by the attack. Asked which kind of illegal organization most frightens him, Austin Berglas, a senior managing director and head of cyber defense for K2 Intelligence, answered that it was “nation states, because they have the most time and the most resources behind them.”
Organizations that have those assets in abundance “can compromise pretty much anything. They have no constraints on them,” Berglas added. He noted that most of the corporate criminal organizations that deploy ransomware in attacks on U.S. companies are loosely affiliated with states of the former Soviet Union.
Panel moderator Winston Krone, a global managing director of Kivu, a data-breach-response firm, had a question: Why is so much cyber crime associated with Eastern Europe?
The reasons are education, government policies, and attitude, according to Berglas. “The Russians are some of the most technical on the adversary scale,” he said. But even more importantly, “they’re more bold.”
That’s because the United States would have a hard time extraditing such criminals from their host countries for crimes against U.S. companies. “It may not be that they’re more technical than, say, somebody in Canada. It’s just that they have the ability to feel anonymous, to feel that they’re protected,” Berglas said.
Lisa Sotto, a partner with Hunton and Williams, added that “in a number of jurisdictions, the folks who are working on behalf of the government also take data later on and use it for their own purposes.”
Such attackers have a “dual-hatted” nature, she noted. “They’re doing hacking on behalf of the government. But then the government doesn’t give a hoot what they do with it. They then take that data and sell it to other [Eastern European] governments.”