The industry of cybercrime is one of the largest in the world. And yet, details of the number of people involved in it are unknown. This industry involves groups and organizations of various sizes. Some groups have formal organizations while others are impromptu collections of various threat actors.
Much like any other industry around the world, such an undertaking requires a well-planned supply chain. Given these threat actors known that to weaken any business one must disrupt its supply chain. The same is applicable to cybercrime as well.
However, the time to turn the table on cybercriminals is here.
The Progressively Organized Cybercrime
The majority of cybercriminals are financially motivated. Breaches in today’s era are mainly driven by threat actors who utilize ransomware to steal and sell sensitive information on the dark web. Evidently, we have seen a sevenfold rise in ransomware attacks towards the second half of last year. And it’s only because it works.
The stark reality is, more than half of the attacks run by cybercrime organizations are set up as efficiently as any organization. People only know the programmers behind the attacks since their work is closely tracked through various means like research and attack trend. But these organizations have other roles in their business as well, like business heads, business enablers, call centers that assist victims to pay their ransom, and people who manage the money on the back end so it remains untraceable to the law enforcement.
They simply could be anyone. They may be part of a single criminal organization, a state-sponsored actor or organized crime group, or an affiliate such as the Egregor ransomware-as-a-service operation. Regardless, of which federation they belong to, they all have the same goal and their approach to work is just like anyone else. The only exception is their revenue stream which consists of stolen data and extorted money.
Cybercrime organizations have continued to innovate and evidently hacking has become increasingly sophisticated. That is why the industry of cybercrime has continued to grow so dramatically, requiring law enforcement and other organizations to disrupt the flow of illicit funds.
The Cybercriminal Supply Chain
It is highly imperative to understand the cybercrime supply chain for the digital defenders since in a more sophisticated system multiple players play together. The suppliers of malice are the creators and producers of things like malware and zero-code exploits. They market their technologies with distributors or affiliates, who sell these solutions to clients and partners further. It resembles closely the reseller/channel system.
They use their supply chain to disrupt and infiltrate the victim’s supply chain.
There is also a financial component involved. There are individuals employed on the back end to manage transactions, secure funds, launder money, and distribute “payroll.” Account managers could also be employed who would coordinate the sale of ill-gotten information on the Dark Web. Many of these individuals are not criminals, they are just unaware of the illegal nature of their work.
Disrupting the Supply Chain
Since the majority of cybercriminal organizations act like businesses, defenders can use them a taste of their own medicine by disrupting their supply chain. If cybercriminals are also forced to start over, rebuild, and shift tactics, they can be either slowed down or stop altogether, which is good news for the entire digital world. To goal is to dismantle the cybercrime models and force cybercriminals to change approaches and techniques, which require time and resources.
Threat actors need to be hit where it hurts them in order to stop them before attacking. This can include a strategy of cyber hygiene developed to expose criminals early in the attack cycle. Organizations can leverage artificial intelligence to detect and implement countermeasures before an attack occurs. And sharing threat intelligence enables shields to be raised around the world at the hint of a new attack.
Law enforcement at the same time needs to find new ways to disrupt the sales cycles, which starts by taking down infrastructures. A concerted effort needs to be displayed in shutting down data havens and service providers that look the other way when their infrastructures are used for criminal activities. However, they also need to indulge in disruption like flooding Dark Web marketplaces with deceptive content, making the entire ecosystem too unreliable to use.
Chasing the money trail is also critical since a lot of this comes down to finding and disabling the financial component involved in the business. Diplomacy and legislative action is required for this which takes its own time.
To ensure strong cybersecurity, organizations need to protect themselves by examining all facets of their own supply chains. This requires verification and certification of the security posture of third-party suppliers and vendors, both upstream and downstream.
None of these actions can be planned or executed alone or by one institution or agency. This is where partnerships and collaborations have their weight in gold since they provide an advantage that cybercriminals can’t duplicate. Information and resources need to be shared by all kinds of organizations that can ultimately help disrupt these supply chains. The entire criminal process can be undermined by rendering key elements useless.
Turning the Tables
Given malevolent actors have copied the sound business practices of legitimate enterprises enabling cybercrime to grow into a trillion-dollar industry. They have developed their own supply chain which is used to disrupt that of their victims. Organizations can choose to fight back with the same tactics by dismantling criminals’ infrastructures, identifying and stopping attacks before they get off the ground, finding and stopping their financial networks, and collaborating with public and private entities. They should conscientiously scrutinize the security of all elements across their own supply chains to close all potential points of entry for malicious attacks.
To read more, please check eScan Blog
