What Hacker History Can Tell Enterprises About Future Attack Strategy
There’s an oft-quoted saying: “History repeats itself.” For those that believe in the cyclical patterns that sometimes emerge over time, this aphorism definitely rings true.
Today, we’ll be applying this type of thinking to the cybercrime realm. Over the course of hacker history, numerous trends have arisen, including those that hinge upon sophisticated approaches to system breaches, as well as techniques revolving around specific business targets.
However, one element remains the same – cybercriminals continue to evolve, and as their strategies advance, so too does enterprise protection.
Recently, Trend Micro researchers joined forces with members of the U.S. Secret Service to perform an in-depth study of the Evolution of Cybercrime. This report, which delves into nearly two decades of hacking and malicious activity, doesn’t just paint an interesting picture of where cybercriminals have been – it can also help point IT admins and decision-makers in the right direction with their future security strategies.
CarderPlanet, and the era of phishing through stolen payment card info
The research begins in the so-called “Carding Era,” stretching from 2000 to 2010. During this decade, some of the most notable cybercriminal activity involved the theft and underground reselling of payment card information, supported by Russian cybercriminals and carding forums.
In these instances, consumer credit and debit details were stolen and then sold on Russian sites, where cybercriminals could purchase this information and use it as a springboard for an array of phishing-based attacks. As noted in the report, this allowed for somewhat cyclical attacks, where payment card details were taken and leveraged for phishing attacks which then enabled cybercriminals to obtain even more personally identifiable information. From there, this data could be used to create fake pay cards and carry out all types of other fraudulent and malicious activity.
One of the biggest sites behind these payment card-phishing attack schemes was CarderPlanet, created in 2001 by Dmitry Ivanovich Golubov, Roman Vega and Vladislav Anatolievich Horohorin.
This era helped cement the awareness around the need for robust protections of financial details. Just a few years later, in 2006, the Payment Card Industry Security Standards Council was created by major financial players including American Express, MasterCard and Visa Inc. This Council would give rise to the Payment Card Industry Data Security Standard (PCI DSS), which put in place more staunch protection requirements for the storage, use and transmission of such information.
Unfortunately, though, hacker history would include more attacks targeted around banking information, which we’ll take a look at a bit later on.
The year of the breach and the value of enterprise data
First, though, we must examine hacker history of 2011, dubbed the “year of the data breach.” Today, cyber attacks that result in successful breaches and data compromise aren’t anything new – large brands across nearly every sector have come out with news of a breach. Nearly a decade ago, however, headlines involving data breaches weren’t so commonplace.
As Trend Micro’s report pointed out, 2011 was the year when many successful, targeted breaches took place, resulting in the theft of the new digital currency: information. Many of these instances involved the compromise of customer data, including payment card information and other personal details, which had severe impacts on victim brands’ reputations.
Data breaches are certainly still taking place today. However, this “year of the breach” helped show enterprises just how valuable the information they store and utilize can be, particularly to malicious actors outside their organizations.
The post-PC era: Mobile, social and beyond under attack
Directly following the “year of the breach” was the so-called “Post-PC Era,” which involved the trend of cybercriminals branching out with their attacks. During this period, the world learned that while PC systems were mainly targeted by hackers in the past – particularly to support the rash of data breaches the previous year – this certainly didn’t mean that other platforms were above the prying eyes of cybercriminals.
During the post-PC era, hackers centered their efforts around attacking mobile platforms – especially Android devices – social media sites and Mac systems. Over the course of 2012, many users began questioning the security of platforms that they previously thought were more secure.
“It took Android devices less than three years to reach the volume of threats (led by premium service abusers and data stealers) that it took 14 years for PICs to reach,” discovered Trend Micro and U.S. Secret Service researchers. “The question was no longer if a system could be breached, but when, as data breaches and targeted attacks became the new norms.”
Online banking comes into the crosshairs
In 2013, digital banking systems were once again a favorite of hackers. Whereas the Carding Era centered around payment card details, this new year of online banking threats focused on web- and mobile-based banking activity, transactions and digital wallets.
As the report noted, this trend toward digital currency would once again become a top priority within the cybercriminal world in 2016, during “the year of digital extortion.”
“2016 was an unprecedented year for cybersecurity in the enterprise space,” the report stated. “It was indeed the year of online extortion, with ransomware leading the charge.”
As these past trends show, the financial sector will always be a desirable target among cybercriminals. Today, we’re seeing increasing rates of cryptojacking, which not only involves the theft of encrypted, digital currency, but the unauthorized use of system and network resources to support the arduous process of cryptocurrency mining.
Botnet busts: A win for the good guys
Before we delve too far into the future, though, we must take a look at 2015, the “Year of Big Botnet Busts.” As researchers noted in the report, this was a banner year for white hat organizations and law enforcement, as 2015 saw the several high-profile and long-standing botnets halted. This includes the likes of Beebone/AAEH, SIMDA, Bugat/Cridex/Dridex.
Law enforcement was also able to take down several cybercriminal organizations, including Esthost/Rove Digital and reFUD.me. Despite these wins, improvements in enterprise security were still needed.
“Though tried-and-tested threats (zero-day exploits and malvertising tools like Superfiish) continued to attack the simplest of blind spots that left individuals and organizations exposed, public-private partnerships (PPPs) between law enforcement agencies and security practitioners remained steadfast in keeping the world cybersecure.”
Cybersecurity today and beyond
As the report demonstrates, it appears that history does, indeed, repeat itself, with some critical updates and new approaches. Hackers will no doubt continue to come after valuable enterprise targets and their sensitive customer PII and financial data.
At the same time, though, IT security admins and vendors of data protection solutions are updating and innovating their strategies as well. What’s more, law enforcement and PPPs including security experts like Trend Micro researchers will continue to help combat hackers and keep cybercriminal activity at bay.
To find out more about the history of hacking activity and how to best safeguard your organization for the future of cybercrime, check out the full report and connect with us at Trend Micro today.
Read More HERE