Protecting your business against the cybercriminal enterprise

Guest blog by Steve Knibbs, Director of Vodafone Business Security Enhanced #techUKCyber2023

Cybercrime is a fast growing and incredibly profitable industry, but often overlooked is how innovative these cybercriminals are.

Research firm Cybersecurity Ventures estimates the cost of damages from cybercrime in 2023 is roughly $6 trillion. To put this in perspective, there are only two countries that have a higher national Gross Domestic Product (GDP) – the USA and China. And to make things worse, Cybersecurity Ventures estimate this will grow to $10.5 trillion by 2025.

The reason people are generally attracted to cybercrime is simple – there is money to be made. Just like a legitimate business spotting a gap in the market, cybercriminals will evolve their own proposition to capitalise on an opportunity.

They have HR, technical support teams to help customers (other criminals), software developers, IT departments, web developers making sure that they stay undetected, product development and software testing teams. They may also be monitoring the news for the latest disclosed vulnerabilities in a company’s defences that can be used in the groups next attack campaign.

Cyber criminals have also seen how attractive digital transformation is, and their business model has evolved to offer malicious software for hire on the dark web. The ransomware world was the first to go in that direction, as groups started to follow the ‘Ransomware-as-a-service’ model.

Like other digital companies, this service offering could be as simple as leasing the software, or it could include a range of full-service wrap. One example offered today by these criminal groups offer is ‘Phishing-as-a-service’.

Generally speaking, businesses are set up to counter legitimate competitive threats that might appear in the commercial landscape. So why wouldn’t we take the same approach with cybercriminals?

Understanding the threat landscape

Vodafone Business Security Enhanced (VBSE) produces a monthly threat intelligence report to ensure customers understand the way in which the cybercriminal organisation is evolving. This sort of business intelligence is incredibly common across other areas of business and would help adapt and transform operations in order to remain competitive.

Looking at the most recent report, there are some very interesting developments:

There has been a surge in mobile malware and phishing, with mobile security firm Zimperium suggesting they found that an average of 77,000 unique malware samples every month. More phishing attacks are moving to mobile as the devices are more frequently connected, and it is harder to detect.
A new spyware mobile campaign has been discovered targeting users in Pakistan where fake applications (VPN app and nSure Chat app) are used to transmit data off the user’s device, as well as recording emails, text messages and phone calls
The Anatsa banking trojan Is back. It was first discovered in 2021 targeting banking customers, able to steal banking credentials through keyloggers and screen grabs. It disguised itself as PDF readers, QR code scanners, and two-factor authentication (2FA) apps on Google Play Store to siphon users’ credentials

These three examples show one trend in particular. Cybercriminals are always looking to adapt their operations to capitalise on potential opportunities to make more money, which can often be linked to world events to further hide ill-intentions, praying on fears and insecurity. The COVID-19 pandemic saw a huge rise in the number of malicious campaigns, with fake news stories being used to entice people to click links.

Reimagining what a cybercriminal is

The three examples above are interesting for different reasons.

Firstly, we have an example of adapting a technique to a new environment. Secondly, we have the emergence of new threats. And finally, we have the reintroduction of an old threat that has been enhanced.

Instead of thinking about these threats as threats, let’s imagine them as products.

Out of the R&D department we have three new propositions. One is taking a successful product from one industry and adapting to another. One is entirely new product creation in a new market. And the final is adding upgraded features and functionality to an old but popular product.

These businesses are evaluating the market, dedicating resource to create new propositions and solutions, before developing a Go To Market strategy, complemented by social media campaigns to drive end user interest.

The way cybercriminal’s function is not particularly dissimilar to the way normal businesses operate (if you ignore the illegality of course!)

Evolving with the market through competitive intelligence

At VBSE, we provide advice dedicated to strengthening the cyber security position of organisations. We always start with two principles:

Nothing should ever be considered 100% cyber-secure
Cybersecurity is an ever-evolving practice

Some in the business world might think that once you have developed a strategy, you can forget about it and re-evaluate the situation next year. But that couldn’t be further from the truth. Cyber criminals analyse the market and adapt. They are probably already working out the best way to use a newly discovered vulnerability before it is patched or beat the latest security enhancement before it is even released.

Our Customer Account Security Manager (CASM) service offers bespoke solutions and advice to your organisation to meet your individual business needs – from governance, risk & compliance, through to best practice, account support and training

Commercially, companies are constantly evolving their proposition to ensure they are competitive in the market. It is an on-going transformation project to ensure the commercial proposition is fit for purpose, measured against changes in the market and the way rival companies are evolving.

Perhaps the same approach should be placed on cybersecurity. If you view a cybercriminal as a competitive threat with R&D resources, a Go To Market function and a marketing team, we suspect companies would be a lot more proactive.

The first step is always understanding what you have in your estate, monitoring new devices that are connected to your network and ensuring all software is fully up to date. Paired with this, an understanding of the evolving landscape is critical, as a cybersecurity strategy should never stand still. A breach can cost millions, but also has a significant detrimental impact on a corporate reputation.

Cyber Security Programme

The Cyber Security Programme provides a channel for our industry to engage with commercial and government partners to support growth in this vital sector, which underpins and enables all organisations. The programme brings together industry and government to overcome the joint challenges the sector faces and to pursue key opportunities to ensure the UK remains a leading cyber nation, including on issues such as the developing threat, bridging the skills gap and secure-by-design.

Learn more