Cybercrime has evolved from small-time criminals (who are still active and profiting) to massive organizations with many hackers—becoming big business. Fayyaz Rajpari, our Executive Services Director, discusses this evolution with Ron Darnall, our senior director of threat intelligence, and Ken Dunham, our senior technical director of Security Operations, in our latest podcast, "Cyber criminals are a Fortune 10 company, what?!"
Here is just part of what you’ll hear about. Listen to our podcast Episode 2: Cyber Criminals Are a Fortune 10 Company for the full interview.
Question 1:
Fayyaz: So, if we look at the bigger picture of the victim landscape and really all the organizations are out there, you know, I think of this as two different networks, right? We've got the good guys, and we obviously have the bad guys as well. If you look at both teams, is it a fair match? Do we have enough on both sides? What are your thoughts?
Ken: Well, when I grew up, the threat landscape was a lot different than what it is today. So, it's a great question: is what's happening fair? Has it increased? And part of what I'm thinking, from a perspective standpoint, is that the internet and that interconnectivity that came about in the mid-90s is really a game changer. Because now, we're not dealing with localized threats, local criminals, the people you would know in your small town, USA, or your small town in Europe or wherever you live. Now, anybody can attack anywhere at any time. For example, when Voice Over IP was being abused for phishing, the term vishing was coined. What happened was that an individual in Romania was attacked using vishing techniques. Different places around the world every day. One time, I saw him doing an attack against a place in Idaho, and the next day, it was Canada; the next day, it was Australia.
Then that's a game changer because now we have a small-time criminal who can conduct a global-scale attack and get away with it with complete anonymization.
Fayyaz: So, yeah, and going back to what you just said, small-time criminal, right? I think of this as being larger as well. So, we're not just dealing with the... and I think that was a point in time where we were dealing with the small-time criminals, but at this point, I mean, as you said, we are dealing with, you know, thousands and many times they have their own networks. Just like an organization or any company has its own defending network, they've got its own opposing networks that are after something or someone. Would you agree, and can you comment?
Ken: Yeah, absolutely. And that's a very good point. Some people are now aware of what is known as the Russian Business Network, or RBN, which is a group that we targeted in St. Petersburg and Moscow and others a long time ago, and now it's a little bit more public knowledge. But everybody talks about Russians generically, like the Russians are doing it or the Chinese because of their power and their maturity. But, the answer is that they were making large-scale multimillion-dollar fraud attacks that were highly successful, especially against the banking industry at the turn of the century. Much longer, and before everybody else had public knowledge of this, that's what was happening. It takes a while for things that are happening to eventually bubble to the surface for people to know and to believe and then to understand the full scope, not unlike, say, dwell time in an incident. And then all of a sudden, you realize, holy cow! This has been going on for a long time.
So, the Russians have been doing this for a long time, and they're very successful, as are a large number of other entities out there in the world because this is a place they can cash in and make money, and they're very, very mature.
Ron: Yeah, and Ken, in addition to that, you really needed to spell the myth that hackers are twelve-year-olds working out of their parents' basement, right? While that entity may still exist, they're not as organized, and they're not as sophisticated as what you've just described.
Ken: That's actually a really good point. That reminds me of Jeffrey Lee Parsons, who was arrested by the FBI. He was in his parents' basement, and he was arrested because he had hosted a threat related to it. It was Blaster B or one of the variants there back in the year of the worm, 2003-2004. And the FBI didn't think it was him because it was registered in his name, hosted on his computer, and right there in their parents' basement. But he had just downloaded something off a Chinese website, I believe it was, and hosted it, and ran it, and then ended up being the poster child for Don't Do Bad Things at Home. But, you know, now what we have are very sophisticated threats. I've seen literally new Zero Day threats against entities being launched every single day or two, each one new and different. And that's a very sophisticated, expensive, complex infrastructure. Attacks that took hundreds of thousands of dollars to put into place from an infrastructure perspective when they're highly focused and targeted against critical assets.
The original article can be found here.
コメント