TRENDING
“
LOW-LEVEL
CYBERCRIMINAL
ACTIVITY
REMAINS A
ROBUST MARKET
ECONOMY,
OFTEN TAKING
PLACE IN VIEW
OF SECURITY
RESEARCHERS
AND LAW
ENFORCEMENT ON
THE DARK WEB.
28
INTELLIGENTCIO
of security researchers and law enforcement
on the dark web. While relatively simple in
their approach, these activities can still deal
widespread damage.
“Cybercrime is a lucrative industry and it’s not
surprising it’s become the arm of powerful,
organised groups,” said Don Smith, Senior
Director, Cyber Intelligence Cell, Secureworks
Counter Threat Unit. “To understand the
complete picture of the cybercriminal world,
we developed insights based on a combination
of dark web monitoring and client brand
surveillance with automated technical tracking
of cybercriminal toolsets.” Among the CTU
researchers’ key findings were the following:
The boundary between nation-state and
cybercriminal actors continues to blur.
• Nation-state actors are increasingly
using tools and techniques employed by
cybercriminals and vice versa. In August
2018, CTU researchers determined the
Democratic People’s Republic of Korea
was likely responsible for a Gandcrab
ransomware campaign against the South
Korean population and infrastructure
as part of a broader pattern of attacks.
GandCrab is developed and sold ‘as-a-
service’ and is more commonly associated
with financially motivated criminal actors
• In March 2018, a threat actor likely
associated with the Iranian government
used access that had previously been
leveraged for espionage to deploy
a cryptocurrency miner across the
environment. CTU researchers have also
observed other government-backed
espionage groups deploying cryptocurrency
miners within compromised networks
• The assumption that nation-state-
sponsored Advanced Persistent Threats
(APTs) are dimensionally different
from advanced cybercrime threats is
fundamentally flawed
www.intelligentcio.com