The Anatomy of A Cyber Crime

Dear Mr. IT Leader,

Cyber warfare was a booming business for hackers in 2018. Therefore, I can say with great confidence that the only way to reduce a company’s Risk Exposure toward a Data breach, is to fully understand why Personal Identifiable Information data is being targeted by Cyber Criminals. Fullz is a slang term used by credit card hackers, and Data Resellers, to describe a full package of an Individuals Personal Identifiable Information. Fullz, data usually contains an individual’s Name, Social Security number, Date of Birth, Account numbers and other data. With businesses expected to lose 5.2 Trillion dollars, due to cyber-crimes over the next five years, it is imperative for IT leaders to understand the attack vectors being used by Cyber Criminals. The value proposition is simple, hacking is an International business, it places the world in the palm of a Cyber Criminal’s hands. It’s a highly successful industry, with a very low cost to entry, with full product warranties. Maximizing the return on their Investment is easy with Ransomware and other attacking Malware vectors that hackers can purchase for under $200. 

Cyber Criminals have an infinite amount of breaching resources available to them on the Dark Web market place? Criminals can purchase products, or services, with the intentions of maliciously affecting networks across the world by capturing consumer Data? But what is most encouraging about the future, as an IT consultant, is that, most IT executives who have the authorization to make a buying decision already understand the risk of not protecting against common attack vectors like, Malware, Ransomware, SMS flooding, and Phishing emails scams. However, even with this knowledge, most IT leaders don’t understand the Anatomy of a Cyber Crime.  

How could a CTO understand the chemical makeup of a virtualized infrastructure, able to scale like AWS, with pay as you go resources available to scale, or decommissioned at the push of a button? How does a small business owner mitigate the risk associated with future digital disruptions? When Cyber Criminals are backed by a full IT infrastructure with 24-hour support. For cybercriminals purchasing malicious software from the Dark Web, it is often like paying your monthly subscription to Netflix. Bundled within your subscription is a complete corporate hierarchy structure. The Digital Dark Lord is the Kingpin, and then the organization is broken down into three additional departments. Malware Operations, Financial Operations, and C2 Services.

Each department is responsible for making sure that the purchasing party has a smooth experience. Malware operations are responsible for the distribution and management of malicious malware within an infected parties’ network. Then, after dwelling within the infected party’s network, the next step is to collect the money. But, did you know, that most common hackers, now have their very own accounts payable and accounts receivable departments to convert and pay out Bitcoin via Western Union. Collecting the bounty is easy, all that a Cyber Criminal must do is register on a fullz site on the dark web; ensure that the data is in the proper format for upload, and then provide their western union information and wait for the money to be deposited. It’s that easy for a Cyber-criminal to win by disrupting your network.  

Each industry is faced with different attack vectors. The hackers use these means to gain access to your computer, or network due to system vulnerabilities. For instance, within the Healthcare Industry, threats from inside of the organization are greater than that from outside. Human error is a major contributor to this because employees are abusing access to systems and data.  Attacks are typically financially motivated and often involve phishing or the use of stolen credentials. It’s pretty clear-cut that threats from people, processes and, technology create vulnerabilities to an IT infrastructure.

From physical assets vulnerabilities to wireless access points, and remote access attacks, cybercriminals are working hard to access consumer data. In terms of data theft, most cyber attacks are opportunistic. Almost half of the breaches involved in the manufacturing industry are breaches involved in the theft of intellectual property to gain a competitive advantage. While Social engineering scams are on the rise in the Education industry. Cybercriminals are using your employees’ personal information to commit identity fraud. But it’s not just sensitive data that is being targeted. Cyber espionage remains a major concern for the US government. However, now that we understand the Anatomy of a Cyber Crime, we can focus on how to reduce your security expose.

Securing your IT infrastructure can be done by locking down your physical assets. Limiting your network attack surfaces, while securing remote user access and, micro-segmenting your infrastructure with a good network monitoring partner. M&N Communications offers a unique network monitoring solution that uses full packet capture on both traditional and advanced network threats, allowing organizations to respond quickly when their data may be at risk. It compares the activity to statistical models developed in-house, allowing us to pinpoint deviations from healthy network activity.

INTELLIGENT CYBER DEFENSE maintains thousands of signatures, including commercial, open-source, and Advanced Persistent Threat (APT) indicators, as well as signatures, developed in-house by our Engineers. Our analysts manually review anomalies for malicious activity or data exfiltration and notify you if there are any concerns. Combined with our in-depth review conducted by expert analysts through our 24x7 Security Operations Center. 

If you need to know how to increase productivity in your business, then you need to talk to Melvin Williams. Melvin is a top-level IT consultant with a solid track record of helping highly effective businesses from both small to medium, as well as fortune 500 companies. In his role as Director of Business Development, Melvin has directly consulted with hundreds of businesses on how to generate more revenue through the integration of transformational IT solutions