Recently, Cybersixgill held Re:con21 – an invite-only, half-day virtual event bringing together a group of experts and thought leaders in the fields of cybersecurity and cyber threat intelligence. The “future of cyber workshops” had Cybersecurity and information technology leaders discuss various aspects of the future of cybercrime - and how to prevent or defend against it. Here’s what you need to know:
Cybercrime is a business - and it evolves as a business. It is becoming more organized, some script kiddies grew up and put on the power suits: Threat actors and groups adopt and adapt traditional business structures, methodologies, strategies, and tactics. Actors see themselves as businessmen, groups - as startups. They adopt the Modus Operandi of legitimate organizations - deploy marketing campaigns, create revenue-sharing models, and keep reinventing new ways to monetize mayhem. This is not surprising considering the size of this industry - or more accurately: economy. According to Cybersecurity ventures’ report, the cybercrime damages are expected to rise to $6 trillion annually by 2021 - this means two things:
If we look at cybercrime as an economy, it would be the 3rd largest economy in the world, right after the US and China.
Cybercrime is now more profitable than the global trade of all major illegal drugs combined
Throw in new monetization channels (e.g. affiliates model for ransomware-as-a-service), constant rebranding, regrouping, restructuring, and, of course, cryptocurrencies - god’s gift to cyber criminals, and you start to realize that cybercrime is on an upward trajectory.
The relationships between actors, nation-state, and freelancers become even more blurry. With ransomware groups being backed by nation-states, and affiliate recruitment campaigns for ransomware-as-a-service, there’s a whole slew of different motivations, interests, and agendas that can power up some seriously disturbing scenarios.
This makes threat intel maybe the most important source for proactive action. Getting intelligence that is customized to your industry and to your company is of utmost importance. The fact is, that most of today’s threat intelligence is commoditized. Most consumers (CISOs, analysts, cybersecurity teams) feel that it is mostly some generic information relating to certain IOCs masked as personalized or customized. There is a dire need for the relevancy of the highest degree. The intelligence you’re consuming must be relevant to your industry, company, assets, use-cases, and people - and this, at the level we’re talking about here, can be achieved only with smart, autonomous collection of information and extraction of hyper-relevant intel.
The threat landscape is evolving at the speed of innovation. Three years ago, ransomware-as-a-service was in its diapers. Today, it’s everywhere. We don’t know what or how threats will evolve in the future - maybe it’s deep fakes, maybe data poisoning, maybe something completely new. There is, however, one thing we can bank on - the criminal mindset.
Humans don’t evolve as fast as tech, and there’s already an extensive body of knowledge on how people “work” - how they think, what makes them tick, etc. The next generation of threat intelligence solutions will have to factor that in - not only identify anomalies but predict with high accuracy the emergence of an attack, and help cybersecurity teams to block, defend, and track its originators. As highlighted above, Cybercrime evolves at the speed of innovation - and cybersecurity must follow suit.