26 February 2016
3 min read
Some cybercriminals are smash-and-grab merchants (albeit with keyboard and mouse rather than balaclava and baseball bat). Others may be involved in a more lucrative long-term deception, akin to white-collar crime but carried out from a foreign basement instead of an executive boardroom.
Law enforcement and IT experts now analyse cyber-attacks in an attempt to make sense of what can seem in real-time simulations like an almost continuous global bombardment.
According to online payments company Jumio, which has an obvious vested interest in the subject, hackers are usually between 29 and 49 and male. They come from across the globe, but nearly half of all cyber-attacks are from the Asia-Pacific region, and specifically China and Indonesia.
And contrary to the image of the obsessive loner, most cybercriminals and hackers work in groups, half of which have six members or more, Jumio claims.
That’s because cybercrime is an increasingly sophisticated undertaking, often involving SME-sized organisations that mimic the structure of the businesses they aim to defraud, complete with hierarchies of executives, middle managers and workers.
They are supported by a network of suppliers and resources, from freelance hackers to underground malware marketplaces. The servers that store their illegal code are usually located abroad, often in Russia or China.
Digging down further, the profile of many cybercriminals will be familiar. There are the hacktivists, who use hacking skills to deface or debilitate the websites of companies they accuse of political, moral or environmental misdeeds. Hacktivist groups include the famous Anonymous collective.
The recent revelation of member details from the Ashley Madison adultery site, exposed by a group calling itself the Impact Team, is evidence enough of the damage an ethically motivated hacker can inflict.
Nevertheless, for most SMEs, hacktivists are not a major threat. Cybercriminals, driven by more prosaic motives such as greed, most certainly are.
According to Corey Nachreiner, director of security strategy at cybersecurity company WatchGuard, a cybercriminal can be a lone wolf or, more worryingly, a member of an organised criminal gang, which may have connections to traditional organised crime and access to its networks and finance.
The sheer scale of organised cybercrime was shown earlier this year when hackers stole an estimated $1bn from more than 100 banks.
Security firm Kaspersky, which uncovered the attack, said the criminals – who were Russian, Ukrainian, Chinese and European – had used sophisticated spying software to observe and then mimic the behaviour of bank staff, using the knowledge to deposit cash in accounts they had set up for the crime.
The malware “allowed them to see and record everything that happened on the screens of staff who serviced the cash-transfer systems", Kaspersky said. "In this way the fraudsters got to know every last detail of the bank clerks' work and were able to mimic staff activity in order to transfer money and cash out.”
This was a highly sophisticated attack against well-defended networks, and shows just what determined cybercriminals can achieve.
SMEs are not so attractive in terms of the rewards on offer, but often represent soft targets for smaller criminal groups or hackers trying out new methods of attack.
The extent of the risk was recently revealed in research by Towergate insurance, which found that custom malware for hackers is available from as little as £7. In other words, anyone with a modicum of technical know-how is potentially in a position to launch an attack on your company, and the report also found that SMEs were woefully unprepared for that reality.
Almost a quarter of the SMEs questioned admitted to having no plan for responding to cyber-attack, and the same number complained that cyber security was too expensive to implement.
On the contrary, the new profile of a cyberscammer – technically savvy, almost immune to prosecution and part of a group with access to cheap, increasing sophisticated malware – shows that cybersecurity could prove the best business investment of all.