In our ever-digitalized lives, we are confronted with an increasing variety of threats. Whereas ten years ago, we were mainly concerned with phishing and fraud. Nowadays, there’s a wide variety of threats impacting us.

Hacktivists have opinions contrasting some others, and they rally the power of the masses, led by a small number of motivated and vocal leaders. Whether it’s DDoS attacks, leaking or another vector, it’s aimed to impact society in some way. Nation states, well-funded groups of professionals are geopolitically motivated by this. They’re after our governments – looking for disruption, secrets and influencing politics for their gains.

All of them are relevant, and our twitter timelines fill up with news such as the CIA leaks, the Turkish twitter hacks and their insults to the Netherlands and Germany, and so on.

However visible these might be and whatever kind of discomfort these might provoke, the “average Joe” would be wise not to lay awake at night. The risk included in these is still negligible in comparison with the risk the good old cyber criminals are posing.

Since the ZeuS days, back in 2006, criminals have come a long way. Today they infect first and ask questions later. They collect victim behavior data and run big data analytics over their bots. They will deploy different kinds of attacks, ranging from ransomware, fraud, card theft, ATM jackpotting to lateral movement and IP theft.

In other words, they have many shelved scenarios to maximize the ROI from their botnet and money laundry infrastructures. They do not care where you live, who you are or what your beliefs are, your money and bitcoin is what they are after. It’s not just banking anymore. Every SME and individual is now interesting, and we’re only seeing the tip of the iceberg.

So if you wake up sweating in the face of bad cyber dreams, do lie awake thinking about the criminals. In quoting @thegrugq, “You are going to be phished long before you are going to be hit with CIA 0days”.

The good news is that although the criminals have evolved, we have evolved with them. Next generation end-point solutions, behavioral analytics and machine learning are some of the technologies that have now matured into the main stream. As experienced they are in attacking us, we’ve built up an equal experience defending against them. It’s still a level playing ground.

Eward Driehuis

Chief Research Officer
eward.driehuis@securelink.nl