I may not be old enough to remember a time when cybercriminals were not a credible threat to healthy networks, but I do remember a time when they weren’t as good at being bad as they are today. Several key developments have led to the increase in the depth and breadth of the world of cybercrime.
1. Money, Money, Money… MONEY
Make no mistake: cybercrime is a lucrative market. According to open source research, cybercrime is a $1.5 trillion market. It is a common joke among network defenders that we are in the wrong line of work. However, the fact of the matter is that the work of conducting, assisting and orchestrating malicious cyber operations pays well, and — unlike other criminal activity — can often be monetized in near complete anonymity. (Yes, I said near. Don’t @ me.)
2. Everyone who carries a connected device is a potential target
I am pretty sure my nephew has had a smartphone since he was, like, eight. Tribal groups in some of the most remote, isolated corners of the world still manage to have the latest iPhones. Certain African governments are equipping indigenous, nomadic tribes with GPS smartwatches to help track endangered animal movement. Each of these devices, phones, or watches is a computer with Internet access, and each of them is a potential target. They can be bricked with ransomware, loaded up with cryptominers, or compromised to be part of a botnet, and each of these operations can be monetized by cybercriminals.
3. Being a cybercriminal is easier than ever!
I would argue that there was a time when you had to be a true hacker to run a hacking operation, access a network, arrange for sale, and then launder the payment. In the current threat environment, more and more operations utilize tools to conduct a majority of the so-called heavy lifting when it comes to actual operations, not to mention the creation and implementation of cryptocurrency. Using readily available tools, individuals with no more computer experience than the average user can now conduct a successful cybercrime operation.
4. IoST (Internet of Stupid Things)
Speaking of things being connected to the Internet… everything is connected these days, and many of them are developed without any consideration for security. Medical devices, HVAC systems, vehicles, critical infrastructure assets, security systems, fire control systems, pet food dispensers, not to mention your friendly neighborhood robotic vacuum, are all potential infection vectors, which is to say nothing of the software and applications used to manage them. Hell, my coworkers just told me about an electronic coffee cup that has Bluetooth capability.
In a threat landscape that’s broader than ever, it’s easier than ever to be a cybercriminal, and we’re becoming more and more connected via the Internet. What’s more, amid all the low-level “noise” of unsophisticated cybercriminals exists an elite group highly capable malicious actors who can execute remarkably complex, highly lucrative operations. A growing trend is that of highly capable “hackers for hire” being recruited for organized crime operations, and — even more ominously—for the purpose of carrying out potentially malicious government-sponsored missions.
1. It wasn’t me
One of the more useful benefits of using cybercriminals as contractors is being able to deny any association with the operations, should the mission go awry. Nations concerned with cultivating a positive global image may employ skilled cybercriminals to carry out adversarial actions, while maintaining plausible deniability of any involvement in their illegal or unethical operations.
2. Outsourcing and crowdsourcing
An unpopular opinion is that some cybercriminals are more capable than a majority of nation state actors. In some cases, countries may come to rely on cybercriminal contractors to execute missions beyond the scope of their own capabilities. It makes sense, if you think about it: while government workers may suffer from mission burnout, boredom, or lack of up-to-date training, cybercriminals are constantly looking for an edge to better conduct successful operations. Additionally, cybercriminal contractors have the ability to outsource and crowdsource their work. Should a cybercriminal need access or a custom tool or some other resource, they are likely to find a solution faster than a government-run operation. Which brings us to…
3. Honor among thieves
Cybercriminals exist in a world where reputation is everything. Should a nation state representative reach out to a cybercriminal contractor with a reputation to uphold, that cybercriminal is motivated to do the work for the price, content and time agreed upon in order to protect their reputation. If a nation state reaches out to cybercriminals, it’s a pretty safe bet that the cybercriminals will deliver as promised.
4. Better hobby than most
If you happen to be a capable computer network specialist, chances are pretty good that your hobbies are in related fields. There is evidence to suggest that some individuals may log off their government computer, go home, log on to the dark market, and continue to do similar work. Familiarity with government missions makes for exceptionally well-informed cybercriminals.
5. Snitches get… jobs
The Russian government has been accused of having tacit tasking ability to the Russian cybercriminal world. However, they are not the only country that may or may not arrest cybercriminals, only to turn them loose with a government-backed mission. From the nation states’ point of view, there’s something to be said for having direct access to criminal networks.
6. Vengeance is sweet, and the Internet is everywhere
According to Internet World Stats, 55% of the global population has access to the Internet, which shakes out to roughly 4.2 billion users. The rise of global connectivity via mobile devices has made the exchange of data — both for good causes and nefarious purposes — a growth industry. As the Iranian contractors’ hack demonstrated in 2013, distributed-denial-of-service (DoS) operations can significantly disrupt U.S. networks. Politically motivated cybercriminals can harness these resources to conduct all sorts of disruptive operations.
To cite a popular maritime analogy, nation state actors are like large ships that can’t easily adjust their course or adapt to changes in their surroundings; cybercriminals, on the other hand, are like small boats — agile and adaptive but lacking the resources to be the “heavy hitters” in active engagements. By combining government resources with cybercriminal capabilities, nation state actors can gain a significant advantage in the new cyber threat landscape.
So while the latest round of cyberattacks may very well be the work of that hacker in the basement, it may also have been financed by a foreign government.