Fighting the rise of cybercrime in the parallel digital pandemic
By Andrew Vasko, Managing Director, IScann Group
The oft-touted silver lining of the ongoing COVID-19 pandemic is that it has accelerated large-scale digital transformation. As travel and in-person meetings continue to be limited for health security, digitization has become essential for governments to keep the economy moving and ensure citizens and businesses are well taken care of.
Nationally, the pandemic has shown us that digitization can improve access to key services such as education and healthcare for the general public, while enabling businesses to operate and improve their efficiency and effectiveness. productivity. However, the darker side of increased digitization is that it has also given rise to a new wave of cybercrime focused on employees working from seemingly “secure” locations responding to an onslaught of potentially dangerous links.
Today, more data is moved to the online space than ever before. This makes it more difficult to track cybercrime, as it can arise from anywhere in the world, especially since many organizations – whether government or private sector – do not necessarily have in place. the appropriate security safeguards and protocols. One of the fundamental first steps in solving such a multi-layered and ever-changing problem is to first understand the typical process of how cybercrime occurs.
How the threat arises
Simply put, cybercrime can be divided into two phases: recognition and attack.
The first phase is the Recognition stage, which is usually the longest stage of a cybercrime operation. Here, an opponent will seek to obtain as much information as possible from a target, and as stealthily as possible.
When data is directly accessible, this phase itself may be sufficient to achieve the purpose of data entry, with no further “attacks” required. More likely, the attacker will need to look for technical weaknesses that can be exploited to gain direct access and perform detailed searches of target agency staff to determine who has access to the required data. Skilled Open Source Intelligence Operators (OSINT) can discern this latter point entirely from open source means at no cost to build a staff portfolio to leverage.
The duration of a reconnaissance task is impossible to guess, being entirely dependent on the difficulty of finding the data. An opportunistic cybercriminal looking to implement a quick ransomware attack will spend very little time on such a task – maybe a few minutes – as there is a lot of fruit on hand for them and they care little about nature. of their targets. Conversely, the acquisition of national security secrets (whether in government hands or in the custody of contractors) can warrant months, or even years, of careful data collection. This is also sometimes facilitated by early intrusion and continuous monitoring.
The next phase, Attack, can take many forms, depending on the attacker’s goals. If the technical aspects of recognition reveal the cyber equivalent of a door with a fragile lock, then the operation may be short and simple. This makes the attack akin to a rapid break-in, which can be subtle or overt depending on the adversary’s appetite for risk, attribution and / or long-term access.
For example, in the context of penetration by defense companies, a high level of technical security can be assumed in most cases. Direct technical access is unlikely to provide an adversary with the secrets they seek without some form of subterfuge to facilitate the attack.
In this phase, it is the mapping of human networks that counts. This is mainly done by OSINT before a deception operation. No material is so protected that no one in the parent organization can access it. This even includes offline or “empty” hardware, as the 2010 Stuxnet attack on Iranian nuclear facilities highlighted.
Additionally, staff deception, known as “phishing” or “spear phishing,” in the case of highly targeted and personalized targeting, plays a role in almost all cyber attacks. No technical component may be required in the attack. With a good pretext, an attacker can trick a victim into sending a source document to someone they think is their manager or a colleague.
Organizations are more at risk than ever
The body of open source data available on organizations and their staff will not diminish. Instead, it will only grow exponentially over time, as the tools and know-how to access this data through open source means become more readily available. The increasing prevalence of cyber attacks every year is proof of this.
Whether the targets are government agencies or corporations, the process is the same. It also means that their mitigation possibilities are similar.
First, there must be a extension of defensive surveillance, which means proactively finding vulnerabilities in your own organization, in the open source sphere to help eliminate key data that attackers are looking for. This would use the exact same tools as an attacker and as illustrated in the OSINT National Security Threats, which we released in October 2020. The key is to be the first to find this data.
In addition, no specific technology is required. Indeed, a professional cell could meet the security needs of both their ministry and their business suppliers.
One thing to also keep in mind is that while awareness training helps to encourage the cleaning up of an individual’s personal footprint, it does not affect the data gleaned by the concept of ‘digital shadow’ from posts (direct or indirect) made by friends, family and associates of that individual. A professional defensive watch cell could and should take these steps at this extra level, prioritizing those personnel closest to the target’s intelligence focus, finding the information most likely to be exploited by an attacker. and, at a minimum, informing them of the individual. .
Finally, it should be noted that unpleasant results can indeed occur when the moving a person from an exploitable position is required. This puts them in an alternate role for security reasons.
The need to stay ahead
As our white paper succinctly puts it, “… the national security secrets of tomorrow are the intellectual property of today. This means that assets intended to be protected by many concentric layers of physical security, armed human security and technical security will at some point reside in the more conventionally defended offices of limited liability companies, which has pushed governments and businesses to target more of their employees and the data they own.
While a review of how organizations proactively protect their assets is underway, it is still far from where it needs to be. Like the ongoing pandemic, we are only beginning to understand the long-term effects of the new normal and the global shift in the way we work. This means that the way we use and protect our information is more vital than ever.
* Excerpts were taken from IScann group white paper entitled OSINT threats to national security published in October 2020. Please contact [email protected] to get a copy.
About the Author:
Andrew has over 30 years of experience in operational growth and has an established network in the Asia-Pacific region and the United States. Prior to founding IScann Group, Andrew was an information consultant and senior executive in various strategic roles for the Asia-Pacific region for Jane’s Information. Group, one of the world’s leading providers of defense, security, risk and open source intelligence. The company was acquired by IHS Markit (INFO), now SNP.
The views and opinions expressed herein are the views and opinions of the author and do not necessarily reflect those of Nasdaq, Inc.