If you thought we’d ever catch a break from the onslaught of cyber crime, think again: Cyber criminals never sleep, and Senior Fraud Prevention Strategist Etay Maor of Trusteer, an IBM company, illuminated this reality during his webinar “Cybercrime Threat Landscape: Cyber Criminals Never Sleep.” Maor began his discussion with a bit of humor, demonstrating how a security team operating in isolation is doomed to work-arounds from both the constituency and the adversary with a visual: a security gate on a road with open field on either side. The visual shows tire ruts to the left and right of the gate, illustrating the fact that driving around the gate was just as effective as waiting for it to open. The cyber criminals are hoping that your company’s fraud prevention strategy is exactly like this gate. Why go through it when they can just drive around it?

Crime Pays?

The growth of cyber crime and the ease with which cyber criminal syndicates are creating and proliferating their tools is demonstrative of the maturation of online crime. Criminals have evolved their mechanics to achieve a more holistic view with two end goals: monetization and expansion of capability. Maor shared two specific areas in which this is possible: the online/mobile banking landscape and intellectual property/business data.

In the event of a hack of a consumer’s bank account, current U.S. banking procedures protect the consumer, but should a consumer fall victim to personally providing a wire transfer or similar to the criminal, that money is nonrecoverable. The banking procedures for businesses, however, are not so generous. A loss caused by a compromised infrastructure or an employee hack can be lethal for a small business. One small, rural hospital lost $1.3 million to organized criminals who accessed the 96 separate bank accounts controlled by the hospital. When the criminal was apprehended some time later, he noted that he would have taken more, but he did not have the means to launder or process the funds.

Webinar Replay – Cybercrime Threat Landscape: Cyber Criminals Never Sleep


Phishing is the art of getting someone to do something they may otherwise not have been inclined to do — setting the hook in the phish (the individual user), so to speak. Throughout the webinar, the recurring theme was Defense in Depth with multiple layers and steps. Criminals are working hard to defeat these various levels of defense, but as good as they may be, a robust fraud prevention infrastructure coupled with user education goes a long way toward fraud prevention. Some of the areas worthy of approbation are:

  • External and perimeter defense
    • Anti-virus
    • Sandbox
    • Virtual machines (VMs)
  • Login
    • Credential protection and encryption
    • OTP SMS (One-Time-Password via Short Message System, aka text message)
    • Device ID
  • Internal
    • Behavior-anomaly detection
    • Clickstream analysis

Maor visits cyber neighborhoods that the average user would not be able to begin to navigate. These neighborhoods operate on the unindexed “darknet” of the Internet. There, one can find the bazaars of the cyber criminals that provide stolen data or properties (personal identifying information or credit cards), tools and scripts for use (for a fee) and training sessions on how to use these tools, all created to be engaged when the bait hooks the target phish.

Criminals’ Arsenal

The criminals’ arsenal of tools continues to mature and evolve. They are well aware that more fraud prevention entities are coming online and that more individuals are taking steps to protect their assets. The malicious tools presented during the webinar would induce heart palpitations for even the most seasoned business executives. The tools included: scripts to determine whether malware is detectable by specific anti-virus software, virtual hosting environments from which to launch the criminal activities, spoofing specific device nomenclature to give the “right responses” on what device is trying to access an environment and lessons on behavior.

There is a common misconception that the cyber criminal is simply a “script kiddie” running scripts they bought online. While those who are caught can oftentimes be just that, advanced cyber criminals are well educated, have substantial resources and build tools and capabilities to guarantee their monetary flow for the long term; their investment in behavior-profiling countermeasures is indicative of this. One bank reported 1.5 million accounts were reviewed after 10 million login attempts. The cyber criminals did not attempt to conduct fraudulent behavior on the first login; indeed, they worked to season the account so that it would fall into the middle of the bell curve and not be considered an anomalous account worthy of attention from a fraud prevention specialist.

As we move our banking from our laptops and desktops to our mobile devices, we should be asking, “Did I also migrate all the security protection I had in place on my laptop or desktop to my mobile device?” And for the organizations who are being touched by those mobile devices: Does your fraud prevention solution provide real-time intelligence to the analytic team? Are false positives minimized and the customer experience uninterrupted? When security becomes inconvenient, security becomes nonexistent, since users will quickly seek work-arounds. Thus, a decision must be made: Do you build your own solution or find a partner with experience and capability? The recent “2014 IBM Cyber Security Intelligence Index” indicates that in 2013, there were 91 million events that resulted in 17,000 potentially critical attacks, which IBM’s analysts determined averages out to about 109 security incidents for the average company. How many security incidents did your company have? Would you even know?

The webinar provides food for thought and a great deal of education on the arsenal of options available to those who wish to separate their funds or information from their persons and companies. The Cyber Security Intelligence report makes it very clear that the criminals are not going away. Knowing what you are up against is the first step; doing something about it needs to follow.

Watch the on-demand webinar: Cyber Criminals Never Sleep

Cybercrime Threat Landscape: Cyber Criminals Never Sleep from IBM Security Systems


More from Fraud Protection

New DOJ Team Focuses on Ransomware and Cryptocurrency Crime

While no security officer would rely on this alone, it’s good to know the U.S. Department of Justice is increasing efforts to fight cyber crime. According to a recent address in Munich by Deputy Attorney General Lisa Monaco, new efforts will focus on ransomware and cryptocurrency incidents. This makes sense since the X-Force Threat Intelligence Index 2022 named ransomware as the top attack type in 2021. What exactly is the DOJ doing to improve policing of cryptocurrency and other cyber…

What Are the Biggest Phishing Trends Today?

According to the 2022 X-Force Threat Intelligence Index, phishing was the most common way that cyber criminals got inside an organization. Typically, they do so to launch a much larger attack such as ransomware. The Index also found that phishing was used in 41% of the attacks that X-Force remediated in 2021. That's a 33% increase from 2021. One of the biggest reasons threat actors are increasing phishing attacks is that all it takes is one employee to make a…

Top Security Concerns When Accepting Crypto Payment

From Microsoft to AT&T to Home Depot, more companies are accepting cryptocurrency as a way to pay for products and services. This makes perfect sense as crypto coins are a viable revenue source. Perhaps the time is ripe for businesses to learn how to receive, process and convert crypto payments into fiat currency. Still, many questions remain. How can you safely enable customers to pay with Bitcoin or other digital currency? What are the security risks that come with cryptocurrency? Let’s…

NFT Security Risks: Old Scams and New Tricks

The non-fungible token (NFT) boom has also led to some serious security incidents. For example, the number of suspicious-looking domain registrations with names of NFT stores increased nearly 300% in March 2021. To participate in an NFT marketplace, you must have an active cryptocurrency wallet. This exposes NFT holders to new risks as attackers can find ways into your crypto wallet through your marketplace account. As we’ll see, threat actors have even infiltrated NFT marketplace OpenSea’s Discord server posing as…