Name an industry at the top of its game: one that attracts young talent, is well-attuned to social issues like politics and health, and seizes trends like the subscription model, mobile banking and cryptocurrency. Maybe you’re thinking of marketing, digital banking, IT, or simply a super modern tech startup that knows exactly how to use data to achieve its goals. There’s just one problem. A huge number of these organisations are operating under the radar, using your bank statements, your health records, and your personal details for their own gain in the world of cybercrime, says Keiron Holyome, VP EMEA at BlackBerry.
Forget the stock market; cybercrime is the tech industry we should really have on our radars if we want to protect our precious data.
Without wishing to glamourise those who jeopardise national security and hold infrastructure to ransom, it cannot be denied that cybercrime is an ultramodern industry – just like fintech, or superfast delivery apps. Any exploration of the vast range of new attack techniques and their advanced capabilities points to an underground industry that’s growing exponentially in size and sophistication.
Like many disruptive industries, it’s home to some of the most intelligent technologists on the planet, who strike time and time again. A case in point: the group behind the huge SolarWinds attack is still at large and now targeting NGOs. In a world full of connected endpoint technologies, both modern tech companies and cybercriminals have the necessary tools and abilities to further their cause. These two industries are growing side by side, thanks to their shared obsession with the value of data.
Which modern technologies are being deployed against us?
The ability of cybercriminals to leverage the latest consumer trends and understand innovative technologies sees them leverage familiar techniques in corrupt ways. BlackBerry researchers took a closer look – and their worrying findings prove that organisations need to be investing in more powerful defences than ever to stop the dark side of the tech boom.
Social media
Businesses know the power of social media, and so does the BAHAMUT threat group. With targets including NGOs, government leaders and industry figures in India, the Emirates and Saudi Arabia, BAHAMUT’s understanding of targets and attention to detail goes above and beyond many similar groups. This is possible through techniques including manipulating victims via social media, fake news sites and personas of real news anchors. It even uses ‘fake’ apps, which can be readily found on the Android and Google Play stores, to lure victims.
These shiny facades give nothing away through dodgy-looking links or suspicious lines of code. By earning the trust of those who visit their fake sites, the group lines victims up for phishing and threatening personal email messages which include shocking demonstrations of how well they know their victims’ lives. And, like any modern, influential company, it is highly adaptable, quickly changing tactics to correct mistakes which allows them to continue hiding in plain sight.
Next-generation ransomware
Services are sweeping the business scene, as organisations package together their expertise and products to offer easy solutions to those without their own time or resources to complete a task. Ransomware-as-a-service is exactly the same, and it’s already being used as a threat in cases such as Mountlocker. Attack vectors can be loaded up with new capabilities and sold to those wishing to carry out attacks. Worryingly, this diversifies the pool of those with the capability to attack, making ransomware available to all.
Moreover, the way ransomware attackers operate is modernising to capitalise upon fear. No longer are attackers seeking a quick payment in return for the restoration of systems: they know that reputation is worth far more. One particularly worrying example is the Vastaamo ransomware attack in October 2020. Cyber attackers held therapy records to ransom, threatening to reveal individual patients’ private conversations unless they were paid in Bitcoin. These modern attack techniques aren’t just taking a toll on business – they’re jeopardising long-term mental health.
Weaponised deepfakes
The future of communication is video and audio-based, according to many reports. Techniques used by threat actors are no different. One of the first cases of deepfake weaponisation in the workplace was discovered in 2020, when a senior official was tricked into transferring money after receiving a call from a fraudster impersonating the CEO’s voice using deepfakes. Remote connectivity during the pandemic has seen such techniques boom in popularity, while GIFs, photoshops and face swaps continue to plague the general public.
While the majority of cyber-attacks continue to involve ransomware, hacking, and phishing (the latter now complete with psychological tricks based on the pandemic to compel the reader to open the message), threat actors may look towards increasing the weaponisation of deepfakes, as video conferencing and remote connectivity become more widely used in the new world of work.
If attack techniques are so advanced, how can we hope to prevent them?
It’s clear from the technologies being deployed that cybercrime is a professional industry, with deep knowledge of today’s latest technologies, and a marketplace for selling malware to anyone who wants it. It will only continue to become more powerful as technology develops globally. The only way to stop advanced technologies is to fight fire with fire: deploying the latest cybersecurity innovations and continually adapting them to tackle new threats.
Prevention is far better than a cure, so robust perimeter defences should be every company’s first port of call. To provide expert back-up for hardworking but chronically understaffed cybersecurity teams, artificial intelligence (AI) is the solution that evolves quickly, responds faster, and never gets tired of fighting against threats. Leveraging AI, machine learning and automation, today’s intelligent technologies are capable of making the superfast, smart decisions required to manage the huge year-on-year increase in cyber-attack volume and sophistication.
Cybersecurity teams and their intelligent technology counterparts must work seamlessly together to provide the highest level of security and management, leaving no chinks in the armour of organisations. Through the ability to analyse and define risks, make decisions based on big data, and dynamically apply a set of Zero Trust policy controls, together they will ensure that the modern malware techniques deployed by cybercriminals have truly met their match.
