skip to content
Contact
Click to open search Open mobile navigation menu Close mobile navigation menu
Home

The proliferation and prevention of commodity cyber threats

Published: February 22, 2024
Updated: February 22, 2024
Article

Cyber attacks once required a high degree of sophistication—but now, the democratization of cyber attack tools and an ever-expanding attack surface have made commodity threats remarkably more common and easier to execute. 

Retailers, municipalities, not-for-profit organizations, educational institutions, and any business that depends on technology for day-to-day operations have become viable targets. Guarding against these threats hinges on a proactive cybersecurity approach.

What are commodity cyber threats?

Commodity cyber threats refer to commonly available malicious tools or techniques, which even relatively unskilled threat actors can leverage for attacks. 

The adversaries who were developing these once-sophisticated attacks for their own use and gain have adopted a more profitable business model: they are now positioning themselves as a service provider, developing attack toolkits and services that can be rented or purchased on the dark web. Those who purchase these services can then target and extort money from an organization. This creates a lucrative business model for both the developer of the service and the customer.

Understanding the common types of commodity cyber threats

Commodity cyber attacks can do serious damage against organizations that lack end-to-end protection. Below are some of the commodity attack types which can be acquired and launched against your organization with minimal technical capability by the attacker:

Ransomware and malware

Ransomware is a type of malware that attempts to persuade victims to click on a malicious link or attachment sent in a phishing e-mail. Malicious code is executed when the victim opens the link or file, which leverages potential vulnerabilities in the victim’s computer to provide remote access to the attacker.

Once the attacker has control of the victim’s computer, they can exfiltrate potentially sensitive data from that system, move laterally to other computers on the victim’s network, or encrypt that computer to render it unusable by the victim until a password or key is provided by the attacker. 

This can lead to the attacker demanding a ransom payout to be made, typically using cryptocurrency such as bitcoin, in exchange for releasing the compromised systems or for not publicly disclosing the stolen data.

This type of attack can compromise your ability to perform regular business functions and potentially serve customers, resulting in a loss of revenue. In some cases, the disclosure of sensitive data gained by the attacker, such as personally identifiable information (PII) or trade secrets, can damage customer trust, causing them to take their business needs elsewhere.

Ransomware uncovered:

REvil (Ransomware Evil) stands out as a high-profile example of a ransomware-as-a-service (RaaS) operation. REvil provided malicious actors with ransomware tools in exchange for a cut of the profits. It operated as a highly organized entity, providing a user-friendly interface and technical support to its clients. REvil targeted a wide range of organizations across various sectors globally, including an Apple supplier, electronics corporation Acer, Australian health insurance company Medibank, and many others.

Account takeover

An account takeover is a type of identity-based attack where bad actors gain access to a user's account credentials and use it to perpetrate malicious activities.

Attempts to compromise user accounts have been prevalent in the cyber threat landscape for a very long time. Practices such as password reuse, weak passwords, lack of multi-factor authentication (MFA), and the success of phishing and social engineering campaigns make this occurrence common in many organizations and web platforms. 

Using techniques such as credential stuffing or password spraying, attackers try to illegitimately access corporate e-mail accounts, online profiles, or web properties. Credential stuffing involves attackers using password lists from prior public breaches. Password spraying is a technique where attackers systematically input commonly used passwords to gain access by fluke. 

Once they access the account, attackers can then launch further attacks against the organization, customers, and partners. Malicious parties can also send illegitimate messages, make fraudulent transactions, make changes to profiles, and potentially view sensitive data.

Account takeover uncovered:

Fancy Bear, a cyber espionage group with suspected ties to the Russian government, is notorious for exploiting security vulnerabilities in software. It has targeted a variety of organizations, from those in the defence and aerospace sector to technology firms and government entities. The group uses various tactics, including phishing emails and malware, to gain access to an organization’s accounts. Once inside, Fancy Bear exfiltrates emails, documents, and other data, which it then leaks to the public or manipulates for its own strategic purposes.

Wire transfer fraud

Wire transfer fraud aims to deceive a member of your organization into transferring funds to an illegitimate receiver. They leverage the potential fear targets have of organizational hierarchy or the innate trust they have of others to convince them the request is legitimate.

Typically, an attacker inserts themselves into an e-mail chain or leverages a compromised e-mail account to contact a member of your organization in a financial role. The attacker then poses as a business partner, vendor, or ranking member of your organization to direct the target to change payment information, disclose financial data, or send funds to an illegitimate receiver. Financial institutions can often detect and freeze these transactions, but if the fraud isn’t detected or reported by the victim in time, funds may end up being released to the attacker.

If gone unnoticed, this illegitimate modification of payment information could lead to significant financial losses for the organization and a loss of trust from business partners and customers. If these fraudulent transactions were not detected by the financial institutions, it can sometimes be challenging to have the transactions reversed or have insurance compensation for damages, especially if some time has passed.

Wire fraud uncovered:

A Canadian city's municipal government fell victim to a phishing scam, leading to a wire fraud loss of over half a million dollars (that was eventually mostly recovered). After gaining access to the email account of one of the city’s partners, the fraudsters sent out a request on the partner’s behalf, deceiving a city staff member into changing their banking information to redirect funds into the fraudsters’ account. Our case study has more details on this fraud case, how it was conducted, the outcome, and how you can avoid similar incidents.

3 ways to prevent cyber attacks

While commodity cyber threats are common, they are not insurmountable. With a proactive and informed approach, effective strategies can be employed by your organization to prevent against commodity attacks or greatly reduce their potential for impact.

System vulnerabilities and the misconfiguration of IT infrastructure and services used by the organization are a main contributing factor to commodity threats hitting their mark. Frequently testing your processes, infrastructure, applications, and overall security posture can allow for the security defects leveraged by attackers to be remediated before they are exploited.

The industry has a plethora of effective security solutions and services aimed at using advanced technology to prevent commodity attacks. It’s important to not only take advantage of these capabilities, but to ensure that they are configured adequately to your unique security requirements and that you have the personnel available to evaluate and respond to the output of the tools.

People and processes are often the weakest link when it comes to organizational cybersecurity. Using standard, repeatable, and documented processes, a significant number of commodity cyber attacks can be controlled. It’s also important to provide adequate and frequent training to your personnel to ensure they have the required knowledge to effectively detect and report attempts to attack your organization.

Woman working on a laptop surrounded by three other computer screens depicting information.

Our Perpetual Defence solution offers end-to-end cybersecurity

Our Perpetual Defence security solution leverages three overarching elements to provide your business with end-to-end coverage against cyber threats: 

  • Up-front planning and optimization
  • Real-time monitoring and alerting
  • Robust and advanced testing capabilities

With our à-la-carte approach, you can customize and choose the services that best fit the needs of your business and address the gaps in your security posture.

Connect with our BDO Digital team to discuss how we can help you develop a tailored, comprehensive cybersecurity plan that takes your business forward with confidence.

Mark Zuzarte
Global Leader, Application Security
647-798-1308

LinkedIn
View bio
Rocco Galletto
Partner, National Cybersecurity Leader
289-266-1403

LinkedIn
View bio

This site uses cookies to provide you with a more responsive and personalised service. By using this site you agree to our use of cookies. Please read our privacy statement for more information on the cookies we use and how to delete or block them.

Accept and close