Stop, Collaborate and Listen: Disrupting Cybercrime Networks Requires Private-Public Cooperation and Information Sharing


As we reflect on 2022, we’ve seen that malicious actors are constantly coming up with new ways to weaponize technologies at scale to cause more disruption and devastation.

The dangers are showing up everywhere – and more frequently. The volume and variety of threats, including Ransomware-as-a-Service (RaaS) and novel attacks on previously less conventional targets, are of particular concern to CIOs and CISOs.

Increasingly, cybercrime is big business run by highly organized groups rather than individuals. Much like the mythological hydra, cutting off the head of one of these organizations (i.e. just stopping a few low level operators in their tracks) isn’t going to solve the problem; the key is to disrupt the networks themselves. That’s a tall order – one that’s going to require widespread collaboration.

Cybercrime networks and Cybercrime-as-a-Service

We anticipated that in 2022 there would be an increase in pre-attack reconnaissance and weaponization among attackers. This would open the door for the growth of Crime-as-a-Service (CaaS) to accelerate even faster.

That prediction of cybercrime proved to be accurate. The FortiGuard Labs team documented 10,666 new ransomware variations in the first half 2022 compared to just 5,400 in the second half of 2021. That’s an almost 100% increase in the number of new ransomware variants found. The rise in popularity of RaaS on the dark web is the main cause of this sudden increase of new ransomware strains.

RaaS is mostly to blame for the explosive growth in ransomware variants, and ransomware payments are also rising. U.S. financial institutions spent close to $1.2 billion on likely ransomware payments in 2021, according to the Financial Crimes Enforcement Network (FinCEN) of the U.S. Treasury. That was more than double the prior year, and if that trend continues, results from 2022 will be even higher.

Our current predictions indicate that the CaaS market will grow dramatically through 2023 and beyond, with threat actors soon being able to subscribe to new exploits, services and structured programs.

We’re also predicting that threat actors will soon have access to more readymade, “as a service” products. This means even more cybercriminals of all levels will be able to launch more complex attacks without first devoting time and money to creating their own strategy. Additionally, producing and offering “aaS” attack portfolios is a straightforward, efficient, and repeatable way for seasoned hackers to make money, meaning the business model pays. Prepare yourself for an enhanced CaaS catalog to appear in 2023 and beyond as a result.

Collaboration is key

It can’t be emphasized enough: the key to disrupting cybercrime networks is collaboration across the private and public sector. One illustration is what the World Economic Forum’s Partnership Against Cybercrime is doing (PAC). In response to the pandemic’s unparalleled and exponential development in cybercriminal activity, PAC has concentrated on fusing the digital know-how and data of the business sector with the threat information of the government sector to help disrupt cybercrime ecosystems.

It will be simpler to overcome the restrictions that protect hackers if a worldwide strategy and coordinated effort are used to remove communication barriers. It is everyone’s duty to disrupt bad actors and destroy the attack infrastructure, and this calls for solid, reliable partnerships with other organizations. Cybercriminals run their operations like businesses; therefore, the more we can make them rebuild, change their strategies, and start over, the better off digital assets will be.

Not only do we want to stop attacks from happening, but we also want to take down cybercriminals and make them modify how they operate, which costs them effort, time and resources. Sharing actionable threat intelligence among organizations and influencing how cyberthreat mitigation will be done in the future are crucial.

Private-public collaboration in practice  

An example of how this kind of collaboration can be used to disrupt cybercrime networks is the recent African Cyber Surge Operation. The collaboration between INTERPOL, FortiGuard Labs and other INTERPOL private partners resulted in the successful Cyber Surge operation and the dissemination of intel to several law enforcement organizations in the Africa region.

Partners such as FortiGuard Labs offered actionable threat intelligence based on infrastructure research of malware, botnets and command and control (C2), including C2 and malware victims across Africa. The Africa Cyber Surge Operation, which began in July 2022, has brought together law enforcement (LE) officers from 27 nations. They collaborated for almost four months on actionable intelligence provided by INTERPOL private partners.

Through a coordinated effort between INTERPOL, AFRIPOL and the participating nations, this operation targeted both cybercriminals and compromised network infrastructure in Africa. Member nations were able to identify more than 1,000 malicious IP addresses, dark web marketplaces and specific attackers.

The Africa Cyber Surge Operation is a great example of how joint operations and sharing threat intelligence on threat actors among reliable partners can increase an entire region’s cyber resilience. It also demonstrates the need of cybersecurity education and training in bridging the cyberskills gap and effectively combating cybercrime on a large scale.

Collaboration is the key

No one combatting cybercrime knows everything, but everyone in the battle has some intelligence to contribute to the larger knowledge base. Just as cybercrime networks are getting stronger and larger, so too must collaborative strategies between private companies and law enforcement agencies. Disrupting cybercrime networks is going to take collaboration on a large scale.

The post Stop, Collaborate and Listen: Disrupting Cybercrime Networks Requires Private-Public Cooperation and Information Sharing appeared first on SecurityWeek.