Cyber crime threatens national security

Cybercrime is evolving as a threat to the national security of several countries, primarily motivated by financial advantage. On the bright side, these risks are becoming more evident as more victims of cybercrime share their stories. In addition, efforts by governments to combat these threats are also growing.

These are the key findings of the 2021 edition of Microsoft’s Digital Defense Report regarding the current status of cybercrime. The study was based on more than 24 trillion daily cybersecurity signals on Microsoft cloud, endpoints, and smart edges. It gathered information from more than 8,500 experts from 77 countries, including insights into the evolution of ransomware, malicious emails, malware, and other cyber pests.

Other aspects covered in detail by the research were current threats to nation-states; the security of vendor ecosystems, Internet of Things (IoT) and Operational Technologies (OT); the hybrid workforce; and misinformation. Also presented were learnings and practical recommendations compiled by Microsoft over the course of the study.

More sophisticated and dangerous

By 2021, cybercrime has become more sophisticated, more widespread, and ruthless, targeting critical infrastructure in healthcare, IT, financial services, and energy. In addition, the cybercrime chain is maturing, with the formation of marketplaces in which anyone, even without much technical expertise, can acquire the tools necessary to carry out criminal actions in cyberspace. By nature, these cybercriminal groups have a global presence, meaning that an individual in a certain country can buy, for example, phishing kits from a vendor in another nation.

According to Microsoft, the prices of these cybercrime tools have remained stable over the past few years. However, as in any other market, they can vary according to supply and demand.

Ransomware business model

The ransomware business model has evolved significantly and become much smarter. According to Microsoft, there is prior research into victim profiles and the appropriate ransom demand amount. Criminals already know which documents to hijack, understanding the penalties associated with violating the local laws of each sector and country. Not only do they threaten to encrypt files that are fundamental for the victims’ business, but also to publicly disclose customer data, which would mortally affect the reputation of the invaded companies.

There aren’t many barriers to entry in the current ransomware market. There are modules offered under the “as-a-service” model that can be used by novice hackers who share the amounts raised from criminal actions. Even access to specific target networks can be acquired in these crime syndicates. Payments are generally made via cryptocurrencies.

Phishing, the most common email threat

In 2020, there was a surge in phishing campaigns that remained stable throughout 2021. Microsoft identified an increase in the overall number of phishing emails, a downward trend in emails containing malware, and an increase in voice phishing (or vishing). Microsoft’s Digital Crimes Unit (DCU) investigated online organized crime networks involved with compromising corporate emails and found a wide diversification of how email credentials are obtained, verified, and used. The conclusion is that investments in automation and acquisition tools are growing in order to raise the profit from criminal activities.

Microsoft researchers have observed the three most common types of malicious emails:

• Phishing, the most common type, is used to improve individuals to sharing of sensitive information such as usernames and passwords. The industries most affected by phishing can vary from month to month, depending on factors such as holidays and the availability of leaked email addresses.

• Delivery of malware, according to Microsoft, one of the most common methods seen last year relied on password-protected compressed files to prevent protection systems from analysing it; the password is usually in the body of the message. Upon opening the file, the malware goes live.
• Compromised corporate emails: This was the type of criminal email with the greatest financial impact.  The most common variant seen by Microsoft last year used gift card scams. The messages were supposedly from someone the recipient worked with and asked to purchase gift vouchers, usually with company funds. Another more sophisticated and financially damaging variant involved wire transfers with bank information.

The most prevalent perception among researchers and businesses is that victim credentials are handed over to an individual or group to simply conduct phishing campaigns.  However, more sophisticated kits, with greater reach and potential, have been identified in the cybersecurity community, created by authors who are more technically skilled than the better-known phishers.

More resilient

The examples presented in the report show that whatever the technology, criminals will be ready to exploit it for their own benefit and to the detriment of users. However, Microsoft points out that in order to minimize the impacts of possible attacks, it is possible to adopt practices and architectures that help make businesses and people more technology resilient. The image below summarises this scheme.