Tag: Cybercrime

Categories
Links Writing

The Effects of Reduced Trust Amongst Cybercriminals

A new article on Binding Hook, by Jason R.C. Nurse and William Lyne, provides an insightful assessment of how the ransomware ecosystem is evolving.

Specifically, they note that:

  • Centralized platforms are giving way to decentralized means of exchanging information (e.g. credentials now disclosed or distributed over Telegram and not a singular website or forum)
  • There is a wider, and more dispersed, group of threat actors with the effect of enabling more flexible organizational structures
  • Fragmentation around ransomware groups and operations is not translating into fragmentation of other criminal activities (e.g., social engineering or romance scams)
  • Takedowns of centralized platforms enabling Ransomware as a Service, along with exit scams, is resulting in operators avoiding locations that depend on social trust

It’s not stated but, also, as there is a more diverse set of ransomware operators — and especially if some are less ‘professional’ than others — this may make it more challenging to assess statements they make towards victims (e.g., pay us and this all goes away). It may also make it more challenging to assess or confirm whether operators will destroy or delete data upon payment. In effect, the reduction of trust in the ransomware ‘marketplace’ may have knock-on effects that affect the valuation of ransomware operations and ability to extract payments from victims.

Categories
Writing

Cybercrime, Advanced Persistent Threats, and Human-Centric Security

RUSI has published a compelling essay arguing that policy makers and threat intelligence groups should focus more time and attention towards the activities of cyber criminals.

Contemporary cyber criminals:

  • have many operational characteristics that parallel those of nation-state supported advanced persistent threats
  • are quickly innovating and developing new exploit processes and chains in reaction to market developments, and
  • have a real and significant impact on the lives of people around the world.

Moreover, criminals are increasingly targeting critical infrastructure, an activity-type which has characteristically been associated with nation-state supported organizations.

While it’s left unstated in the essay, Larson is also implicitly is calling for a focus on human-centric security practices. Such a focus would see policy makers and cyber practitioners work to more actively stymie the worst harms felt by individuals and communities affected by cyber operations or incidents. Such a focus might, also, see countries or organizations shift resources away from impeding nation-state supported threat actors and towards law enforcement agencies and cybersecurity bodies or, alternately, see national governments update operational guidance to prioritize targeting cyber criminals’ organizations or infrastructure using offensive cyber capacities.