POWERED BY
INTELLIGENT BRANDS // Enterprise Security
Distributed cybercrime
is a growing threat to
critical infrastructure
/////////////////////////////
Distributed cybercrime is becoming a growing problem
providing threat actors with dangerous tools to cause
chaos. So what can you do to protect yourself against
the threat of distributed cyberattacks? Skybox Security
tells Intelligent CIO it’s vital to be able to see your
network like an attacker would, allowing you to address
underlying vulnerabilities.
distributed cybercrime has evolved,
giving cybercriminals a more organised,
sophisticated way to wreak havoc and make
money. This business model is a way in which
cybercriminals attack many victims in the
same campaign. It is proving to be a costly,
and a lethal nuisance in the right situation.
What is distributed cybercrime and
why does it matter?
This commercialisation of cybercrime is due
to the lower barrier of entry, you don’t need
massive computational power for brute force
attacks or deep knowledge of cybersecurity
or cryptography to be effective. Sample
exploit code and easy-to-use tools are readily
available on the Dark Web, and have the
ability to generate a substantial revenue
stream with little skill or effort.
This has driven professional cybercriminals to
develop malware that runs on professional
platforms, uses pre-packaged distribution
services and leverages knowledge of
infection experts to attack the world. They
don’t know who their victims are, nor do
they care.
It’s the perfect, automated, money-making
machine for criminals, creating an ease of
use and ROI that is too good to pass up.
Ron Davidson,
CTO and VP of
R&D for Skybox
Security
R
ansomware is not new, but has
been a growing tool of choice of
the cybercrime community in the
last few years, capturing headlines for the
widespread and brazen way it is installed
and holds the victim’s data hostage. From
WannaCry to NotPetya and BadRabbit,
www.intelligentcio.com
and recent attacks on US-based Boeing
manufacturing plant and the City of Atlanta,
ransomware is showing its full might.
But little is being said about the business
model behind these types of attacks.
Ransomware and its larger family of
1. Attacks require less effort as they target
‘low-hanging fruit’ (i.e. individuals or
organisations with sub-par security)
2. Attack skill level is low compared to
techniques such as spear-phishing;
regular ol’ phishing is good enough for
weak targets
3. Highly coveted zero-day vulnerabilities are
no longer required for profitable attacks;
mainstream CVE vulnerabilities with
known exploits and existing patches will
do, as many victims don’t patch regularly
INTELLIGENTCIO
79