Cybercriminals are now using more advanced methods, once the exclusive domain of the state, to steal and profit from personal and proprietary information, blurring the line between cybercrime and cyberespionage. Companies who fail to adapt their cyber defenses to match this upgraded threat will be bringing a knife to a gunfight.
Today’s cybercriminals are using more sophisticated weaponry once available only to state actors, such as foreign intelligence services. Thieves recently targeted a vulnerability in the plug in for Adobe Flash, a widely-used platform that allows users to watch videos online. The weapon of choice was a Magnitude exploit kit—a tool popular among cybercriminals— combined with a known vulnerability discovered by hackers allegedly tied to the Chinese government.
The increased sophistication of cybercriminals means all businesses, not just those in the defense or national security space, face a cyber threat on par with national governments. Businesses in sectors previously thought to be facing the cyber-equivalent of “common criminals” – such pharmaceuticals, law, extractives and retail – will need to adapt quickly, identify potential vulnerabilities, and bolster existing cyber defenses.
Luke Penn-Hall is an analyst at The Cipher Brief.