The Evolution of Cybercrime

Cybercrime has evolved from just small-time criminals (who are still active and profiting) to massive organizations with many hackers – becoming big business. Fayyaz Rajpari, our Executive Services Director discusses this evolution with Ron Darnall, our senior director of threat intelligence and Ken Dunham, our senior technical director, Security Operations, in our latest podcast, "Cyber criminals are a Fortune 10 company, what?!"

Here is just part of what you’ll hear about. Listen to our podcast Episode 2: Cyber criminals are a Fortune 10 Company for the full interview.

Question 1:

Fayyaz: So, if we look at the bigger picture of the victim landscape and really all the organizations are out there, you know, I think of this as two different networks, right? We've got the good guys and we obviously have the bad guys as well. If you look at both teams, is it a fair match? Do we have enough on both sides? What are your thoughts?

Ken: Well, when I grew up, the threat landscape was a lot different than what it is today. So, I think it's a great question on is it fair what's happening, has it increased? And part of what I'm thinking, from a perspective standpoint, is that the internet and that interconnectivity that came about in the mid-90's is really a game changer. Because now we're not dealing with localized threats, local criminals, the people that you would know in your small town, USA, or your small town in Europe or wherever you live. Now, it's anybody can attack anywhere at any time. For example, when Voice Over IP was being abused for phishing and it came up with the term called vishing, what was happening there is an individual in Romania was attacking using vishing techniques. Different places around the world every day. One time I saw him doing an attack against a place in Idaho, and the next day it was Canada, the next day it was Australia.

Then that's a game changer 'cause now we have a small time criminal who can do a global-scaled attack and get away with it with complete anonymization.

Fayyaz: So, yeah and kinda going back to, what you just said, small-time criminal, right? I think of this as being larger as well, right? So, we're not just dealing with the... and I think that was a point in time where we were dealing with the small-time criminals, but at this point, I mean like you said, we are dealing with, you know, thousands and many times they have their own networks. Just like an organization does or any company has their own defending network, they've got their own opposing networks that are after something or someone. Would you agree, and can you comment?

Ken: Yeah, absolutely. And that's a very good point. I think some people are now aware of what is known as the Russian Business Network, or RBN, which is a group that we targeted in St. Petersburg and Moscow and others a long time ago and now it's a little bit more public knowledge. But, everybody talks about Russians generically, like the Russians are doing it or the Chinese because of their power and their maturity. But, the answer is that they were doing large-scale multimillion-dollar fraud attacks that were highly successful, especially against the banking industry at the turn of a century. Much longer and previously before everybody else had public knowledge of this, that's what was happening. Because it takes a while for things that are happening to eventually bubble to the surface for people to know and to believe and then to understand the full scope, not unlike say dwell time in an incident. And then all of a sudden, you realize holy cow! This has been going on for a long time.

So, the Russians have been doing this for a long time and they're very successful, as are a large number of other entities out there in the world because this is a place they can cash in and make money and they're very very mature.

Ron: Yeah, and I think, Ken, in addition to that, you really needed to spell the myth that hackers are twelve-year-olds working out of their parents' basement, right? While that entity may still exist, they're not as organized, they're not as sophisticated as what you've just described.

Ken: That's actually a really good point. That reminds me of Jeffrey Lee Parsons, who was arrested by the FBI. He was in his parents' basement, and he was arrested because he had hosted a threat related to, I think it was Blaster B or one of the variants there of back in the year of the worm, 2003-2004 time frame. And the FBI really didn't actually think that it was him because it was registered in his name, hosted on his computer, and right there in their parents' basement. But he had just downloaded something off of a Chinese website, I believe it was, and hosted it, and ran it, and then ended up being the poster child for don't do bad things at home. But, you know, now what we have are very sophisticated threats. I've seen literally new Zero Day threats against entities being launched every single day or two that are new and different, each one of them. And that's a very sophisticated, expensive, complex infrastructure. Attacks that took hundreds of thousands of dollars to put into place from an infrastructure perspective, when they're highly focused and targeted against critical assets.