Cybersecurity When looking across the entire dark economy, there are a few points that
standout – the ease for would-be cybercriminals to break into the industry, the fight to keep talent on the right side of the law, and the commodification of what once were advanced persistent threat tools and tactics. Whilst a thriving dark marketplace for malware and hacking tools is nothing new, the activity of ransomware operations and malicious actors is becoming more available to the wider criminal community, meaning it’s never been more important for partners to protect against these threats.
Ransomware-as-a-service Ransomware gangs have become the leading orchestrators of the ‘as-a- service’ model for cybercrime. Underground digital marketplaces have made it possible for gangs or individuals to virtually access all of the components of the cybercrime toolkit to those willing to pay for them — from the initial compromise of victims all the way to malware delivery. This industrialisation of ransomware has allowed for the development of
ransomware ‘affiliates’ to become a much more professional outfit. The use of professional offensive-security tools, legitimate administrative and technical support software, malware-as-a-service, and other market- obtained exploits and malware, mean we are no longer able to associate sets of tools, tactics and practices with specific ransomware groups. Similar to that of the corporate IT sector, cybercriminals have adopted
the ‘as-a-service’ model in order to boost their scope of operations and almost all aspects of the cybercrime toolkit can be outsourced to crime-as- a-service providers that advertise on underground web boards. It is becoming fairly simple for organisations to stay ahead of their
operations by outsourcing their cybersecurity solutions to experts in a similar way. Businesses can reap the rewards of implementing a cybersecurity-as-a-service model, which not only reduces the pressure on internal IT teams, but allows businesses to improve their cyber defences, and access support from experts equipped with the knowledge and know-how based on current data, research and insight.
The benefits of using an MDR service As the criminal economy continues to thrive and become increasingly complex, the reality is that today’s technology solutions individually cannot prevent every cyberattack. To prevent the most advanced attacks requires human-led threat hunting, investigation, and response – which is where Managed Detection and Response, or MDR, services come into play. Many types of organisations across all sectors benefit
from the use of an MDR service, from small companies with limited IT resources to large enterprises with an in-house Security Operations Centre (SOC) group. And whilst threat hunting can be performed in-house using Endpoint Detection and Response (EDR) and Extended Detection and Response (XDR) tools, there are extensive benefits to using an MDR service either alongside your in-house team or as a fully outsourced service. A huge advantage of implementing the use of an
MDR provider over in-house only security operations programs is the elevated protection against ransomware and other advanced cyber threats that are born in the dark web. If we’ve learnt one thing from how
www.pcr-online.biz April 2023 | 35
cybercriminals are operating it is that they are only becoming increasingly more advanced and more difficult to detect. An MDR vendor will experience a larger quantity and variety of attacks than any individual business, giving them a level of expertise that is near impossible to replicate when using in-house operations. Threat hunting continues to be a highly complex operation and it has never been more important that people in this space possess a specific and niche set of skills. This in turn makes recruiting threat hunting experts a challenging task, but working with an MDR services provider brings the expertise for you. Not only is threat hunting a complex operation, staying ahead of these
criminals and the developing dark economy can be expensive. Maintaining a 24/7 threat hunting team requires at least five full-time staff, therefore MDR services are proving to be a cost-effective method of securing organisations. Not only does this stretch cybersecurity budgets further, but it also reduces the risk of incurring financial penalties after experiencing major incidents. Cybersecurity providers that have much less visibility into these active
threats generally supplement their in-house insights with additional threat intelligence feeds that are aggregated from a broader set of sources. Whilst these feeds are valuable, they only inform security teams of an event after it has happened. A provider that has visibility into threats whilst they are happening has insights that can quickly discover new adversary activity in a single customer environment and proactively defend every other organisation under its watch. Whilst there is no sure defence against these ever-evolving threat actors,
having an active defence is the key to prevent any individuals from doing any damage, however the burden of defence is often too great for many organisations to shoulder. It’s never been so important for organisations to arm themselves against a continually growing threat landscape through endpoint and network defence and managed security operations services.
Page 1 |
Page 2 |
Page 3 |
Page 4 |
Page 5 |
Page 6 |
Page 7 |
Page 8 |
Page 9 |
Page 10 |
Page 11 |
Page 12 |
Page 13 |
Page 14 |
Page 15 |
Page 16 |
Page 17 |
Page 18 |
Page 19 |
Page 20 |
Page 21 |
Page 22 |
Page 23 |
Page 24 |
Page 25 |
Page 26 |
Page 27 |
Page 28 |
Page 29 |
Page 30 |
Page 31 |
Page 32 |
Page 33 |
Page 34 |
Page 35 |
Page 36 |
Page 37 |
Page 38 |
Page 39 |
Page 40 |
Page 41 |
Page 42 |
Page 43 |
Page 44 |
Page 45 |
Page 46 |
Page 47 |
Page 48 |
Page 49 |
Page 50 |
Page 51 |
Page 52
