I am beginning a series of articles discussing the threats to companies through employees working remotely. Ultimately, cyber criminals are working to monetize their efforts. There are three dominate business models in use today by cyber-criminals that drive their behavior. The business models are employee impersonation, data theft and denial of service attacks. This article discusses these business models to gain an understanding of the “why” behind cyber criminals.
Most cyber criminals will employ one business model for their criminal enterprise. For example, we have not seen evidence of cyber criminals doing Ransomware exploits stealing company data or employee credentials. Likewise cyber-criminals using impersonation for their exploits rarely steal company data or perform denial of service exploits. Cyber criminals stealing company data, like the recent Capital One breach, may use impersonation tools to gain access to company data stores where they make off with troves of valuable data.
Impersonation exploits take two forms. One form of impersonation uses a set of stolen credentials to become the employee for the sake of transacting personal business as the employee. Examples of these types of attacks include credit card charges, diversion of pay checks to criminal bank accounts, long distance charges and health insurance theft. The second type of impersonation that has recently become an issue is a cyber-criminal impersonating an employee for the purpose of diverting company financial transactions. By monitoring a compromised employee’s communication silently, a cyber-criminal can intercept and divert financial transactions. IT industry publications have documented diversion of wire transfers from an intended financial institution to a cyber-criminal’s bank account. This is a particular problem in Real Estate transactions where large sums are wired between banks. The cyber-criminals monitization of this exploit is straight forward, they divert and get the cash.
Some of the biggest headlines talk about the theft of Personal Identifiable Information (PII). PII often includes social security numbers, birthdays, health insurance policy numbers, addresses, credit card number and bank account information. The recent Capital One exploit illustrates an exploit of company data. Cyber-criminals monetize data theft in two ways. One method is to actively use the data to impersonate a consumer to use the consumer’s credit to purchase items or establish credit lines that can be used to generate cash. The second method for monetizing data theft is the sale of the data. Cyber-criminals have a Google of sorts for stolen consumer PII. The fresher the PII, the more it is worth. The 110 million consumer PII records stolen from Capital One would be worth millions on the consumer data resale market.
The final prevalent cyber-crime business model is a denial of service attack.The type receiving the most press today is Ransomware. By encrypting a company’s data, the cyber-criminals are able to demand payment in bitcoin for the decryption keys and decryption software to return access to the data. When combined with an attack that turns employee computers to zombie computers, as was experienced by Sony, the attack is particularly paralyzing to a business. The criminals monetize the denial of service attack by seeking payment in bitcoin that is easily convertible to dollars or other local currencies.
The business models of cyber-criminals are constantly evolving and growing to turn technology into cash for their efforts. Upcoming articles will focus on the specific threats facing companies that have remote employees.
Click HERE for more information.