Minicast: Cooperation between e-crime groups is the most significant change in cybercrime - Crowdstrike

Cybersecurity is now the number one item on many corporate risk registries and the challenge is only set to continue. The cybercrime ecosystem keeps evolving as participants become more specialised. Little wonder then that cybersecurity is now the number one item on many corporate risk registries.

Scott Jarkoff, director of strategic threat advisory group, APJ, and EMEA at CrowdStrike tells Digital Nation Australia the challenge is only set to continue.

On the nation-state side, adversaries have evolved and refined their tradecraft, deployed new tools, and expanded into areas like supply chains, but there had been more evolution on the cybercrime side of things.

"That's where a lot of the revolution is taking place," he said. "We call our e-crime adversaries spiders. It's appropriate to say there's this web of interrelationships between adversaries on the e-crime side of the house. In most cases, when [for instance] a ransomware attack occurs, it's not being perpetrated by a single adversary."

According to Jarkoff, "Our adversaries have stopped working in silos and are now working together," a fact he said represented the most significant evolution.

"And this has happened as part of a set of wider changes."

On the response side he said the explosion of cloud-based solutions is one of the most important developments, "We started that trend, and we are seeing our competitors follow suit."

Another key development is the willingness and ability to leverage intelligence.

"That is not something we've seen in the past. Having that as part of the equation is another trend that is going to continue as we move forward into the future."

We asked him about the extent to which there are formal or even informal connections between criminal syndicates and nation-states.

Jarkoff describes this as a trick question. "I'll say this, there are certain cases where we've seen some collaboration among the two, I'll use one example, there appears in certain cases, where some of the adversaries on the nation stateside based out of North Korea have potentially worked with Wizard Spider which is responsible for the two most prolific pieces of ransomware tooling."

He said the case could potentially be made as a lot of the e-crime adversaries come from a very specific part of the world potentially a government might condone the behaviour. In that case he said there may be some of the people responsible for that the crime who "... may have a nexus to the government, but it's not entirely clear."