Parallel dark economy provides easy on-ramp for would-be cybercriminals
March 2020 by Blueliv
The cybercriminal industry is evolving, with a growing shadow economy that trades goods and services in much the same way as the legitimate cybersecurity sector. Blueliv, Europe’s threat intelligence provider, publishes its new report and the first in a series analyzing this evolution: DARK COMMERCE: Exploring the cybercrime industry and its business models: Part I.
This growing service economy has tools for hire, service providers, channels and end users. Cybercriminals of different levels of experience can acquire the necessary tools to launch a malicious campaign designed to attack business, governments and individuals. Particularly remarkable is the commitment of cybercriminals to adjust business practices to meet the needs of their customers, just like organizations in the cybersecurity industry. These topics are covered in detail in the report.
Understanding how attackers use these tools and services helps organizations prepare defenses and protect their assets by:
1. Analyzing trends and patterns across different services: learning about how the cybercriminal ecosystem operates helps identify potential vulnerabilities and apply cyber-hygiene best practices and education programs
2. Building complete threat actor profiles: understanding the interrelations between threat actors enables organizations to put in place effective defensive measures, appropriate to their business size
3. Assigning priorities and accelerating decision-making: attacks can be stopped in their tracks and their impact mitigated with relevant, targeted, actionable threat intelligence
Daniel Solís, CEO & Founder, Blueliv, commented, “The cybercriminal ecosystem is rapidly modernizing and developing – its own industrial revolution. The process has been so profound and far-reaching that cybercrime can legitimately be called an industry in its own right. And just like our industry, collaboration is key and centered around knowledge exchange and enriching services. The reference document we’ve produced contains enriched intelligence for CISOs and threat analysts alike to help them fight cybercrime.”
As the cybercriminal ecosystem matures, most sectors continue to struggle with a cybersecurity skills shortage, along with managing the sheer volume of threats and alerts.
Solís continued, “Intelligence gathering goes far beyond feeds. It means putting the information into context. Intel in this report can be found in Blueliv’s Threat Context module: it offers a comprehensive collection of threat actor profiles, linked to relevant IOCs, fresh campaigns, weaponized tools and exploits, and their behavior mapped to MITRE ATT&CK techniques. Threat Context helps MSSPs and MDRs as well as CISOs and threat hunters do their jobs, and do them well.”
Blueliv’s report is a reference whitepaper for the cybersecurity industry. DARK COMMERCE: PART I is divided into sections that provide detail on: how cybercriminals acquire malicious code; what modifications can be made to improve it using packers/crypters and obfuscators; how to test its effectiveness using no-distribute antivirus scanners. It concludes with a section dedicated to how companies of all sizes can combat this illicit industry.