Once Purely Malicious, Cybercrime Is Now Big Business

How hackers—and their methods—are getting more sophisticated

By Minda Zetlin

Winter 2018

There’s a reason cyberattacks and data theft are so much greater a threat than they were a few years ago: Cybercrime has become very lucrative. Picture a cybercriminal and you might imagine a nefarious figure in a hoody, hunched over a bank of computers in a basement somewhere. But these days it might instead be a multimillionaire relaxing in a mountaintop villa purchased with the proceeds of his ill deeds.

“We used to have impersonal attacks, not necessarily targeted and not necessarily sophisticated,” says Troy Kitch, senior director of Oracle cloud security. “Over time, they’ve become more sophisticated and more targeted.” Both nations and individuals have learned how to attack organizations, he says, and there are real incentives to do so. “There’s this underground economy that thrives on data breaches and selling information.” And where data theft was once limited to those with the sophisticated knowledge of how to pull it off, these days anyone who wants to can simply purchase on the black market tools to do so and then earn back that investment by selling the stolen data.

And if today’s enterprises can benefit from automation, so can cybercriminals. “The new wave of security attacks are different from the way they were carried out in the past,” says Adina Simu, vice president of product management, Oracle CASB Cloud Service.

“They are no longer carried out by humans; they are carried out by bots, hijacked devices that start attacking other sites and other organizations. These attacks are no longer within the network perimeter of the enterprise—in many cases they’re outside in your DNS [Domain Name System] service or your cloud provider or your public- facing application.

And they’re not static: someone could penetrate some of your defenses and then lie low waiting for the right opportunity to move laterally and steal credentials.” In fact, many attacks these days begin with the theft of credentials, with miscreants then using those credentials to steal data, hijack devices, or install ransomware.

This is why most security experts recommend assuming that your organization’s defenses will be breached at some point, and it’s why they emphasize the importance of having visibility into both your data and your users, as well as having an automated way to immediately remediate security breaches.

“The most secure companies in the world are getting attacked. It’s a continual thing,” Kitch says. “As organizations, we have not done enough to address these threats. A lot of people think, ‘I’m secure today; therefore I’ll be secure tomorrow.’ But as security threats shift, that isn’t necessarily true.”

Action Items

Protective Measures

Modernize Your Security Operations Center

Illustration by Wes Rowell, photography by Shutterstock