Why anticipating threats is key in the fight against cybercrime

For the past year, the World Economic Forum’s Partnership Against Cybercrime has worked to disrupt continued cybercrime efforts against the backdrop of a dizzying explosion in cybercriminal activity. As organisations struggled to find their footing in a post-COVID new normal, they did so with networks stretched across more access points and edges than ever before.

In addition, work-from-home slowly expanded to work-from-anywhere amidst an evolution of the new hybrid workforce, leaving IT and security teams scrambling to bring enterprise-grade information security to home networks. As a result, there was an added risk they would likely be brimming with low-security internet of things (IoT) devices, and even coffee shops and public WiFi networks.

Cybercrime surged in its wake, flooding networks with malware to exploit every weak point of access. The increase in threat has been truly unprecedented—ransomware alone is up a staggering 1100%. And in a recent global ransomware survey, 67% of organizations reported having been a ransomware target, with nearly half acknowledging that they have been targeted multiple times.

If anyone was looking for reasons why cybersecurity is now one of the most critical aspects of global security, this past year alone provided many of those examples. Fortunately, it also offered many cybersecurity examples that helped the World Economic Forum's Partnership Against Cybercrime further its central goal for the year: To serve as a bridge between the digital expertise of the private sector and the global public sector organizations to shape criminal insights and legal recourse efforts.

This goal harks back to the Forum's Partnership Against Cyber Crime November 2020 Insight Report that called out the need to collaborate to disrupt cybercrime ecosystems.

Central to that goal has been the identification and beginnings of a project of incredible ambition, scope, and value: A working map of major global cybercrime syndicates to empower the disruption of the ecosystem and infrastructure, bringing forward more effective cybercrime investigations, prosecutions, convictions, and takedowns.

As vast and elusive a criminal underground as has ever existed—as well as the most profitable and most dangerous—the sheer speed and scale of the threat landscape would seem to make it impossible to survey. Or so the cyber criminals hope.

The partnership is a driving force behind focused and organized efforts from a consortium of industry leaders that have been a part of the Forum's Partnership Against Cybercrime over the past year and continue to collaborate. These include organisations like Fortinet, Microsoft, Bank of America, Coinbase, Accenture, the Cybercrime Support Network, and the Cyber Threat Alliance in the efforts to thwart cybercrime.

Threat Intelligence experts from these organisations are volunteering their time and expertise to design and establish a capability that will understand the components, the interfaces and the connections of the cybercriminal ecosystem with the intent to disrupt it.

Partnership members have been excited and encouraged at the clarity achieved through the framework of cybersecurity expertise and some basic taxonomies throughout a year's worth of strategic meetings, investigations, and digital forensics. By analyzing their approach, the Partnership has been tackling the objectives of breaking down cybercrime groups into different categories, including business e-mail compromise (BEC), card fraud, malware, and ransomware.

When each category is subdivided into different group types, it is surprising how granular and specific the cybercrime statistics and information required to map these cybercriminals becomes. Combining those insights with law enforcement agencies at the local, national, and international levels could catalyze a game-changing new intensity and effectiveness to cybercrime prosecutions and convictions.

Throughout the year, the cybergangs—groups that behave much like other kinds of crime families—have also managed to be helpful. They are constantly at war, competing or infighting. For example, in August, a disgruntled member of the Conti Ransomware group leaked its strategic playbook—an archive of files containing hacking tools, manuals in Russian, training materials, and even ‘help documents’.

Partnership Against Cybercrime members analyzed the archive and overlaid it with other information gained throughout the year in its work. The ambition is that once culminated, the results will provide critical and specific context for sharing with public sector law enforcement organisations, and investigators in criminal justice systems worldwide. It is a global approach and coordination effort to remove the borders and obstacles cybercriminals hide behind.

Since its inception, that global network of coordination and cooperation has been central to the Partnership Against Cybercrime’s mission. After a year of intensifying cyberattacks and behind-the-scenes work tracking cybercriminals, the alliance is now closer than ever to its goal of sharing detailed, specific threat mapping, and cybercrime examples to develop insights and identify new opportunities for cooperation between digital security experts and law enforcement. The Partnership looks forward to sharing its findings in the new year.