Cybercriminalité, fonctionnement
Financial losses from cyber attacks increased by 28% between 2014 and 2015 for French businesses. Statistics on the evolution of the cybercrime industry are clear and unambiguous: the attackers are making more and more money from their operations. Furthermore, the cybercrime industry is becoming an increasingly professional marketplace. Why and how are cybercriminal networks enjoying such success?

Fantasies about cybercriminals: obstacles to overcome for cybersecurity

The collective image that people have of cybersecurity is based on two caricatures. On the one hand, the young student “geek”, seen as an IT genius pirating bank cards in between two games of World of Warcraft. On the other hand, the masked web avengers known as Anonymous, an online community brought together to fulfil the common objective of  shaking up governmental foundations.

Yet it is precisely in the middle of these two totems that organized cybercriminals operate, hiding behind these two stereotypes to wreak havoc on businesses; extortion of SME’s and hacking industrial organizations, for example.

A study undertaken by the CAS (Centre d’Analyse Stratégique or French Strategic Analysis Centre) says these fantasies are clouding our judgement. It highlights the fact that only 30% of the French management executives in large companies consider cyberattacks to be a major threat. Too many entrepreneurs still have a biased perception of the danger posed by cyberattacks, believing that their companies are of little interest to hackers. Therefore, cyberattacks continue to remain an elusive concept in their eyes. And yet hackers choose to attack all types of businesses, without making a distinction of size, type, age, etc.

What is perverse about these virtual threats is that they seem intangible and elusive to those that do not have a system in place that is capable of monitoring IT systems and detecting a threat. But an attack comes at a cost: In 2014 in France it was estimated that the average cost of resolving a cyberattack for a large business was 531,533 euros. This staggering figure was almost entirely attributed to the time spent by businesses detecting the attack. The neutralisation of a cyberattack requires rapid detection and having the appropriate tools in place. This is particularly the case as attacks no longer concentrate solely on bank accounts, credit card data and client databases. With the emergence of the concept of the Factory of the Future, manufacturing tools now are at risk from a new threat: material destruction. This was the case in the attack on the German steelworks in 2014.

Businesses face threat from cybercrime networks… working as businesses

Hackers have raised the bar regarding the professionalism of their activities so as to optimise their customer base and the quality of their services. Well oiled hierarchical and structured businesses operating on classic business models are appearing on the darknet and its blackmarket. This dedicated zone not only allows cybercriminals to promote their services, it also allows them to use the services of the other hackers and to work hand in hand in partnerships on certain operations. The cybercrime network enables you to choose partners according to their specific skill set.

  • Malware authors develop highly sophisticated malicious programs;
  • Partners circulate and broadcast false advertising;
  • Mule recruiters look to employ people as willing accomplices for fraud inside their company (When a large French cybercrime network was shut down, the key roles played by corrupt agents in mobile phone companies were discovered as part of a fraud scam generating several million euros.);
  • Tool suppliers making software and other tools for sending spam and malware are available;
  • Bot creators and exploit writers can also be sourced;
  • All of these players and skill sets complement each other and expand on their traditional field of action.

Prices for phishing kits start at just 20 euros

The professional cybercrime industry lures in its clients with its attractive offerings. It provides easy access to the darknet, a growing range of services and an ever improving professionalism (these days an after sales service/support is systematically provided). But what is most attractive is the ratio it provides between investment and the return on investment regarding the potential damage which can be caused by such services. The cost of services have been found to be surprisingly low according to a study undertaken on the black market. It costs just 20 euros for a phishing kit, 70 euros for malware installations and 100 euros for a DDoS attack. For a very affordable budget, cyberattacks can cause destructive harm and generate hefty expenses for targeted businesses.

  • Loss of turnover due to suspended activity;
  • IT network repairs;
  • Data recovery;
  • Damaged reputation due to a data breach;
  • Potential ransom (in the case of an Australian clinic, attackers demanded 4000$ in exchange for the recovery of their patient’s data);

Although sponsors are satisfied that the services meet their needs, the real winners here are the cybercriminals who are paid for their services.

How much do cybercriminals earn?

It is difficult to estimate a hacker’s income due to the fact that their activities are so diverse – and not really publicized. Trustwave claims spammers can earn up to 90,000 euros a month. A study undertaken by Kaspersky Lab looked at revenues earned from some of the most common malicious software available, basing its research on the premise that the malicious software targeted around 100 victims. They suggest that a phishing page or a spam mail costs 120 euros and can exploited on the markets for 8,000 euros. A Trojan horse costs around 800 euros on the darknet and can be sold for up to 16,000 euros. Ransomware can bring in a similar price, while costing just 1,600 euros. Finally, the Banker Trojan is the most expensive purchase but also potentially the most profitable. For an investment of 2,400 euros, it can bring in the jackpot sum of 58,000 euros. Profit levels like these attract interest across the field.

An important study undertaken by Hamilton Place Strategies in 2016 estimates the cost of cyber security worldwide to be as much as 450 billion euros. Today this figure has certainly increased. If the government is now beginning to become more aware of the urgency of the situation and the growing threat it presents, businesses must take it upon themselves to reinforce protection. Stakeholders working in the cybersecurity industry, for businesses ranging from family businesses to multinational bodies, must evolve to combat cybercrime networks continually evolving in their professionalism and organizational capabilities.

The industrial Internet is increasingly exposed to cyberattacks. This fast-evolving industry provides new opportunities to cybercriminals thanks to the proliferation of connected devices and other sensors. Industrial players must become more professional in their cybersecurity management through the use of technologies, practices, processes and skills to ensure better protection of their assets from cyber attacks.