Intelligent CIO Europe Issue 12 | Page 28

TRENDING “ LOW-LEVEL CYBERCRIMINAL ACTIVITY REMAINS A ROBUST MARKET ECONOMY, OFTEN TAKING PLACE IN VIEW OF SECURITY RESEARCHERS AND LAW ENFORCEMENT ON THE DARK WEB. 28 INTELLIGENTCIO of security researchers and law enforcement on the dark web. While relatively simple in their approach, these activities can still deal widespread damage. “Cybercrime is a lucrative industry and it’s not surprising it’s become the arm of powerful, organised groups,” said Don Smith, Senior Director, Cyber Intelligence Cell, Secureworks Counter Threat Unit. “To understand the complete picture of the cybercriminal world, we developed insights based on a combination of dark web monitoring and client brand surveillance with automated technical tracking of cybercriminal toolsets.” Among the CTU researchers’ key findings were the following: The boundary between nation-state and cybercriminal actors continues to blur. • Nation-state actors are increasingly using tools and techniques employed by cybercriminals and vice versa. In August 2018, CTU researchers determined the Democratic People’s Republic of Korea was likely responsible for a Gandcrab ransomware campaign against the South Korean population and infrastructure as part of a broader pattern of attacks. GandCrab is developed and sold ‘as-a- service’ and is more commonly associated with financially motivated criminal actors • In March 2018, a threat actor likely associated with the Iranian government used access that had previously been leveraged for espionage to deploy a cryptocurrency miner across the environment. CTU researchers have also observed other government-backed espionage groups deploying cryptocurrency miners within compromised networks • The assumption that nation-state- sponsored Advanced Persistent Threats (APTs) are dimensionally different from advanced cybercrime threats is fundamentally flawed www.intelligentcio.com