Connect with us

Cyber Security

Will This Be the Year of the Branded Cybercriminal?

Avatar

Published

on

Threat actors will continue to grow enterprise-style businesses that evolve just like their legitimate counterparts.

All businesses evolve and adapt to their environments. Businesses in the Dark Web are no exception. In the burgeoning and nearly unpoliceable business climate that is the Dark Web, it’s only natural that businesses should become more “professional” — both in their revenue models and in their practices. We saw this happen in 2019 and expect even greater movement in this direction in 2020.

The “Servitization” of the Dark Web
Making money from stolen personal credentials via the Dark Web is pretty much de rigueur for would-be cybercriminals. Yet in the past, this process involved significant effort for the cybercriminal-to-be.

First, criminals needed to code or acquire a Trojan to use for infecting online banking portals or payment systems. Then they’d have to disseminate their malware and infect targets. Following the infection, they’d need to access all infected machines, harvest relevant data, and process it. Only then could they begin cashing out — selling stolen credentials or data via the Dark Web.

This process is now becoming astoundingly less complex — and infinitely more dangerous.

Servitization is the process of shifting from selling products to selling services that provide the outcomes those products deliver. This shift has transformed many above-board business models, and this same process will continue to spread across criminal networks this year and beyond. Today’s cybercriminals are already buying and selling services rather than goods in the cybercrime financial ecosystem — and this trend will accelerate.

This means that threat actors no longer need to suffer the complexities of development, infection, extraction, and monetization on their own. Rather, they can use malware-as-a-service (MaaS) — the same malware that was previously sold as a product is now being sold as a business service.

Numerous underground markets have already sprung up around this business model. For example, today there are markets on the Dark Web where cybercriminals can pay a monthly fee for access to an updated dataset maintained by threat actors. There are also pay-per-bot markets, in which buyers can view “bots” — machines infected with banking Trojans — that can conduct services and attain credentials on demand.

The fact that the level of skill required to commit cybercrimes is dropping spells trouble for individual victims and organizations alike. Underground threat actors have learned that they can reach far beyond low-hanging fruit — the credentials that come with an easy cash-out process. We will see an increasing number of threat actors targeting assets with more difficult cash-out processes because servitization can take over the heavy lifting for any given crime.

New Branded Monetization Channels Emerge
Essentially, we’re seeing cybercrime evolve into recognizably mainstream business models — and we expect this to accelerate this year.

Cybercriminals will have incentives to invest heavily in their businesses as payoffs continue to grow and enforcement lags. New cybercrime monetization channels continue to emerge — from concentrating efforts on manual transactions and listings in markets, to focusing on sales of credentials, network access, and more-sophisticated fraud. Drawing inspiration from legitimate online businesses, cybercriminals are increasingly using automation to help move stock off their virtual shelves and collect data to better monetize deliverables, and they will continue to do so.

Moreover, with the commoditization of cybercrime-as-a-service, organizations are naturally seeking differentiation to make their services stand out in a crowded market. Instead of selling services or data listings on an individual basis, threat actors will put more effort into building lasting business-like enterprises — investing more in branding, customer support and even intuitive user interfaces.

The Bottom Line
It’s time to recognize that the Dark Web operates just like any other market — supply and demand, clients and suppliers. While it might not be regulated, the market is checked by the invisible hand of cybercrime monetization channels. Given this, threat actors will continue to grow enterprise-style businesses that evolve just like their legitimate counterparts. The days of cybercriminals doing the dirty work themselves using homemade or bare-bones tools may well be nearing an end. In 2020, cybercriminals will choose professionally designed tools based on reputation, brand, logo, and even slick marketing material. The era of the branded cybercriminal may well be upon us.

Related Content:

Leveraging over 11 years of expertise in intelligence collection, Raveed Laeb is responsible for leading the product team and intelligence collection platform at KELA. Raveed has an in-depth knowledge on threat actors, specializing in the cybercrime financial ecosystem. … View Full Bio

More Insights

Source: https://www.darkreading.com/vulnerabilities—threats/will-this-be-the-year-of-the-branded-cybercriminal/a/d-id/1336707?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple

Continue Reading

Cyber Security

Russian hackers steal Prince Harry and Meghan Markle photos via Cyber Attack

Avatar

Published

on

According to a biography ‘Finding Freedom’, Russian hackers reportedly stole 100s of photos and videos related to the marriage of Duke with Duchess of Sussex that includes some snaps related to the Queen of Britain.

Authored by Omid Scobie and Carolyn Durand, the biography gives us details on why Prince Harry chose to depart the royal life to lead a quiet living in United States along with his newly born son ‘Archie’ Harrison Mountbatten Windsor and wife Meghan Markle.

Coming to the data leak, the breach is a wake up call to the entire world on how hackers could invade into the personal lives of celebrities without their knowledge to create havoc thereafter.

Cybersecurity Insiders has learnt that the stolen photos were related to the wedding photographer Alexi Lubomiriski, hired to digitally capture the wedding of the Duke with Meghan in May’18. Around 200 photos related to the Prince’s wedding were stolen by a computer programmer based in Russia out of which many were ‘outtakes’ meant to be directed to the computer trash can.

The biography specifies that the memorabilia were siphoned from a cloud account owned by the marriage photographer and includes pictures taken by Harry and Meghan along with the Queen at the wedding.

A photo sharing website named Tumblr is seen displaying a few of the stolen pictures possibly leaked by the hacker. 

An inquiry into the data breach and leakage of wedding photos was launched by the law enforcement in Britain after it received an official complaint from the authorities at the Queens palace.

Note- In June 2019, hackers somehow managed to infiltrate the personal computer of the New York based fashion photographer Alexi Lubomirski well- known in the fashion community of London for digitally capturing the lives of Scarlett Johnson, Jennifer Lopez, Britney Spears, Natalie Portman on many ocassions/events.

Source: https://www.cybersecurity-insiders.com/russian-hackers-steal-prince-harry-and-meghan-markle-photos-via-cyber-attack/?utm_source=rss&utm_medium=rss&utm_campaign=russian-hackers-steal-prince-harry-and-meghan-markle-photos-via-cyber-attack

Continue Reading

Cyber Security

Texas School District experiences DDoS Cyber Attack

Avatar

Published

on

On the very first day of virtual learning, a Texas school district has made it official that it became a victim of a cyber attack that disrupted virtual classes for 48 minutes. However, the good news is that the IT staff of the school district was swift enough to thwart the Denial of service cyber attack, neutralizing its repercussions to full extent.

The school district that is in discussion is based on the City of Humble, Texas, United States and is known as ‘The Humble Independent School District (Humble ISD) ’.

Liz Celania- Fagan, the Superintendent of Humble ISD, has confirmed the incident via twitter and informed the world that the virtual classes that were impacted by the cyber incident were back online after a break of nearly an hour.

Liz mentioned in her statement that all those students who were logged into the classes via their student Gmail accounts might not be able to log into their student email accounts until the incident is technically resolved.

Note- A denial of service attack aka distributed denial of service attack is launched through botnets that aim to shut down a computer network by bombarding it with fake web traffic.

Meanwhile, The Federal Bureau of Investigation (FBI) has issued a nationwide alert that all school districts that are planning for virtual classes for this academic year should take adequate Cybersecurity measures as there is a high possibility that their servers might be targeted by ransomware.

“As many of the K-12 schools are planning virtual classes from September, it makes them vulnerable to cyber attacks such as ransomware”, says Corey Harris, a special agent of FBI.

There is a good chance that hacking groups might be after social security numbers and other faculty or staff info added Harris.

Hope, the CIOs or CTOs of school districts have taken a note of the ransomware alert issued by FBI targeting K-12 schools.

Source: https://www.cybersecurity-insiders.com/texas-school-district-experiences-ddos-cyber-attack/?utm_source=rss&utm_medium=rss&utm_campaign=texas-school-district-experiences-ddos-cyber-attack

Continue Reading

Cyber Security

Digital signatures security explained

Avatar

Published

on

[ This article was originally published here ]

This blog was written by an independent guest blogger.
Digital signatures have been around for decades, but recent events have put them back in the spotlight. They were heralded as the future of cybersecurity as far back as 1999, but in the intervening years came to be somewhat taken for granted by security engineers. Not any longer: the massive move to home working precipitated by the Covid-19 pandemic have forced many to take a fresh look at the security value of digital signatures, why they matter, and their relationship to encryption.
We thought we’d do the same. In this article, we’ll give you a refresher course on how digital signatures work, why they are important for security, and what the future holds.
How do digital signatures work?
Digital signatures, at the most fundamental level, are mathematical algorithms used to validate the authenticity and integrity of an electronic message….

Bernard Brode Posted by:

Bernard Brode

      

Avatar

Source: https://www.cybersecurity-insiders.com/digital-signatures-security-explained/?utm_source=rss&utm_medium=rss&utm_campaign=digital-signatures-security-explained

Continue Reading
Blockchain3 hours ago

The Nebulas blockchain project releases plans for a massive DeFi ecosystem!

Blockchain4 hours ago

Bitcoin, Ethereum lose August’s first round to small-caps

AR/VR5 hours ago

‘Hitman III’ VR Clip Confirms PS Move Support, Reveals Impressive Level of Detail

AR/VR5 hours ago

Psychic VR Lab Opens Applications for NEWVIEW Awards 2020

Blockchain6 hours ago

Bitcoin Cash, Tron, Synthetix Price Analysis: 13 August

Publications6 hours ago

IEA sees lower oil demand in 2020, 2021 on upsurge of coronavirus cases and stalling mobility

Publications7 hours ago

Coronavirus live updates: China says chicken imported from Brazil tests positive for virus; relief talks at a standstill

Publications7 hours ago

What a touch-free airplane bathroom is going to look like

AR/VR7 hours ago

‘Vox Machinae’ Quietly Added New Mechs, Weapons, & Co-op in Updates, Studio Has “Ambitious plans” for the Future

Cannabis8 hours ago

Can comedy normalize cannabis use?

Blockchain8 hours ago

Gold’s Sharp Rebound After Rout Hints Bitcoin En Route to $12K

Publications8 hours ago

Pompeo says Trump’s executive orders are ‘broader’ than just TikTok and WeChat, hinting at more action

Blockchain8 hours ago

Down to the Wire: Yam Finance Saved at the Last Minute

Blockchain8 hours ago

Boom! Kraken Predicts Imminent Bitcoin Price Rally of Up to 200%

Blockchain9 hours ago

Global P2P Bitcoin Trading Volume at Highest Point Since Jan. 2018

Blockchain10 hours ago

Tron’s BitTorrent Network Reaches 2 Billion Downloads

Publications10 hours ago

Stock futures edge lower after S&P 500 closes just under a record

Blockchain11 hours ago

CoinList Exchange Struggles, but NEAR Disaster Averted

Publications11 hours ago

3 charts show China is far from meeting its ‘phase one’ trade commitment to the U.S.

Blockchain11 hours ago

Five Hours to Failure: The ‘Save Yam’ Proposal Is Falling Short

Publications13 hours ago

Latin America will see ‘record-breaking contraction’ as the coronavirus shatters their economies, Goldman says

Blockchain13 hours ago

Analyst Who Called Bitcoin’s Tuesday Low Expects a Move to $13,000

Publications13 hours ago

Depression-like collapse is sparking a wartime-type boom, market bull Jim Paulsen predicts

Publications14 hours ago

Kamala Harris blames Trump for severity of U.S. coronavirus outbreak: He failed to take it ‘seriously from the start’

Automotive14 hours ago

2021 Hyundai Elantra N Line picks up where Elantra Sport, GT N Line leave off

Cannabis15 hours ago

New Jersey Medical Cannabis Patients Can Now Use Telehealth

Publications15 hours ago

Accuracy of U.S. coronavirus data thrown into question as decline in testing skews drop in new cases

Blockchain15 hours ago

Bitcoin Could Retrace to $9,000 if it Breaks Below This One Key Level

AI15 hours ago

Amazon Textract now available in Asia Pacific (Mumbai) and EU (Frankfurt) Regions 

Publications15 hours ago

Walt Disney World actors to return to work after company offers coronavirus tests

Publications16 hours ago

Uber CEO says its service will probably shut down temporarily in California if it’s forced to classify drivers as employees

Blockchain16 hours ago

Litecoin, VeChain, Algorand Price Analysis: 12 August

Cannabis16 hours ago

Can Marijuana Really Cause A Person To Become Aggressive?

Publications17 hours ago

Stocks making the biggest moves after hours: Lyft, Cisco, Vroom & more

Automotive17 hours ago

Meet Tucson, a stray dog who became Prime Hyundai’s newest car consultant

Cannabis17 hours ago

Trump And GOP Already Attacking Kamala Harris Over Marijuana Record

Publications17 hours ago

Cisco falls on disappointing quarterly guidance as revenue continues to drop

Publications17 hours ago

Lyft may suspend service in California if court requires it to classify drivers as employees

Blockchain17 hours ago

Is Chainlink riding the DeFi bubble?

Cannabis17 hours ago

$61M Worth of Drugs Discovered in Shipping Containers Filled With Cacti, Limes

Trending