Many organisations that we speak to feel that their company is not at risk from cyber attacks, often because they think they are either too small or their data or business wouldn’t be of interest to attackers.
Unfortunately, while it would be wonderful if companies could rule themselves out from the risk of attack, criminals are not of the same mindset.
While cyber criminals will generally focus on bigger targets, many operate “affiliate” and “referral” schemes where they will provide software and target data to less skilled attackers (e.g. “script kiddies”) to go after smaller targets in exchange for either a subscription or a commission (for example a percentage of a ransom).
In addition to the ease with which less-skilled attackers can successfully target their victims, two other key factors have fuelled a continual increase in companies and individuals of all sizes being hit:
Cryptocurrency
Prior to the advent of cryptocurrency, it was difficult for attackers to extort money from their victims because geographical distance meant a physical payment was impractical (and risky) and bank transfers left a financial trail that could be followed (not to mention the fact that many attackers weren’t old enough to open bank accounts!).
Bitcoin and various other cryptocurrencies that have now appeared provide a fairly anonymous global method for attackers to get paid without risking revealing themselves.
Anonymised access / Lack of accountability
The TOR network, various free/paid VPN services (that promise to never log activity) and a network of proxies via botnets have provided attackers with a layered method of anonymising their activities, making it difficult and expensive to track them down.
This gives them a level of impunity that they previously wouldn’t have had. In addition to this, some more hostile countries are far less likely to take action against cyber criminal groups that are only targeting unfriendly nations – indeed some authors of malicious software are known to write in code that doesn’t attack systems that appear to be in their home country.