{"id":3506,"date":"2019-06-05T15:59:59","date_gmt":"2019-06-05T03:59:59","guid":{"rendered":"https:\/\/kinetics.co.nz\/?p=3506"},"modified":"2019-06-05T15:59:59","modified_gmt":"2019-06-05T03:59:59","slug":"cyber-criminals","status":"publish","type":"post","link":"https:\/\/new.kinetics.co.nz\/?p=3506","title":{"rendered":"The alarming business models of cyber-criminals"},"content":{"rendered":"

[et_pb_section fb_built=”1″ admin_label=”section” _builder_version=”4.16″ global_colors_info=”{}” theme_builder_area=”post_content”][et_pb_row admin_label=”row” _builder_version=”4.16″ background_size=”initial” background_position=”top_left” background_repeat=”repeat” global_colors_info=”{}” theme_builder_area=”post_content”][et_pb_column type=”4_4″ _builder_version=”4.16″ custom_padding=”|||” global_colors_info=”{}” custom_padding__hover=”|||” theme_builder_area=”post_content”][et_pb_text admin_label=”Text” _builder_version=”4.16.1″ background_size=”initial” background_position=”top_left” background_repeat=”repeat” global_colors_info=”{}” theme_builder_area=”post_content”]<\/p>\n

Cyber-crime has become big business<\/h2>\n

It’s organised, and the purveyors are shameless in their determination to steal from all of us.<\/strong><\/p>\n

\"\"<\/p>\n

Heaven only knows where they get their names from.\u00a0 One group we recently became aware of is called ‘PINCHY SPIDER’, and they are doing something called ‘Big Game Hunting’.<\/p>\n

Back in January 2018, they created a ransomware<\/a>\u00a0toolkit called GandCrab.\u00a0 While most ransomware today spreads through SPAM email, this uses an older technique.\u00a0 It uses an exploit kit to spread, mainly through infecting websites, then taking advantage of vulnerabilities in common software like Internet Explorer, Chrome, Java and Flash.\u00a0 Where it is particularly effective is that it then lies in wait.\u00a0 If it can sense other computers on a local network, then it uses Remote Desktop Protocol\u00a0 (that’s the same RDP that most of us use for remote access to work) to attack them and spread further.<\/p>\n

 <\/p>\n

Big Game Hunting<\/h2>\n

Now it seems that they have refined their model. \u00a0 <\/strong><\/p>\n

They work with ‘affiliates’ for a share of the ransom.\u00a0 It’s reported the PINCHY SPIDER people take 40% of the profits, with the affiliate ‘earning’ the rest for what is described a surgical strike.\u00a0 Yes, they are franchising cyber-crime!<\/strong>\u00a0<\/strong>These affiliates target an organisation, crafting their attacks, refining their knowledge of the target until they succeed.<\/p>\n

It seems that once they penetrate the target, they then quietly work laterally to get their evil software onto the machines that will cause the most harm, whether that’s a server or a set of specific PCs.\u00a0 They want to minimise the trail they leave behind, making it hard for the security software people to find ways to identify their footprints, and they may even manually remove their software from less-valuable machines as they move through the organisation. \u00a0 If they encounter roadblocks, it seems they also manually work through these, removing or disabling all, or part, of your security tools until they can continue spreading their infection.<\/p>\n

These are carefully crafted attacks.\u00a0 <\/strong>They reconnoitre their victims and plan their attacks.\u00a0 They sneak around your system until they are ready, then they strike.<\/p>\n

What can you do?<\/h4>\n