Cybercriminal Networks: As Bad Guys Band Together, Shouldn’t Businesses?
Posted December 13, 2018
As businesses in the digital economy have evolved and hardened defenses, the lone wolves and cyber gangs who once defined the world of cybercrime haven’t exactly been sitting still either. They’ve gone corporate.
What were once techniques and tactics reserved for national espionage agencies have been adopted and deployed by increasingly networked, professionally organized cybercriminal operations.
With the same technologies and organizational structures seen in any modern business, these groups routinely buy, trade, and augment stolen identity data to perpetrate increasingly automated and ever-more daring, large-scale attacks—sometimes in alliance with rogue nation states.
The theft of 31 terabytes of intellectual property worth an estimated $3 billion from 144 US universities, 47 private companies and other targets around the world earlier this year? Reportedly the work of a hacker group with ties to Iran’s Islamic Revolutionary Guard.
The cyberattacks that penetrated the defenses of 100 banks in 40 nations and stole $1.2 billion in the largest bank heist ever? Run by the so-called Carbanak group, an international network of cyberthieves that continues to plunder financial institutions worldwide.
As the volume, frequency and efficacy of cyberattacks continue to escalate, it’s increasingly clear that Cybercrime Inc, is growing more global, and more networked, by the day. It’s also becoming more profitable. Conservative estimates of annual cybercrime revenues worldwide now easily top $1.5 trillion. As Information Age reported earlier this year, “If cybercrime was a country, it would have the 13th highest GDP in the world.”
With such formidable adversaries joining forces, new questions arise: Why would any business want to face these cybercriminal networks alone? If even cybercriminals recognize the strength in numbers, shouldn’t you?
At ThreatMetrix, we’re accustomed to the notion that it takes a network to fight a network—that there’s power in sharing intelligence on cyber threats at global scale. It’s a truth our clients long ago came to appreciate. And there are signs others are beginning to catch on, too.
The travel industry, financial services and manufacturing have all seen the emergence of industry-specific consortiums that enable member businesses to share data on the cyberattacks they experience so that the others can more readily identify fraudsters and how to stop them.
I applaud these and other efforts, as they are certainly steps in the right direction. But I’d also encourage organizations to think bigger. Much bigger.
At ThreatMetrix, our technology is informed by roughly 110 million digital transactions each day. Data from these events is anonymized and shared among more than 165,000 websites and apps in numerous industries, everywhere around the world, on the ThreatMetrix Digital Identity Network.
By leveraging an Internet-scale dataset drawn from trusted sources, ThreatMetrix is able to recognize when someone attempting to log into a site, app, or Internet-facing system is truly who they purport to be—or a fraudster wielding stolen usernames, passwords or other identity information.
In fact, of the roughly 3.5 billion people transacting on the Internet, ThreatMetrix knows something about more than 1.4 billion of them. By understanding how people transact across websites and apps using their devices, locations, and non-regulated online and offline information, we effectively connect the dots to create one unique digital identity for each individual that is dynamic and can’t be faked.
These identities are then used by businesses across industries and geographies to instantly and transparently validate the multitude of trust decisions they make at the point of each digital transaction. All of our customers automatically benefit from each customer experience with any given digital identity.
Do I accept this new application? Do I allow this user to sign in? Is this a legitimate payment? All of these and so many other decisions are powered by this customer augmented globally connected network.
The Power of Networked Eyes
All of these factors got me thinking about a quote I recently came across about networking and business. It reads, “Instead of giving you better glasses, your network gives you better eyes.”
Now, this quote was obviously referring to offline networking of the old fashioned, face-to-face variety. But there’s clearly a digital corollary.
In the digital economy, sharing trust data with other businesses means everyone gains an unprecedented level of visibility into the identity of the people they transact with, and a heightened ability to keep fraudsters at bay. As one of our customers recently said to me “The one thing we can all agree on is to our shared commitment to make the internet a safer place to do business”.
By doing so, all businesses in the digital economy gain the upper hand against networked cybercriminal organizations that find themselves outnumbered, outgunned, and outmaneuvered if businesses band together at global scale.
Isn’t it time you teamed up to stop the bad guys, too?
To learn more about harnessing the power of global shared threat intelligence can help you distinguish fraudsters from customers, download the ThreatMetrix Digital Identity Network solution brief.