How does a cyber criminal get rich? It isn’t a quiz question, it’s a serious consideration, one which we need to understand. If we don’t understand what methods are used, what lengths they will go to we are going to be caught completely unaware.
Ransomware was very popular in 2016, it was the buzz word of the year in information security, I’m sure it will continue in popularity and cause even more damage through 2017. It makes the cyber criminal on average 0.5 bitcoin per successful exploitation, at least with a home user. That is an affordable amount for most to get back their valuable data. Whilst this is still a major threat and one that isn’t going away anytime soon, thankfully people are getting more aware and are starting to look out for attack vectors such as these. This would lead one to believe that this income stream is going to reduce even if only slightly for the cyber criminal.
So what could generate lots of money, from a virtually limitless pot? Well the financial markets of the world. If a cyber criminal were to take a position in one of the markets, invest a substantial amount of money in the company of their choosing and then create distrust and uncertainty in the company the stocks would fall rapidly and drastically resulting in a massive profit.
We have seen customers details being stolen from the likes of Talk Talk, Yahoo and Target in the past few years, this causes a lack of trust from a customer point of view, a drop in share prices and a significant financial loss for the company. We have seen DDOS attacks against the likes of Dyn impacting on DNS servers and making certain big websites inaccessible to some countries. Both of these things cause disruption, cost and an element of distrust and credibility loss for the organisations involved.
The above scenarios could be profitable to an attacker as they could be being paid to perform any of the above attacks, there could be financial gain if it is one competitor attacking another or they could just be doing it for notoriety and proof of concept.
However manipulation of data is a terrifying threat. If data can be manipulated, without the companies knowledge it could result in decisions that lead the business to make completely unfounded and incorrect decisions, costing money and reputation. How can a business know which data is correct, which has been altered, what to rely on, what to trust. The consequences of this could be closure of a business, job loss and ruin an economy.
For the cyber criminal quite the opposite, a company with a healthy bank balance, well positioned in it’s industry, everything pointing towards the companies shares going up. To bet against the market at this point then manipulate data the cyber criminal would stand to make a massive financial gain.
As well as business data being effected, things that allow the business to make decisions that in turn lead to a business being profitable and market intelligence data which would cause huge uncertainty and devastation. There is also the threat to critical infrastructure. Imagine if the controls that allow waste and clean water to be directed, the data that controls traffic light systems the data that supplies our power grids was manipulated? This isn’t a case of a DDOS attack where all of a sudden all power is gone, lights off and water starts flowing the wrong way. These things would trigger alarms, they would be noticed, the attack can be shutdown and be mitigated.
With data manipulation the data could be manipulated over a period of time, the data could be wrong for a period of time. A bit like the STUXNET attack that went unnoticed for nearly 6 months causing damage to centrifuges that just kept being replaced. Data manipulation could cause devastation and loss of life over a prolonged period of time going undetected.
So what do we do?
Well first off we need to stop looking for what we know and start looking at the unknown. We see a lot of businesses that still rely on traditional AV endpoint protection to protect themselves. That and the firewall on their ISP issued router should be enough to protect them from the few cyber criminals on the internet that probably won’t attack them anyway.
The threat is very real, evolving and we need to be proactive and not reactive in order to take a hold of it. You need to be looking at a baseline of your network and monitoring changes, budget permitting this can involve artificial intelligence, if not it can be as simple as a traffic analysis comparison done at regular intervals. Do you make use of honeypots, do you use IPS/IDS systems? We need to spot threats, in the same way we would looking for malware, ransomware or someone trying to steal our companies sensitive information.
If you would like any advice on how we can help you mitigate against data manipulation, or any information security concerns within your organisation please get in touch here.