Last month, Zayo hosted a webinar that explored the evolution of cybercrime. A panel of cyber criminal experts explored how today’s modern, sophisticated online criminal activity evolved from the very first cyber criminal’s Palm Pilot. They predicted the future of cyber crime (there will be more, lots more), and presented the security webs companies can weave to entrap the criminals who might target their digital presence.
Panelists for this webinar included:
- Eric O’Neill, Former Counterterrorism Operative, FBI & Cyber Security Strategist, Carbon Black
- Shawn Edwards, Chief Security Officer, Zayo
- Tyler Burke, Product Manager, IP Services, Zayo
- Stacy Jackson, Product Communications Manager, Zayo (moderator)
We all – individuals and businesses alike – face an escalating threat from cybercrime. This menace has come a long way since the arrest of Robert Hanssen, an FBI-agent-turned-Russian-spy, whose actions in the early 2000s exposed the vulnerabilities of even the most secure systems.
This incident opened everyone’s eyes. Now, criminal activity was taking advantage of not only physical security vulnerabilities, but holes in our digital lives as well. We needed to implement robust cybersecurity measures – to build a taller, less penetrable, digital wall.
From Palm Pilots to AI: the Evolution of Technology
Robert Hanssen was a master of deception, using his position within the FBI to access and distribute classified information. He was also a pioneer in the use of technology for espionage, using a Palm Pilot to store and transport sensitive data. This device, the pinnacle of technology in 2001, was always kept in his left back pocket, a routine that ultimately led to his downfall.
Eric O’Neill, the FBI field operative assigned to capture Hanssen (and a panelist on our webinar), recognized the potential treasure of information stored on that Palm Pilot, and devised a plan to copy its contents. Using a combination of social engineering and technological expertise, Eric was able to temporarily remove the device from Hanssen’s possession, copy its encrypted data, and return it before Hanssen noticed it was gone.
This operation marked one of the first instances of a successful counter-cybercrime operation, setting the stage for future advancements in the field.
Fast forward to today, and cyber criminals have a vast buffet of evolved technologies at their command. They now leverage artificial intelligence, botnets, and automation to conduct more sophisticated and damaging attacks.
Their methods are also becoming increasingly sophisticated. They’re playing with a new(er), more destructive toy in their arsenal: the Distributed Denial of Service (DDoS) attack. DDoS attacks flood your network with excessive traffic, cause substantial disruption to your business operations, and inflict severe financial and reputational damage.
And sometimes DDoS attacks simply expose security vulnerabilities so the attackers can return later for a bigger heist – your data.
“The growth and explosion of AI, the usage of AI, and the application of AI in cyber crime was the most surprising to me. It’s ramped up quickly and I think it’s only begun.”
– Shawn Edwards, SVP and Chief Security Officer at Zayo
From Overt to Covert: the Evolution of DDoS Attacks
DDoS attacks in particular have evolved significantly in just this past decade. In the past, these attacks were primarily volumetric, overwhelming the target and consuming its bandwidth with ICMP floods or UDP floods. If we can find an advantage to such attacks – they’re easy to spot.
However, today’s cyber criminals are employing more complex, sneakier, multi-vector attacks, combining multiple techniques such as volumetric flooding, application layer exploitation, and infrastructure vulnerabilities. They’re harder to see, and therefore harder to mitigate.
For example, in 2014 and 2015, Russia launched a multi-vector DDoS attack against Ukraine, paired with a spear phishing attack against the country’s power grid. Targeting these two vectors at the same time resulted in widespread confusion and fear, demonstrating the potential for significant damage that these attacks can cause.
You don’t need to be a state actor to be targeted, or to launch such an attack. Today, businesses of all sizes are attacked in this way.
From Whole-Minded to “Whatever:” the Evolution of Motive
As is always the case, when technology evolves, the barrier to entry inevitably drops. Today, the dark web is the central digital den of illicit activities. It facilitates the exchange of stolen data and provides a platform for inexperienced cyber criminals to simply purchase a DDoS attack, collaborate, and share tactics.
The core motivations of any criminal have always been:
1) Profit,
2) Politics,
3) Payback, and
4) Practice (the calculated preparation for a larger, more destructive attack).
This remains true today.
With an important distinction: unlike Robert Hanssen in 2001, today you no longer need to be the master of deception with a degree in IT to cause harm.
Now, there are companies on the dark web that have created entire businesses around launching DDoS attacks (…for as low as $1 a day!). When it’s this easy to be a criminal, when the effort drops to almost nothing, you no longer need a strong motivation to launch the attack.
A smaller payback may be enough to launch an attack. A smaller bruised ego may be enough. A smaller grudge. A student who didn’t study for a test and who doesn’t want to take it. A disgruntled employee. The motivations are the same, but the depth of the motivation could be quite shallow indeed because the technology is so user-friendly now….
…further fostering an environment where younger and younger criminals can more easily dive into bad decisions. The slope is slippery.
“If information is the world’s most valued commodity, then personal information is the Holy Grail.”
– Eric O’Neill, former FBI Counterterrorism Field Operative, quoted in his book Gray Day
From Costly to Crippling: the Evolution of Recovery
Businesses targeted with successful attacks are facing increasing costs of recovery.
The direct, easily identifiable costs include:
- Launching an investigation
- Purchasing threat detection software
- Covering identity theft protection for their customers
- Reporting the breach to regulatory bodies, partners, and customers
- Hiring cybersecurity experts
- Paying a ransom to stop the attack
Harder to identify are the costs of:
- Reputation loss
- Eventual customer churn
- Opportunity cost of the distraction of the breach
We discussed during the webinar that the average cost to recover from a large-scale attack can now exceed $1,000,000. As cyber criminals become increasingly sneaky, they can spend weeks or longer dwelling within your system, stealing as much information as they can. This information can then be ransomed back to your business, sold on the dark web, or used for future attacks.
The challenge is particularly acute for small and medium-sized businesses. They often lack the resources to manage a comprehensive security program, so they focus on a single issue like phishing, while overlooking other areas of vulnerability. This myopic approach can leave businesses exposed to a multitude of threats.
From Palm Pilots to AI: the Evolution of Protection
It’s true that the advanced technologies we use to protect our businesses cyber criminals use to stop us in our tracks. Sometimes it feels like a neck-and-neck race for superiority.
Now, the good guys are winning. You have the power to protect your business. By investing in robust cybersecurity measures, you can significantly reduce your risk of falling victim to a DDoS attack or other cyber criminal activity. This includes implementing multi-layer defenses, investing in DDoS mitigation services, and ensuring that the companies you trust with security have the necessary processes, personnel, and technology in place to detect and respond to potential threats.
And this technology is improving every day. Our visibility into online cybercrime today allows us to stop attacks before they start. While in the past, businesses would have to make a significant investment across various technologies, today, covering the basics can solve most problems.
Criminals today enjoy a low barrier to entry to commit digital crime. Businesses too can take a few simple steps to create a comprehensive cybersecurity program, and cover the majority of what they need to protect themselves:
- Adopt a proactive approach
- Understand what data needs the most protection
- Prioritize resources
- Implement DDoS protection
- Stay vigilant!
Mitigate your risks, safeguard your data, and ensure the integrity of your systems.