THE BLOG

100 Mr Big's Control Cybercrime

20/10/2014 15:11 BST | Updated 19/12/2014 10:59 GMT

Many people will have seen the surprising announcement from Europol's Cybercrime Centre the other week that there are only "around 100" cybercriminal kingpins behind global cybercrime.

While I wouldn't want to speculate on if this number is correct or not, I do agree that such is the industrialisation of cybercrime today faced by businesses, governments and consumers, that relatively small numbers of common exploits and cybercrime tools are widely used by the professional gangs operating around the world.

Indeed Cisco's own Mid Year Security Report suggested the number of exploit kits had dropped by 87 percent since the alleged creator of the widely popular Blackhole exploit kit was arrested in 2013. That just shows how widely used that one particular kit was used by the cybercrime community.

We know that today's cybercriminal gangs are so well organized that often they buy "off the shelf" exploit kits and software that they use to carry out their activities. Often this software comes with manuals, 24/7 tech support and even in extreme cases advertising! They also make use of the Internet to gather a "distribution" network that is right around the world to deliver their attacks, either physically or online via botnets.

As Europol suggests, these kits and malware are often developed by very few people but they are so sophisticated that with only a little effort they can be modified and reused time and time again depending on the cybercriminal's target.

What has been clear for some years to those of us in cyber security is that cybercriminals are well motivated, well equipped and well skilled to make huge amounts of money through their illegal activities.

But if these tools are so common and widely used, why is it that companies cannot prevent them exploiting their networks and PCs?

Well part of the reason is that the criminals stay ahead of the defenders by bringing out new variants of their exploit kits as security experts find ways to block it. This 'arms race' between good and evil is constantly ongoing and we know that many cybercrime gangs will buy security software and test their exploits to see if they are stopped by it, and if it doesn't, they release a new version of the exploit to the cybercrime community.

But one of the most important steps that businesses and indeed consumers need to take is to ensure that their security is up-to-date and has the very latest signatures, protections and solutions available. It always alarms me how many companies fail to ensure that all their assets are secured with the latest information. And while many criminal attacks are targeted at certain organisations; we know that a lot of them are less targeted but often get through because of poor patching or updating of signatures or protections in products.

Also organisations must ensure their security solutions don't rely exclusively on defending the endpoint, but also are able to view potentially malicious activity across their whole network - wherever threats may manifest themselves. We know that eventually you will be compromised by Mr Big, but how quickly you know that and deal with that will determine how much damage to business operations and reputation is done.