Keep up to date with the trending topics
from our industry experts

UK Cyber Week – Hackers need HR too

Written by Dan O’Hara

Monday, 20 May, 2024

Webinar: This is your Microsoft Copilot speaking, we’re ready for financial services take off

On demand

Learn how this powerful AI tool can help you create, analyse and communicate better with your data.

Microsoft Copilot Webinar

The business of cybercrime, how hackers operate like any other business

During UK Cyber Week, I attended a number of sessions where the state of cyber security was talked about in depth. I was struck by how far the hacker image and stereotype has come, from someone young, at home in a basement, angrily typing on a computer, breaking into their school IT system, causing mischief and annoyance, to a full fledge criminal industrial operation with all the machinery of a typical large business.

You may be surprised to hear that the cybercrime underworld, like any other large criminal operation, requires the same operational support as any other large business; HR, complaints department, technical support, billing department, all the required functions of a business to help keep things moving efficiently.

Cybercriminals are probably using similar tools to you

SaaS or Software as a Service is now as ubiquitous to businesses as the fax machine once was. A good example is Microsoft 365 which contains all the tools necessary for your financial services business to function and communicate. Cybercriminals have also developed the need for similar tools in order to carry out attacks more efficiently at a larger scale.

These tools, such as ransomware as a service are bought much like other tools, a subscription-based model, but not at a fixed price per month, more as a percentage of the total proceeds of crime. By partnering, the tool becomes available to you and can kick start your journey as a cybercriminal, without the usual hoops of having to build the ransomware yourself.

How easy is it to play the part of a cybercriminal?

Does it look like something you may see in Hollywood with lots of data scrolling by on the screen casting a bright glow on the cybercriminal as they furiously type away? No, it’s like any other online tool you see, with a deep consideration for usability and design. Want to create ransomware that sends out “You’ve been ransomware’d” to your victim’s printers? It’s easy, it’s just a checkbox, your own branding, your own text, follow the “Build Your own Ransomware” wizard, and by the end you’ll have your very own customised cybercrime tool.

Even though you may think of this world as completely lawless, there are still rules being a cybercriminal, rules that if you do not follow, could mean you face disciplinary and unceremonious firing. Some of the typical rules involve not targeting hospitals or anything to do with children. However sometimes rules are broken and if this is the case, there is a complaints department that is ready to adjudicate complaints between victims and the hackers. If you have broken the rules, the ransomware as a service support will provide you with the decryption keys to get your data back – all is fair in a cyber attack.

How to fight back

The National Crime Agency (NCA) and other authorities are dealing with cybercriminals in a new way because they have to. These are no longer isolated cyber hackers, they’re big, distributed operations, with no borders and are leveraging the capability of the internet to stay anonymous. One of the most effective ways I picked up from these sessions, and yes, just taking these websites and tools down is one implement in the authority’s toolbox, but it’s also the physiological warfare that the authorities are carrying out. They are disrupting their operation by sowing doubt across all “employees”, building paranoia and discord amongst them and working to lift the veil of protection of anonymity.

Unfortunately, where one cyber criminal organisation is taken down, another springs up in its place, looking to become the next Microsoft of cybercrime. So it is now as important as ever, to build strong defences for the next generation and evolution of cybercriminals.

Want to find out more on how to protect your financial service business?

Our services

Our 4 pillars for a complete choice of managed IT services - all tailored to the needs of financial services firms in London and the UK.

Finance Forward 365 - Microsoft 365 cloud services supported by experts

Finance Forward 365

Microsoft modern workplace & cloud technology for digital transformation.

Compliant Teams -  Microsoft Teams phone system with call recording and archiving

Compliant Teams

Increased productivity & collaboration with call recording whilst reducing costs.
Cyber security solutions for financial services

Cyber Security

Keep your data secured against rapidly changing threats within Financial Services.

Responsive IT managed services for financial services

Power BI

Business Intelligence transformation and support tailored for Financial Services.

Follow us:

Pin It on Pinterest

Share This