Story image

HPE study delves into the underworld workings of cybercriminal economy

23 May 16

Hewlett Packard Enterprise (HPE) recently released a revealing study.

“The Business of Hacking”, an extensive report detailing the underlying economy driving cybercrime is an in-depth analysis of the motivations behind the attacks criminals choose to pursue, and the ‘value chain’ illegal organisations have established to expand their reach and maximise profits.

HPE found that the profile of typical cyber attackers - and the interconnected nature of their underground economy - have evolved dramatically in the last several years. Adversaries are increasingly leveraging sophisticated management principles in the creation and expansion of their operations to ultimately increase their impact and financial profits, which are both core motivations for nearly all attack groups today

“Organisations that think of cybersecurity as purely another checkbox to mark often do not leverage the value in high fidelity cybersecurity intelligence,” says Shane Bellos, general manager, Enterprise Security Products, Software, HPE South Pacific. “This report gives us a unique perspective on how our adversaries operate and how we can disrupt them at each step of their criminal value chain.”

The attackers’ ‘Value Chain’

Today’s adversaries often create a formalised operating model and ‘value chain’ that is very similar to legitimate businesses in structure, and delivers greater ROI for the cybercriminal organisation throughout the attack lifecycle. If enterprise-level security leaders, regulators and law enforcement are to disrupt the attackers’ organisation, they must first understand every step in the value chain of this underground economy.

HPE affirms some of the critical elements to the typical attacker’s value chain model include:

  • Human resources management – recruiting, vetting and paying the supporting staff needed to deliver specific attack requirements
  • Operations – the management team that ensures the smooth flow of information and funds throughout the attack cycle
  • Technical development – the frontline workers providing the technical expertise required to perform and given attack
  • Marketing and sales – these teams ensure the attack group’s reputation in the underground marketplace is strong
  • Outbound logistics – both the people and systems responsible for delivering purchased illicit goods to a buyer

“Cybercriminals are highly professional, have robust funding, and are working together to launch concentrated attacks,” says Chris Christiansen, Program Vice President, Security Products and Services, IDC. “The HPE Business of Hacking report offers key insight for legitimate organisations to better disrupt adversaries and mitigate risks by understanding how they are operating and maximising profits.”

Can we disrupt the chain?

HPE recommends a number of approaches for enterprise security professionals to better defend against these organised attackers:

  • Reduce the Profits: Limit the financial rewards adversaries can realise from an attack on the enterprise by implementing end-to-end encryption solutions, such as HPE SecureData. By encrypting data at rest, in motion and in use, the information is rendered useless to the attackers, restricting their ability to sell and reducing profits.
  • Reduce the Target Pool: The expansion of mobile and IoT has dramatically increased the possible attack surface for all enterprises. Organisations must build security into their development processes, and focus on protecting the interactions between data, apps and users regardless of device to better mitigate and disrupt adversary attacks.
  • Learn from the Adversaries: New technologies such as ‘deception grids’ provide methods of trapping, monitoring and learning from attackers as they navigate their way through a realistic duplication of the network. Enterprises can use this information to better protect their real network, disrupt similar attacks before they begin, and slow down the progress of attackers.

To read the full report, click here.

JASK prepares for global rollout of their AI-powered ASOC platform
The JASK ASOC platform automates alert investigations, supposedly freeing the SOC analyst to do what machines can’t. 
Pitfalls to avoid when configuring cloud firewalls
Flexibility and granularity of security controls is good but can still represent a risk for new cloud adopters that don’t recognise some of the configuration pitfalls.
Securing hotel technology to protect customer information
Network security risks increase exponentially as hotels look to incorporate newer technologies to support a range of IoT devices, including smart door locks.
Why total visibility is the key to zero trust
Over time, the basic zero trust model has evolved and matured into what Forrester calls the Zero Trust eXtended (ZTX) Ecosystem.
Gartner names Proofpoint Leader in enterprise information archiving
The report provides a detailed overview of the enterprise information archiving market and evaluates vendors based on completeness of vision and ability to execute.
WatchGuard appoints new channel distributors in A/NZ
The appointments will enable WatchGuard to expand its regional channel reseller footprint.
Tensions on the rise after Huawei CFO arrest
“Recently our corporate CFO, Meng Wanzhou, was provisionally detained by the Canadian authorities on behalf of the United States of America."
Palo Alto Networks integrates RedLock and VM-Series with AWS Security Hub
AWS Security Hub is designed to provide users with a comprehensive view of their high-priority security alerts and compliance status.