Fighting rising cybercrime rates

Guest Blog: Val Gabriel from HP Ireland

Irish SMEs paying twice the EU average rate in ransoms against cyberattacks, Val Gabriel of HP Ireland has some tips for resisting attacks

Over the past decade, digital transformation has supercharged both sides of the attack-defense divide, exposing corporate networks and enabling threat actors to do their best when it comes to cybercrime. Locally, a study commissioned by the European Commission shows that 32% of SMEs in the Republic have reported some type of illegal online activity affecting their business since 2021.

These cases are driven by a highly professionalized cyber threat supply chain that enables threat actors with little know-how and limited resources to jeopardize personal, economic and national security.

The bad news is that cybercrime innovation hasn’t stopped. According to “The Evolution of Cybercrime: Why the Dark Web is Supercharging the Threat Landscape and How to Fight Back – a HP Wolf Security Report”, in the future we may see emerging technologies such as AI and quantum computing be misused to line the pockets of criminal groups and even other nation-state goals.

A European Commission study also found that 12% of Irish SMEs victimized by cybercrime said they had paid a ransom, double the EU average. It also found that Irish SMBs had above-average levels of incidents with ransomware, with 8% reporting such cases. This is also double the EU average.

The key to resilience will be mastering the basics of security, planning for the worst, and encouraging collaboration across industries.

Reality

Criminals have always been among the first to take advantage of new technologies, and the Internet has been no exception. Today’s cybercrime economy is characterized by complex supply chains made up of individuals with highly specialized skills. Network access, control, and persistence are valued above all else, whether through credentials or exploiting vulnerabilities. Supply for both has exploded, lowering prices and barriers to entry.

As part of the report, HP Wolf Security commissioned a three-month analysis of underground marketplaces and forums, revealing that compromised Remote Desktop Protocol (RDP) credentials sell for an average of just under $5 each, and more than three-quarters of adverts listed malware listings are under $10, and almost all (91%) exploit listings are under $10.

Value-added services deployed by malware vendors make launching attacks even easier for those with low technical skills. They tout one-on-one mentoring, exemplary customer support, and discounted malware hosting through ironclad hosting providers. HP Wolf Security’s Cybercrime Report concludes that only 2-3% of salespeople are actually coders, reducing cybercrime to a series of repeatable procedural steps that hackers can follow over and over again to earn money. silver.

In this new world, trust and reputation are paramount. Vendor feedback scores are ubiquitous, of course, and most sites offer dispute resolutions and escrow payments. But we’ve also observed that 77% of criminal marketplaces now require a “vendor guarantee” or sales license, which can cost threat actors thousands.

Irish SMEs paying twice the EU average rate in ransoms against cyberattacks, Val Gabriel of HP Ireland has some tips for resisting attacks

Scanning the horizon

Looking to the future, where could the next explosive threat come from? The short answer is that we will likely see a continuation of the collaboration, specialization and professionalization seen to date.

Hackers will continue to exploit expanding enterprise attack surfaces, perhaps upping the ante with extortion attacks timed to create the most disruption.

As always, they will be the first to use emerging technologies. Quantum computing could be deployed to boost decryption efforts. A blockchain-based decentralized internet could also open up new opportunities to build reputation systems that support the cybercrime economy, which may be harder for authorities to root out.

AI could also be used to automate target selection from a victim’s address book and create highly convincing spear phishing attacks based on previous communications, helping to improve ROI.

Resilience, best practices and collaboration

We all need to do more to tackle the growing cases of cybercrime in Ireland. For individuals, this means becoming more aware of cyberspace. Organizations need to focus on mastering the basics, planning for resilience, and collaborating to reduce risk.

By “mastering the basics” we mean following best practices such as multi-factor authentication, IT asset discovery and management, vulnerability management, and controls to restrict what can be installed on machines. But it also includes prioritizing self-healing hardware to build resilience in the event of a breach. Additionally, organizations need to shut down common attack paths, such as those delivered via email and the web, that could be neutralized by techniques such as threat containment and isolation.

Next is resilience – achievable by having the people, processes and technology in place to detect, prevent and recover from any attack before it becomes serious. This means planning for the worst-case scenario, putting processes in place to limit supply chain and insider risks, and practicing incident response repeatedly.

Finally, remember that safety is a team sport. Collaborate with peers, invest in third-party security assessments and penetration testing, and collect and share threat intelligence with industry peers – to see what’s happening now and what might be around the corner. street.

Today’s underground cybercrime is no different from running a factory. It is characterized by a high degree of specialization, with criminal work being subdivided into niche roles, while other tasks have been distilled into repeatable, near-automated workflows. It is also undeniably industrial in scale and impact.

Understanding these dynamics is the first step on the path to greater resilience in the face of a formidable adversary. The bad guys can be the first to take advantage of new technologies. But with a better understanding, defenders can develop effective strategies to mitigate the impact of cybercrime.

  • Val Gabriel was appointed Managing Director of HP Ireland in May this year

Comments are closed.