If you thought we’d ever catch a break from the onslaught of cyber crime, think again: Cyber criminals never sleep, and Senior Fraud Prevention Strategist Etay Maor of Trusteer, an IBM company, illuminated this reality during his webinar “Cybercrime Threat Landscape: Cyber Criminals Never Sleep.” Maor began his discussion with a bit of humor, demonstrating how a security team operating in isolation is doomed to work-arounds from both the constituency and the adversary with a visual: a security gate on a road with open field on either side. The visual shows tire ruts to the left and right of the gate, illustrating the fact that driving around the gate was just as effective as waiting for it to open. The cyber criminals are hoping that your company’s fraud prevention strategy is exactly like this gate. Why go through it when they can just drive around it?

Crime Pays?

The growth of cyber crime and the ease with which cyber criminal syndicates are creating and proliferating their tools is demonstrative of the maturation of online crime. Criminals have evolved their mechanics to achieve a more holistic view with two end goals: monetization and expansion of capability. Maor shared two specific areas in which this is possible: the online/mobile banking landscape and intellectual property/business data.

In the event of a hack of a consumer’s bank account, current U.S. banking procedures protect the consumer, but should a consumer fall victim to personally providing a wire transfer or similar to the criminal, that money is nonrecoverable. The banking procedures for businesses, however, are not so generous. A loss caused by a compromised infrastructure or an employee hack can be lethal for a small business. One small, rural hospital lost $1.3 million to organized criminals who accessed the 96 separate bank accounts controlled by the hospital. When the criminal was apprehended some time later, he noted that he would have taken more, but he did not have the means to launder or process the funds.

Webinar Replay – Cybercrime Threat Landscape: Cyber Criminals Never Sleep


Phishing is the art of getting someone to do something they may otherwise not have been inclined to do — setting the hook in the phish (the individual user), so to speak. Throughout the webinar, the recurring theme was Defense in Depth with multiple layers and steps. Criminals are working hard to defeat these various levels of defense, but as good as they may be, a robust fraud prevention infrastructure coupled with user education goes a long way toward fraud prevention. Some of the areas worthy of approbation are:

  • External and perimeter defense
    • Anti-virus
    • Sandbox
    • Virtual machines (VMs)
  • Login
    • Credential protection and encryption
    • OTP SMS (One-Time-Password via Short Message System, aka text message)
    • Device ID
  • Internal
    • Behavior-anomaly detection
    • Clickstream analysis

Maor visits cyber neighborhoods that the average user would not be able to begin to navigate. These neighborhoods operate on the unindexed “darknet” of the Internet. There, one can find the bazaars of the cyber criminals that provide stolen data or properties (personal identifying information or credit cards), tools and scripts for use (for a fee) and training sessions on how to use these tools, all created to be engaged when the bait hooks the target phish.

Criminals’ Arsenal

The criminals’ arsenal of tools continues to mature and evolve. They are well aware that more fraud prevention entities are coming online and that more individuals are taking steps to protect their assets. The malicious tools presented during the webinar would induce heart palpitations for even the most seasoned business executives. The tools included: scripts to determine whether malware is detectable by specific anti-virus software, virtual hosting environments from which to launch the criminal activities, spoofing specific device nomenclature to give the “right responses” on what device is trying to access an environment and lessons on behavior.

There is a common misconception that the cyber criminal is simply a “script kiddie” running scripts they bought online. While those who are caught can oftentimes be just that, advanced cyber criminals are well educated, have substantial resources and build tools and capabilities to guarantee their monetary flow for the long term; their investment in behavior-profiling countermeasures is indicative of this. One bank reported 1.5 million accounts were reviewed after 10 million login attempts. The cyber criminals did not attempt to conduct fraudulent behavior on the first login; indeed, they worked to season the account so that it would fall into the middle of the bell curve and not be considered an anomalous account worthy of attention from a fraud prevention specialist.

As we move our banking from our laptops and desktops to our mobile devices, we should be asking, “Did I also migrate all the security protection I had in place on my laptop or desktop to my mobile device?” And for the organizations who are being touched by those mobile devices: Does your fraud prevention solution provide real-time intelligence to the analytic team? Are false positives minimized and the customer experience uninterrupted? When security becomes inconvenient, security becomes nonexistent, since users will quickly seek work-arounds. Thus, a decision must be made: Do you build your own solution or find a partner with experience and capability? The recent “2014 IBM Cyber Security Intelligence Index” indicates that in 2013, there were 91 million events that resulted in 17,000 potentially critical attacks, which IBM’s analysts determined averages out to about 109 security incidents for the average company. How many security incidents did your company have? Would you even know?

The webinar provides food for thought and a great deal of education on the arsenal of options available to those who wish to separate their funds or information from their persons and companies. The Cyber Security Intelligence report makes it very clear that the criminals are not going away. Knowing what you are up against is the first step; doing something about it needs to follow.

Watch the on-demand webinar: Cyber Criminals Never Sleep

Cybercrime Threat Landscape: Cyber Criminals Never Sleep from IBM Security Systems


More from Fraud Protection

Kronos Malware Reemerges with Increased Functionality

The Evolution of Kronos Malware The Kronos malware is believed to have originated from the leaked source code of the Zeus malware, which was sold on the Russian underground in 2011. Kronos continued to evolve and a new variant of Kronos emerged in 2014 and was reportedly sold on the darknet for approximately $7,000. Kronos is typically used to download other malware and has historically been used by threat actors to deliver different types of malware to victims. After remaining…

How Security Teams Combat Disinformation and Misinformation

“A lie can travel halfway around the world while the truth is still putting on its shoes.” That popular quote is often attributed to Mark Twain. But since we're talking about misinformation and disinformation, you’ll be unsurprised to learn Twain never said that at all. In fact, no one knows who first strung those words together, but the idea that truth spreads slowly while lies spread quickly is at least several hundred years old. The “Twain” quote also serves to…

A View Into Web(View) Attacks in Android

James Kilner contributed to the technical editing of this blog. Nethanella Messer, Segev Fogel, Or Ben Nun and Liran Tiebloom contributed to the blog. Although in the PC realm it is common to see financial malware used in web attacks to commit fraud, in Android-based financial malware this is a new trend. Traditionally, financial malware in Android uses overlay techniques to steal victims’ credentials. In 2022, IBM Security Trusteer researchers discovered a new trend in financial mobile malware that targets…

New DOJ Team Focuses on Ransomware and Cryptocurrency Crime

While no security officer would rely on this alone, it’s good to know the U.S. Department of Justice is increasing efforts to fight cyber crime. According to a recent address in Munich by Deputy Attorney General Lisa Monaco, new efforts will focus on ransomware and cryptocurrency incidents. This makes sense since the X-Force Threat Intelligence Index 2022 named ransomware as the top attack type in 2021. What exactly is the DOJ doing to improve policing of cryptocurrency and other cyber…