“People don’t rob banks with guns anymore; they use USB sticks and malware.” Implementing this sobering remark as a reminder of the everchanging landscape of crime, Raj Samani greeted his virtual audience at the ACFE Fraud Conference Europe. Samani, who is Chief Scientist and McAfee Fellow at the cybersecurity firm McAfee, helped found the initiative NoMoreRansom, which now includes more than 100 partners across the public and private sector.

Samani’s talk comes at a ripe moment for increased awareness and precautionary measures regarding cybercrime, which has recently been employed to target the health care industry as it combats the dire prognosis of COVID-19. Samani noted that many cybercrime enforcement officials believed that criminals would take the high road and resist attacking hospitals and health care providers during the pandemic, yet as soon as Samani heard word of a cyberattack at a health care facility a few weeks into this global situation, he received unwanted confirmation that criminals will always take advantage of opportunities when they arise.

Throughout his talk, Samani offered an engaging psychological analysis into today’s cybercriminals and posited some theories about the people behind these attacks. Using the example of the 2020 Winter Olympics, Samani noted that, despite generally held beliefs that many of these cyberattacks come from governments hoping to gain an upper hand against political adversaries, these cybercrime conglomerates often have no national or political affiliations, and have no qualms attacking an organization like the Olympics, an event grounded in geopolitical unity.

Samani offered an in-depth look into the networks in which these conglomerates tend to work. They use open source intelligence to grow acquainted with everyone involved in the digital environment they’re planning to victimize. Once they’re able to mimic certain users, they operate guided by the principles of steganography: hiding something in plain sight. They’ll plant malicious scripts disguised as image files, which release these attacks as soon as someone clicks on them. Samani then shocked the audience by revealing that cybercriminals can do all of this within seven days —  a level of innovation that Samani claims is unparalleled within his own cybercrime-fighting industry.

Enacted with a view to make it very complicated for enforcement officials to decipher what’s going on, these attacks are often carried out by teams composed of units that are designated for specific purposes such as espionage or reconnaissance. Many of these adversaries implement malware that contains code that can be traced as far back as 2007. Samani cites this as evidence that these are highly skilled and researched groups of people who share a deep pool of resources. Samani also lamented the asymmetric flow of information: criminals have the ability to read blogs from the cybercrime enforcement industry as well as notices made by governments. While crime fighters publish this information and research to further the industry, criminals exploit it and use it to their own advantage to bolster their attacks.

One of Samani’s crucial points was that cybercrime has been outsourced: there are about 100 cybergangs working today, and they have more capability than nation states, yet they’re also available for hire. After a cyberattack hit Finfisher Spyware, a surveillance software company, the software development laboratory Citizen Lab published the leaked list of Finfisher’s customers, which included numerous countries that are not commonly expected to be using cybertechnology as an offensive opportunity but are still taking advantage of softwares that allow them to monitor citizens. Given this dubious usage of surveillance technology, paired with the fact that nations are able to hire cybercrime conglomerates, Samani conjectured that nation states may have a budding interest in hiring these conglomerates for criminal purposes.

To combat this growing number of sophisticated cyberattacks, Samani stressed that, as an industry and as a society, we need to start doing better at reading information that the security industry releases about new research and new patches. As individuals with a vested interest in keeping abreast of these attacks, we should all identify heavily curated sources of good information regarding online safety and use that information to protect systems and provide advice to friends and family, especially in light of coronavirus scams, which have recently been focused on government stimulus checks. We should also know and keep tabs on NoMoreRansom, which provides free decryption tools to make a dent in criminal profits and allows companies to get back up and running as soon as possible without losing data or paying ransom.

Samani closed with the reminder, saying, “The face of cybercrime is no longer the person with the hoodie; it’s anyone with a browser.” Something that drives cybercrime is the belief that adversaries are safe from arrest because distance is now irrelevant. We need to impact these criminals’ returns on investment in order to diminish the number of these attacks, which have come to include misinformation campaigns that can sway public opinion very easily and then have profound and long-lasting consequences. “Using cyber as a method for strategic or economic advantage has never been easier,” Samani concluded, “which is why we need to realize that this is not just an IT problem; it’s much bigger than that.”