One area that is growing rapidly is ransomware. “In the criminal ecosystem, the return on investment is much higher if you can get your victims to pay for their own data,” said Jens Monrad, a global threat researcher who works with FireEye.
But basic IT security is often enough to keep these types of criminals at bay. Encrypting data, using antivirus technology and installing the latest updates means “being in pretty good shape,” says Emm.
“ The 21st century digital criminal is best described as a ruthlessly efficient entrepreneur or CEO operating in a highly sophisticated and rapidly evolving black market... This is a CEO unfettered by regulators and morals,” warns a recent report by KPMG and BT, “Taking the Offensive.”
Such groups are loosely organized and may employ macedonia mobile database contractors. Some will be experts in developing hacking tools and finding vulnerabilities, others will carry out the attack, and others will launder the money. At the center of the web is a cybercrime boss who comes up with ideas, defines targets, and maintains contacts.
These groups have the ability to carry out attacks against banks, law firms, and other large companies. They can commit fraud on behalf of a CEO, or simply steal important files and offer to ransom them (or sell them to unscrupulous competitors).
According to the 2015 Internet Organised Crime Threat Assessment by the EU police service Europol, the tools and technologies of organised crime and state-sponsored hackers now overlap, with “both categories using social engineering, tailored malware and open-source crimeware.” Organised cybercrime groups are also increasingly carrying out long-term, targeted attacks rather than random, non-targeted campaigns, Europol reports.
When governments use a technology, it usually ends up in the hands of serious organized criminals within 18 to 24 months. “One of the challenges for the average company is that the adversary is becoming more sophisticated because they can access more technology than they could in the past,” said George Quigley, a partner in KPMG’s cybersecurity practice.