Cybercrime: The ‘High Seas’ of the 21st Century?

Throughout history there have been people willing to steal from others who transport goods on water. These people, known as pirates, mainly targeted ships, though some also launched attacks on coastal towns.  

Many of the most famous pirates had a terrifying reputation, which they advertised by flying gruesome flags. Captives were famously made to ‘walk the plank’ – though this doesn’t appear to have been as common in reality as in fiction; in fact, it’s likely that most victims of piracy were just thrown overboard.  

The pirate “brand” has long been tied to the skull and crossbones or “Jolly Roger” as a symbol of terror on the high seas. A 2011 article in The New York Times hails the ominous design as an outstanding exercise in collective hybrid branding, noting that economics drove pirates to adopt a version of this particular symbol to advertise their intent to plunder. 

Thousands of buccaneers were active in the 17th and 18th Centuries, during what was known as the ‘Golden Age’ of piracy. Famous pirates from this period include Henry Morgan, William ‘Captain’ Kidd, ‘Calico’ Jack Rackham, and the fearsome Blackbeard – Edward Teach. Though this Golden Age came to an end in the 18th century, piracy still exists today in some parts of the world, especially the South China Seas.  

Back to the Current Day  

The scourge of piracy in its maritime form may be largely gone, but new opportunities for profitable criminal enterprise spring up quickly to take advantage wherever there is money to be made. The internet and technology advances have opened us all up to the threats of cyber criminals. In some respects, we are entering a new criminal golden age – of Cybercrime. Beyond the obvious massive increase in media coverage driven by the sheer volume of cyber-attacks and the visibility associated with high profile targets, the entry of cybercriminal into the mainstream consciousness has seen them become part of the Hollywood set. You cannot be a serious movie villain these days without being a highly capable cybercriminal as well! 

State of Cybercriminal Enterprises 

Just like the Corsairs of yesteryear, todays cybercriminals know the value of good branding. These organization have dedicated PR pages to share their latest victims and trade under threatening names such as Ghostwriter, Darkside, REvil, Nobelium, Sekhmet, Ragnar and many more. Not surprisingly, they are making good use of well-established branding with the skull and crossbones being a popular choice to announce their presence in your network. 

Ransomware franchises are a lot like any other business. Their language is surprisingly business-like – affiliates, ecosystem, franchises, outsourcing, contractors. Although there is a substantial geographic aspect to partnerships, they operate in a complex criminal ecosystem with a high degree of collaboration. The tradecraft of cybercriminals has grown substantially, incentivized by victims willing to pay. The scale of these operations is not widely known, but some of these organizations have staff numbers in the hundreds to thousands. 

Ransomware has scored some notable wins in recent time – we are all aware of the impacts closer to home with both the HSE and NUI Galway falling victim. There have also been some attacks at scale that redefine the threat – the Kaseya attack (Kaseya is a global IT infrastructure provider) impacted 1,500 companies and REvil demanded ransom payments from all of them as well as Kaseya. The latest prediction is that global ransomware damage costs will reach $20 billion this year – 57 times more than in 2015. This makes ransomware the fastest growing type of cybercrime. 

A War of Creativity and Values 

How does cybercrime become someone’s job? The motivations can be difficult to untangle. When we consider the data there is a close correlation between economic need and cybercrime. In other words, if you are poor, well-educated and living in certain places there is a higher likelihood you will end up working as a cybercriminal. It is important to note that there is cybercrime activity everywhere and every country is unwittingly host to some activity in this space. According to Europol, whilst Russia and China are top of the leader board, the US, UK and Germany and others are also host to thriving digital undergrounds that originate many types of malicious operations. 

The human cost of cybercrime has become startlingly apparent to everyone as demonstrated by attacks on healthcare, physical infrastructure and education this year. When a doctor cannot access patient records there is a real impact on healthcare outcomes. When physical infrastructure such as an oil pipeline is hit causing tailbacks at petrol pumps, things are getting real.  

None of this has particularly deterred cybercriminals and if anything, these areas are a primary target for precisely that reason. It is easy to rationalise paying a ransom when lives are at stake. 

How will it play out? 

Just as piracy on the high seas from the days of old has continued for many decades, we can expect that cybercrime will be with us for some time. The opportunities for modern day cybercriminals and the ease with which they can take advantage of this form of crime offer a very compelling incentive.   

Governments are moving to take measures to reduce the attractiveness of ransomware attacks. Most notably the US government is planning a ban on ransomware payments. Thirty nations recently participated in a two-day virtual summit to join forces and increase collaboration in addressing the scourge of cybercrime. 

The other key trend, less visible to us all but a major factor in the coming century, is cyber-warfare – essentially moving the battlefield for geo-political interests to the internet. Several countries are actively investing in their cyber-warfare divisions, scaling their operations and are very focused on how to deliver real destructive impact to global competitors.  

Geo-political changes are themselves a major factor. The recent withdrawal of the US from Afghanistan is a good example as it has likely created a new state actor / safe haven for cybercrime. On a positive note, relative safe havens such as Bulgaria and Ukraine are moving towards closer international collaboration. 

There is a blurring of motives between financially motivated and state sponsored cybercriminals that is driving increased risk as cross pollination of technology and commodified ransomware as a service really amplify the threat for all. There is very little stopping a skilled government operative deciding to throw in their lot with a cybercrime organization, especially when the rewards are likely a lot higher than their salary. 

What does the next generation of threat look like? 

It is already here – Deepfake technology has already been used to clone a CEO or company director’s voice to enable major robberies. It sounds like science fiction or a great bank heist movie, but that reality is already here today. The technology and sophistication of cybercriminals is moving fast. That being said, many of the older, proven techniques for ransomware attacks, exploiting older software versions and the trusting nature of people are still so effective that they are certain to continue.  

What can you do? 

When it comes to prevention of a cyberattack, good execution of the basics goes a long way. Keeping software up to date makes a huge difference to your risk levels. Using strong authentication such as MFA (multi-factor authentication) on your personal and work applications is very effective. Raising awareness in your organization on phishing and other social engineering attacks is critical. Having a tested backup strategy for data will allow you to get back on your feet quickly if the worst comes to the worst. Most important is recognising that the threat is real – and investing accordingly.  

What is the endgame? 

So how did the original golden age of piracy come to an end, and what does it tell us about our current predicament with Cybercrime? In the 1720s, political stability as a result of the Treaty of Utrecht (for the history buffs) turned many countries focus towards dealing with the menace of piracy. Combined with the disappearance of their traditional safe havens in the Caribbean, this brought the age of piracy to a swift end. What can we learn from this? Put simply, as long as safe havens exist for cyber criminals to operate effectively without constraint, and the rewards outweigh the risks, they will be with us for some time. On a more positive note, the investments that governments are making into cyber-security defences combined with ongoing innovations in the private sector and generally raised awareness of the threats should help to manage things to a less daunting place. Forecasting the future of cyber-crime is challenging, but one thing in certain – we are not at the peak and it will be around for some time to come.