However cyber-savvy you think you are, it’s a fact that most people, whether they are aware of it or not, have already had their cyber safety threatened.
The Covid 19 pandemic has undeniably been the “great accelerator of digital transformation”, both in corporate and personal terms. However, with investment in security lagging far behind, this new digital landscape is a land of golden opportunity for cybercriminals. A problem that was already increasing pre-pandemic, has exploded into a global threat.
Cybercrime has evolved from spam emails to identity theft; social engineering and ‘whaling’ (with the intent of stealing assets or extorting individuals in positions of power for information or monetary gain); malware and ransomware (for blackmail or political purposes); and multilayered ‘island-hopping’ attacks where a criminal organization targets smaller third party or supply chain companies with the ultimate aim of attacking a larger company.
This new threat landscape is often compared to the “Wild West” — with organized online criminals unleashing ransomware and stealing bitcoin, rather than holding up trains and robbing banks.
In this environment, “white-hat” hackers, who offer recovery services against the depredations of “black-hat” bad actors, are the guns for hire, and a crop of new cybersecurity companies, offering security on a commercial basis, vie for position as the virtual equivalent of the Pinkerton Agency. However, in the absence of an effectively organized government entity, the run-of-the-mill counter-response lacks the global reach of the criminals.
With public trust in the ability of law enforcers to secure justice at rock bottom, what are the best options for corporate and individual victims?
I spoke to Armour Intel, a company at the forefront of dealing with cybercrime and recovery of assets, about their approach to the new threat landscape and why they are different to other cybersecurity companies.
“Armour Intel is the intelligence arm of an already well-established global security entity,” says their spokesman. “Our point of difference is that we leverage an existing network of over 17000 security and cyber intelligence professionals in 100+ countries. Our agents have served at elite levels of the military, police, and intelligence sectors, giving us a uniquely powerful network of resources.”
While Armour Intel can cite impressive examples of successes in pursuing bad actors and recovering assets, they also emphasise the importance of their work in risk assessment, stress testing, and preventive strategies,
“While it’s the big ransomware attacks that hit the news, simple phishing or email scams continue to be the most prevalent type of attack, which means human error and poor awareness are still the most common cause of a security breach. The fact is, nobody should be complacent — criminals are constantly finding new ways to exploit vulnerabilities.”
The takeaway message for companies is that Cyber security needs to be seen as the responsibility of all employees (including senior management and executives) not just the IT department.
Armour Intel continues “…one of our recent clients was the Managing Director of a global blockchain firm who had sophisticated awareness of online risk. Nonetheless, he was caught out by a fraudulent Asian crypto exchange. He came to us having been quoted 5 figure upfront sums (with no guarantee of success) by other crypto security firms. Our investigators were able to uncover evidence stemming from China that enabled him to begin recovery of his assets within a week. Armour Intel’s global connections and access to linguistic expertise were certainly a factor in achieving a fast and positive result for the client.”
Armour Intel was able to leverage its own global network to produce results in this case, but at government level, difficulties of cross-border cooperation result in an enforcement gap which often allows criminals to operate with impunity.
The proliferation and increasing sophistication of ransomware attacks in this environment provide a chilling demonstration of the vulnerability of critical infrastructure.
The Wannacry ransomware attack in 2017, which targeted computers running Microsoft Windows globally, while costly, was halted within a few hours.
By contrast, the US Colonial Pipeline ransomware attack (by the hacker group Darkside in May of this year), forced Colonial to shut down for 6 days — cutting off 40% of essential fuel supply to homes and businesses on the United States East Coast in the process. Colonial paid up, handing over $5 million.
Armour Intel says, “This is not the first ransomware cyberattack against US critical national infrastructure and it won’t be the last.”
Organized cybercrime is a global, dynamic and fast-evolving threat, with links to espionage and terrorism. Conventional law enforcement agencies have proved unable to mount an effective response to threats that compromise national infrastructure.
Despite this, Armour Intel’s outlook for the corporate and private sector is robust, “Not all cybercrime is sophisticated. One of the reasons the enforcement gap is so big is that so many crimes go unreported. People don’t know where to turn. If you, or your company, have been attacked, or you discover that you are being impersonated online, there are effective measures that can be taken. We can help you identify and locate threats and malicious actors to assist in the recovery of assets, anywhere in the world.”
For the private sector, companies such as Armour Intel, with long-standing in the security and intelligence sectors and pre-existing cross border relationships with global law enforcement agencies, would seem to be able to offer a discreet, agile and effective option. With ransomware attacks now occurring globally every 11 seconds (95% delivered by email), we had better hope so!