Complex Made Simple

Hackers for hire costing business millions and helping keep cybersecurity unemployment at 0%

Cybercrime has quickly become today’s fastest-growing form of criminal activity. Hackers are so good and costly to businesses, that these same businesses are hiring them

Digital incidents are now costing businesses of all sizes $200,000 on average Criminals use the Darknet to buy and sell products and information but to also enlist “Hackers for Hire”. 78% of hackers used their hacking experience to help them find or better compete for a career opportunity

According to research group Cybersecurity Ventures, cybercrime will cost the global economy $6 trillion annually by 2021, up from $3 trillion in 2015.

In an age of ongoing digital transformation, cybercrime has quickly become today’s fastest-growing form of criminal activity, ranging from ransomware and data leaks to commercial espionage.  

With 43% of online attacks now aimed at small businesses where only 14% prepared to defend themselves, owners are increasingly making high-tech security a top priority.

Digital incidents are now costing businesses of all sizes $200,000 on average, and around 60% go out of business within six months of being victimized.  

The UAE is no sitting duck

During Q1 2020, the United Arab Emirates (UAE) was subjected to more than 3000 COVID-19 related cyberattacks.

The UAE continues to be an attractive target. The average cost of data breaches in the UAE and Saudi Arabia was $5.9 million in 2019, a 12.4% year-on-year increase, according to a report by IBM Security, second only to the US, which has the highest total average cost per data breach of $8.19 mn.

In a bid to protect the country’s IT infrastructure from risks and violations, the UAE’s National Computer Emergency Response Team was established.

As part of the Telecommunications Regulatory Authority (TRA), the body responded to around 34,000 cyber-attacks on federal entities last April, ranging from malware to phishing.

Read: New cyber threats emerge as dark web price tags for corporate network access rise

Hackers for hire

Criminals use the Darknet to buy and sell products and information but to also enlist “Hackers for Hire”.

A hacker-for-hire scheme that targeted hundreds of organizations and thousands of individuals across North America and five other continents involves clients that paid a group of perpetrators to phish and hack their way across an amazing array of industry verticals like banking, education, energy, law, media, government, and more.

The University of Toronto’s Citizen Lab uncovered the campaign and dubbed it “Dark Basin” and said the company at the center of the “Dark Basin” attacks was BellTroX InfoTech Services, an IT and IT security firm based in Delhi, India. 

The company’s tagline is “You desire, We do!”  

Source for Belltrox addressBad hackers turned good

In 2011, Facebook welcomed 21-year-old George Hotz onto its development team. Hotz had been involved in a months-long court battle against Sony because he had hacked into the company’s Playstation 3 platform.

PC Mag listed other black hat hackers whose unlawful exploits landed them jobs at top companies. 

The rationale for hiring criminal hackers is based on the thinking that, ‘It takes a thief to catch a thief’.

The cybersecurity unemployment rate is 0% and is projected to remain there through 2021. 

The hacker community nearly doubled last year to more than 600,000 and growing. 78% of hackers used their hacking experience to help them find or better compete for a career opportunity. They earned approximately $40 million in bounties in 2019 alone, and $82 million cumulatively. 

Read: The very latest ways your phone can be hacked: Seriously?

Prolific cyber attacks

Kaspersky researchers have published a detailed overview of DeathStalker, a ‘mercenary’ advanced persistent threat (APT) group that has been leveraging efficient espionage attacks on small and medium-sized firms in the financial sector since at least 2012.  

DeathStalker is a unique threat group that mainly focuses on cyber-espionage against law firms and organizations in the financial sector.  

The threat actors’ tactics, techniques, and procedures rely on tailored spear-phishing e-mails to deliver archives containing malicious files. 

DeathStalker activity has been detected in Argentina, China, Cyprus, Lebanon, Switzerland, Taiwan, Turkey, the United Kingdom, and the UAE.  

Detailed information on Indicators of Compromise related to this group, including file hashes and C2 servers, can be accessed via the Kaspersky Threat Intelligence Portal.

16 Eye-opening cybersecurity stats

Varonis put together some amazing stats from which we chose the following:

1. 68% of business leaders feel their cybersecurity risks are increasing. (Accenture)

2. Only 5% of companies’ folders are properly protected, on average. (Varonis)

3. Data breaches exposed 4.1 billion records in the first half of 2019. (RiskBased)

4. 71% of breaches were financially motivated (Verizon)

5. 52% of breaches featured hacking, 28% involved malware and 33% included phishing or social engineering, respectively. (Verizon)

6. The top malicious email attachment types are .doc and .dot which make up 37%, the next highest is .exe at 19.5%. (Symantec)

7. By 2020, the estimated number of passwords used by humans and machines worldwide will grow to 300 billion. (Cybersecurity Media)

8. Hackers attack every 39 seconds, on average 2,244 times a day. (University of Maryland

9. The average time to identify a breach in 2019 was 206 days. (IBM)

10. The average lifecycle of a breach was 314 days (from the breach to containment). (IBM)

11. The average cost of a data breach is $3.92 million as of 2019. (Security Intelligence)

12. By 2020, security services are expected to account for 50% of cybersecurity budgets. (Gartner)

13. The average cost of a malware attack on a company is $2.6 million. (Accenture)

14. $3.9 million is the average cost of a data breach. (IBM)

15. Healthcare had the highest data breach costs at $429 per record. (IBM)

15. The average cost per record stolen is $150. (IBM)

16. The average cost in time of a malware attack is 50 days. (Accenture