Five key trends in cybercrime

The Government’s Cyber Security Breaches Survey 2019 reported that a third of British businesses had suffered a cybersecurity breach or attack in the last year.

But how are crooks’ tactics changing and how can firms defend themselves against the danger?

We recruited a selection of the UK’s leading cybersecurity experts to understand the key trends driving cybercrime in 2020 and the steps businesses can take to ensure they stay safe.

1. Off-the-shelf cybercrime 

Today’s hackers don’t need any advanced computer knowledge, explains Alex Bransome, CISO at cloud security experts Doherty Associates.

“The scariest thing right now is the number of malicious tools and services that are available to buy cheaply on the Dark Net,” he said.

“It means criminal groups can buy ransomware-as-a-service and phishing-as-a-service platforms completely anonymously.

“Anyone can use them without any technical know-how. Some even have a support desk you can call if you need help!”

Andrew Linn, a test and exercise principal consultant at information security specialists SRM, says that the cybercrime industry has matured, with a supply chain of crooks, each focused on exploiting a particular niche.

He said: “You have experts who will create a hacking tool and make their money by selling it on or licensing it to other criminals.

“Someone else will take that tool and use it to gain access to networks. They can then sell the details of websites they have compromised.

“The buyer might use that information to steal credit card data that they then sell to someone else who will take the money from those accounts.”

2. Big game hunting

While in the past ransomware attacks – like the WannaCry attack on the NHS – focused on infecting as many machines as possible and demanding relatively small amounts of cash to unlock them, they are now becoming more targeted and costly.

Crooks seek out organisations with particularly valuable data or those where any downtime can be especially damaging, so they can demand higher ransoms.

Alex Bransome said: “The evolving trend known as ‘big game hunting’ used by e-crime groups involves them intentionally gaining malicious access to a large number of an organisation’s systems, then unleashing ransomware across all of them simultaneously.

“This tactic can incapacitate the organisation’s ability to function and often leads to them paying a huge ransom demand, increasingly in the tens of thousands, to bulk release their systems and data so they can function again.” 

3. Insider threat

Peter Bradley, CEO of secure information management specialist Torsion Information Security, says that, while the threat from external hackers shouldn’t be understated, a key risk to the average SME comes from its own staff, not external hackers.

Peter said: “At least 50% of cyber risk comes from inside the company, not outside.

“If someone has access to sensitive information that they shouldn’t, one day they might spot an opportunity to exploit that.

“For example, we worked with a business where a configuration mistake meant access to a spreadsheet containing all colleagues’ salaries was accidentally shared with a few extra people.

“Somebody downloaded a copy and used it to try and extort a pay rise out of the business.

“Ultimately, the spreadsheet got out and it cost the company hundreds of thousands of pounds in pay rises to keep people from resigning.”

Encryption can be a solution, but access permissions should also be regularly reviewed. There are also tools, like Torsion, that provide clear visibility of who has access to what and where risk lies.

4. Juice jacking

Mobile technology means that more and more people are working remotely and on-the-go.

As a result, a network of free charging stations has sprung up, often in handy locations like train stations, airports and motorway service stations.

If your phone, tablet or laptop is running out of power, a facility like this might seem the answer to your prayers, but Will Shilson, VP client technology strategy at data privacy specialist Calligo, warns that they are already being exploited by cybercrooks.

He said: “One of the newer tactics that hackers are using more often is ‘juice jacking’.

“This is where a public USB-based mobile device charging port is corrupted to install malware onto the device or covertly copy sensitive data off it.

“It works very much the same way that ATMs are tampered with.

“Some sophisticated versions can even install recording software that mirrors the screens of devices while they are plugged in.”

Will’s advice is to distribute portable power packs for remote workers rather than letting them use public charging points.

5. Living off the Land 

Alex Bransome says that modern cybercrooks are happy to bide their time in anticipation of a bigger payoff, where in the past they may have focused on quick hits from opportunist attacks on firms with easy-to-exploit weaknesses. 

He said: ”One of the latest tactics we see attributed to more advanced, motivated and persistent groups is known as ‘living off the land’.

“This involves an attacker making a conscious effort to remain under the radar after gaining access to your systems, keeping a low profile until they find what they are looking for to achieve their aims. 

“Living off the land more specifically involves attackers using the same tools and behaviours that everyday users and IT administrators use within the environment.

“This enables them to blend into everyday activities and makes it extremely difficult to detect their presence.

“They cleverly take advantage of common weaknesses found in many organisations, specifically around a lack of network segmentation.”

Read our e-book The Print Security Blind Spot, where leading lights in the UK cybersecurity industry give their insight into how organisations can protect themselves from attacks on their printers and networks.