Know thy enemy

Author: Clayton Locke

Getting under the skin of cybercriminals and understanding the dark web

Earlier this year, online security experts Kaspersky uncovered  the greatest bank robbery of all time.  Working with Europol and Interpol, Kaspersky revealed that up to 100 banks and financial institutions world-wide had been attacked by an international cybercriminal gang, with members from Russia, Ukraine and China. Its investigation estimated that $1bn had been stolen since the attacks started in in 2013.

Beating bespoke criminal software

Cybercriminals are increasingly tenacious, persistent and creative. In ancient military treatise The Art of War, Sun Tzu spoke about how important it is to know your enemy as well as you know yourself, so who are these people, and what are their techniques?

Today’s bank robbers aren’t breaking into banks. They’re stealing from them using bespoke criminal software obtained on the dark web. A vast range of software specifically designed to help hackers exploit websites is available for purchase on the dark web from an untraceable marketplace. This black market for exploitative software is no small aberration either, it’s become a billion dollar industry. According to the Federal Reserve Bank of San Francisco, unique strains of malware such as that sold on the dark web reached 100 million variants in 2012, and this number has been growing at an accelerated pace since.  

Scams, identity theft and money mules

To reap the rewards of their endeavours, criminals are building entire services and distribution networks to launder the money obtained via this software. One way they do this is by using unwitting people as ‘money mules’. Fraudsters trick individuals into letting scammers use their accounts for illegal money transactions, stealing identities via various means, a common one being fake ‘work from home’ employment opportunities. Once personal details have been compromised, cybercriminals are able to deposit and withdraw money using a money mule’s account as they please. In addition, if investigated, the paper trail leads back to the money mule, rather than the real criminal.

The enormity of the bank robbery uncovered by Kaspersky suggests that cybercrime is more sophisticated than ever and reveals the scale of the problem at hand. Financial services providers need to up their game to address threats in real-time. The idea that an organisation’s network can be protected with an impenetrable outer wall is a thing of the past. Organisations now need to look past the point of entry for hacking threats, as eventually, these criminals will find a way in.

AppSensor: advanced attack-aware security

Here at Intelligent Environments, we’ve been looking at how we can help tackle the problem. Months of development have resulted in AppSensor, an attack-aware security feature built into our digital banking platform. It works by monitoring user behaviour for inconsistencies, deploying software sensors at critical points in the banking application to detect them.  Such a system learns patterns of behaviour that are normal for users, and can detect hackers who are probing the system because their behaviour is not what a normal user would do.  By knowing how the cybercriminal breaks in, we can monitor for this type of activity and sound the alert when it happens.

To tackle the ever growing threat of cybercriminals we need to follow Sun Tzu’s advice. Only by better understanding the cybercriminal can we develop security systems that are able to anticipate their behaviour and cope with threats in real-time. However, if we fail to appreciate the scope of the threat cybercriminals pose and learn all we can about this enemy, the scale of the bank robbery uncovered by Kaspersky will be a drop in the ocean compared with what is to come. 

10 Jul 2015

Author: Clayton Locke

Getting under the skin of cybercriminals and understanding the dark web

Earlier this year, online security experts Kaspersky uncovered  the greatest bank robbery of all time.  Working with Europol and Interpol, Kaspersky revealed that up to 100 banks and financial institutions world-wide had been attacked by an international cybercriminal gang, with members from Russia, Ukraine and China. Its investigation estimated that $1bn had been stolen since the attacks started in in 2013.

Beating bespoke criminal software

Cybercriminals are increasingly tenacious, persistent and creative. In ancient military treatise The Art of War, Sun Tzu spoke about how important it is to know your enemy as well as you know yourself, so who are these people, and what are their techniques?

Today’s bank robbers aren’t breaking into banks. They’re stealing from them using bespoke criminal software obtained on the dark web. A vast range of software specifically designed to help hackers exploit websites is available for purchase on the dark web from an untraceable marketplace. This black market for exploitative software is no small aberration either, it’s become a billion dollar industry. According to the Federal Reserve Bank of San Francisco, unique strains of malware such as that sold on the dark web reached 100 million variants in 2012, and this number has been growing at an accelerated pace since.  

Scams, identity theft and money mules

To reap the rewards of their endeavours, criminals are building entire services and distribution networks to launder the money obtained via this software. One way they do this is by using unwitting people as ‘money mules’. Fraudsters trick individuals into letting scammers use their accounts for illegal money transactions, stealing identities via various means, a common one being fake ‘work from home’ employment opportunities. Once personal details have been compromised, cybercriminals are able to deposit and withdraw money using a money mule’s account as they please. In addition, if investigated, the paper trail leads back to the money mule, rather than the real criminal.

The enormity of the bank robbery uncovered by Kaspersky suggests that cybercrime is more sophisticated than ever and reveals the scale of the problem at hand. Financial services providers need to up their game to address threats in real-time. The idea that an organisation’s network can be protected with an impenetrable outer wall is a thing of the past. Organisations now need to look past the point of entry for hacking threats, as eventually, these criminals will find a way in.

AppSensor: advanced attack-aware security

Here at Intelligent Environments, we’ve been looking at how we can help tackle the problem. Months of development have resulted in AppSensor, an attack-aware security feature built into our digital banking platform. It works by monitoring user behaviour for inconsistencies, deploying software sensors at critical points in the banking application to detect them.  Such a system learns patterns of behaviour that are normal for users, and can detect hackers who are probing the system because their behaviour is not what a normal user would do.  By knowing how the cybercriminal breaks in, we can monitor for this type of activity and sound the alert when it happens.

To tackle the ever growing threat of cybercriminals we need to follow Sun Tzu’s advice. Only by better understanding the cybercriminal can we develop security systems that are able to anticipate their behaviour and cope with threats in real-time. However, if we fail to appreciate the scope of the threat cybercriminals pose and learn all we can about this enemy, the scale of the bank robbery uncovered by Kaspersky will be a drop in the ocean compared with what is to come.