Law enforcement, even on a local level, has a new obligation to establish an effective framework for combating online crime.
As the cybercrime landscape continues to evolve, methods of policing it must change as well. The increasing number of cyber attacks propagated by everyone from nation-state actors to average criminals is blurring lines between cybersecurity and public safety, ultimately causing a shift in the role of government and law enforcement in protecting against these threats.
Verizon's 2017 Data Breach Investigations Report notes, "In addition to catching criminals in the act, security vendors, law enforcement agencies and organizations of all sizes are increasingly sharing threat intelligence information to help detect ransomware (and other malicious activities) before they reach systems."
Using their own behind-the-scenes collaboration venues, threat actors have also become increasingly well armed and well informed. This can be countered by defenders through better sharing of information tied to trending campaigns, changes in attack vectors, and the emergence of new tools. Foreign enemies become domestic enemies from thousands of miles away, calling for not only a deeper investment in cybersecurity skills and technologies but a broader framework for timely dissemination of intelligence across all global industry segments, both public and private.
Hacker Best Practices
Cybercriminal activity has seen an uptick in recent years as new tools and methods for hacking become more accessible. Frameworks and platforms sold in underground forums enable low-skilled attackers to evade defensive barriers, becoming today's petty criminals. For example, ransomware-as-a-service has emerged as an attack vector, allowing average Joes with little-to-no cyber knowledge to target both people and businesses using DIY ransomware. Additionally, the sophistication of new technologies used by hackers, such as artificial intelligence, makes malicious advances more difficult to detect.
Traditionally, law enforcement has played a role in cybercrime only after significant damage has been done — for example, when systems are held hostage by ransomware or significant corporate or personal data is stolen. However, as attacks become more frequent and the impact increasingly devastating, law enforcement, even on a local level, has a new obligation to establish an effective framework for digital crime-fighting.
Get Your Vaccine
According to Verizon's report, information sharing can "act like a vaccine" against cyber attacks. The report states that the spread of threat information goes beyond "just the indicators of compromise (malware hashes, YARA rules and such), but also [includes] working with law enforcement to investigate and bring the perpetrators to justice. It also requires sharing the more general context of cybersecurity incidents to inform prioritization of cybersecurity actions and law enforcement efforts to counter particularly damaging threats."
Using timely threat intelligence, law enforcement can alert both businesses and consumers of known and suspected attacks, helping them to take proper precautions to "immunize" themselves against the spread of things like malware. This means that as hacking tools and techniques become more widely available, critical threat information that can improve defenses must also become more broadly accessible.
So, how can law enforcement begin engaging more broadly in information sharing?
Although it is impossible to prevent cybercriminals from attempting attacks, organizations that properly take advantage of threat information can detect adversaries before they can do damage. Law enforcement plays an important role in this collaboration. By following best practices for threat intelligence sharing and taking a proactive approach, law enforcement can help pass along important information quickly, and thus enable organizations across all sectors to make better judgments and stop the bad guys in their tracks.