​FBI Perspective On the Status and Evolution of Global Cybercrime

With a long history in working against cybercrime in the United States, working at the FBI with other US and international agencies, Timothy Wallach has seen almost everything when it comes to global cybercrime. He spoke at this year's Trend Micro CLOUDSEC event in Sydney.

Wallach started by looking at where the threats are coming from. He says hacktivists, criminals, insiders, spies, terrorists and warfare actors such as nation-states are the main categories of threat actors the FBI looks at. Of those, about 45% of the threats the FBI looks at are related to criminal gangs with nation-states garnering a similar level of FBI interest.

A major issue, says Wallach, is the ease with which threat actors can access the tools and support they need for an an attack. With many of the tools now readily available, the barrier to entry into some form of cybercrime is very low. Wallach estimates there are more than 800 forums where hackers can peddle and buy malware.

These forums are invitation-only, languages with at least 50 different roles and service specialisations.

Over 90% of hacks, says Wallach, come as a result of a successful spearphishing attack. Staff click a link or open an attachment, letting the attackers in. The malicious parties then carry out detailed reconnaissance to find vulnerabilities that they use to exhilarate data, often using easily accessed services such as cloud file sharing services such as Google Drive or Dropbox.

Specific types of data, such as healthcare, financial and government data, are of particularly high value to data thieves. Interestingly, while the number of records stolen has fallen slightly recently, this isn't because of greatly improved security but rather, says Wallach, because higher value data is being stolen so criminals are getting higher payments for the data stolen.

In addition, business email compromise and ransomware attacks are on the rise and far easier to monetise, says Wallach.

When it comes to ransomware, Wallach says the FBI does not recommend paying. While a consumer might see a $500 ransom as reasonable, the impact on a corporate target, where thousands of machines might be compromised, is much higher. Also, payment can "embolden attackers" he says.

Business email compromise remains a significant issue. Wallach suspects only half the victims actually reporting losses. While it's widely reported that this attack vector has needed about US$2.3B up to 2015, Wallach says the number is now closer to US$3B now with 70% growth in 2016.

Wallach told the audience about a recent FBI operation where the bureau wanted to infiltrate an exclusive, invitation-only meeting of hackers called Darkode. An online forum was established by the members.

Rather than taking the past approach of trying to take down hacker servers, the FBI became a service provider, delivering servers for the forum.

During the three month operation in 2014, they collected 75TB of data as well as intercepting communications. They were able to indict 12 individuals with extradition processes and prosecutions now in progress.

Another breach Wallach described involved the theft of payroll card data. Of the 45 million data records stolen, just 45 erred used to launch an ATM banking attack that netted US$9.5M, highlighting both the sophistication of the attack methods.

When it comes to what to do, Wallach says there needs to be a focus on user education. He says research reveals almost three-quarters of user still click on malicious links in emails.

Join the CSO newsletter!

Error: Please check your email address.

Tags terrorist threatscyber criminalstrend microCloudsec 2016#cloudseccyber crimefbicyber security

More about DropboxFBIGoogleTrend Micro

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Anthony Caruana

Latest Videos

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

  • 150x50

    IDG Live Webinar:The right collaboration strategy will help your business take flight

    Speakers - Mike Harris, Engineering Services Manager, Jetstar - Christopher Johnson, IT Director APAC, 20th Century Fox - Brent Maxwell, Director of Information Systems, THE ICONIC - IDG MC/Moderator Anthony Caruana

    Play Video

More videos

Blog Posts