A new report by Chronicle warns that crimeware, which is malicious software designed for performing or facilitating illegal online acts such as cyber theft, fraud and extortion, is an underestimated threat. The research shows that the effectiveness of measures taken to mitigate the risk of crimeware has decreased between 2013 and 2018, while the malware used by financially motivated attackers has been evolving nonstop.
Crimeware has increasingly disruptive effects on targeted businesses, and financial losses for victims are increasing. Security teams are have become “desensitized” due to the frequency of attacks, which further weakens the security posture of organizations. Cybercriminals are outpacing security professionals in their ability to adapt to, and take advantage of new technologies and the changing threat landscape. As a result, “crimeware-as-a-service” operations have come to resemble professional companies and nowadays “the financial risk [of crimeware] quantifiably outranks more sophisticated threats” like state-sponsored hacking groups commonly referred to as advanced persistent threats (APTs).