But what makes a cyber heist different from physical larceny are the many types of ransom that exist in the digital realm. Sure, the value of paper money is no longer what it used to be, but there are times when personally identifiable information, like usernames, passwords, social security numbers and credit card data, prove to be more lucrative. If this isn’t complicated enough, add cryptocurrency, which is nothing more than an encrypted piece of data stored on a hard disk, to the mix of digital assets that represent real value.
A cyber heist, therefore, is more accurately defined as breaking into systems (secured or otherwise) to illegally obtain the information within those systems. Information is not only power, but key to valuable assets of the 21st century. This is true whether value is found locally or afar by gaining access to private accounts.
Stages of a Cyber Heist
Point of Entry: Typically, a cyber heist will follow the same pattern as its physical counterpart, where the initial stage is known as “casing the target.” This involves the attackers plotting their path of entry into the system and mapping out what is often referred to as an attack vector. Although closed systems (or, those off the proverbial grid) make for easier targets, the TSB online banking crisis was the product of a faulty systems migration and exploited by a traditional phishing scheme.
Information Gathering: As devastating as the TSB banking incident was, it somewhat pales in comparison to the loss suffered by Bangladesh Bank in February 2016. This cyber heist, orchestrated by the infamous threat actor Lazarus group, used keyloggers to monitor the activity and communication practices of banking staff. The full details of this attack—like the identities of the hackers—have yet to be revealed, but the $81 million dollar loss was recognized across the world.
Attack: As previously noted, a cyber heist doesn’t necessarily result in the loss of money. Attack methods vary and might involve the likes of data extraction, disabled access or system destruction. The nature of an attack depends on the hacker’s goals, as well as the short amount of time between identifying the target and implementing the attack. In Lazarus group’s case, it has been stated that their original goal was to make off with an estimated $851 million dollars. The important takeaway here is that the viability of intel can change in a moment’s notice. The most effective attacks, therefore, are usually the ones that clean up after themselves without being detected.
Some attackers even go the extra step to leave markers that will distract those who will investigate them. There have been a number of cases in which investigating teams are mislead into thinking the bounty (whether money or data) traveled to a particular location when, in fact, it was moved in the opposite direction.
Another noteworthy cyber heist in recent history was the Equifax data breach, where in 2017, the personal information of more than 143 million Americans was either exposed or stolen. While the cases described in this post are higher profile cases, it should be noted that many cyber heists occur across the world, but go unreported.