The Race Against Cybercrime Has No Borders

31/03/2020

As Team Cymru’s strategic partner in Latin America and the Caribbean, LACNIC is constantly looking for ways to cooperate in helping prevent the proliferation of cybercrime and coordinating actions with global organizations to help the regional community make the Internet a safer place.

Jacomo Piccolini of Team Cymru highlighted the partnership with LACNIC and noted that this organization has been fighting and pursuing cybercriminals for fifteen years.

According to Team Cymru, there are approximately 500,000 malicious events per second on the Internet involving security issues.

Who is Team Cymru and what are its objectives/goals?

Since 2005, Team Cymru’s mission has been to save and improve lives by working with public and private sector entities to discover, track, and take down threat actors and criminals around the globe. We do this by delivering comprehensive visibility into global Internet traffic and cyber threat activity. Team Cymru collects, processes and aggregates global netflow and 50+ other types of data to give our clients Pure Signal™. This provides the broadest visibility into malicious activity across the Internet. We see more than 500,000 events per second and deliver that information to our users in an actionable way. The most advanced cybersecurity teams and investigators around the world rely on our solutions to uncover the who, what, when, where and why of malicious behavior. They also leverage this global visibility to identify and block malicious campaigns before they even reach an enterprise’s doorstep. Our data is incomparable – Pure Signal™ – and our partners and clients use it to make the world a safer place.

Who is part of this group of experts that analyze the main Internet security challenges?

Team Cymru is a multicultural company with employees around the globe who share the same passion — to make the Internet a safer environment for everyone, including our families, companies and countries. Every employee at Team Cymru shares in our mission, from a developer who works on our sandbox code to make the analysis of malware possible to our intelligence analyst who investigates cyber threats and cybercrimes.

What is the complexity of the current crimes on the internet? How much have cybercriminals advanced?

This is a great question with hours of conversation needed for a proper understanding of the complexity being faced by enterprises as each enterprise is unique and the cyber threats they face are constantly evolving. Cybercriminals evolve, and evolve fast, as the security market responds to their threats. This requires a constant pursuit of knowledge, training and information sharing. A specific tool or protection that worked last year may not be as effective this year. This is why Team Cymru works to deliver visibility into internet activity beyond an organization’s perimeter. The traditional methods of collecting threat intelligence and investigating threats limit an organization to seeing only what is happening within the enterprise. Threat hunting and incident investigations stop at the firewall unless you have the visibility we provide. Also, everybody talks about risk-based security and the idea that cybersecurity should be approached from the perspective of risk management. Well, if you can’t see what’s happening beyond your own backyard, you do not have the situational awareness necessary to achieve effective risk-based security. We aggregate 50+ different types of data, but we really love our global netflow, because that expansive awareness lets you see what’s coming your way before the threat actor even steps into your backyard.

Cybercrime goes faster than security agencies in Internet?

Cybercriminals have no regulatory burdens. They will always do whatever it takes to get money, data, to carry out espionage campaigns or even disruption campaigns. We have many criminal players online any given time, sometimes even competing between themselves for supremacy.  Cybercriminals understand the weakness and restrictions that different countries and their law enforcement agencies have. They know that if they place malicious content outside jurisdictions, it will slow down law abiding nations’ ability to investigate. When you consider that limitation, plus the fact that security teams are being hit on all sides with potentially thousands of event alerts a day, and the tools they have at their disposal are inherently limited, you can see how important it is for organizations to get ahead of malicious activity, rather than wait for alerts to pop up. You can see how valuable it is for both our partners and our clients to be able to monitor malicious activity across the globe.

What are the main difficulties agents encounter in pursuing cybercrime?

A common difficulty is related to legal restrictions between countries and law enforcement agencies. This is where a neutral entity like Team Cymru can really assist the community.

What are the cybercrimes that have grown the most in the world?

Without exception all cybercrime numbers have grown, each one for different reasons. We are obviously most concerned about data exfiltration of any kind, financial cybercrime, and of course attacks on critical infrastructure. Compromises of corporate and government networks, as well as ISP networks for the purpose of theft or sabotage directly impact the safety and privacy of global citizens. Unfortunately, these attacks often begin by taking advantage of human ignorance or lapses in judgment. Phishing campaigns and DNS hijacking continue to be very popular, for example, because the success rates are so high.

Which International laws are appropriate for the persecution of Internet crimes?

There are already some strong International laws, for example Money Laundering, Crimes Against Children, Human Trafficking, Illicit Drug Trafficking and Terrorism. The Budapest Convention on Cybercrime is an excellent example of International collaboration that still needs broader support. Cooperation is the key to success, and I don’t think we have much resistance in the global community when it comes to cooperation. The challenge from Team Cymru’s perspective is visibility, and the ability to incorporate global visibility into our efforts to make the Internet a safer place.