CyberWire Daily: From Small-Time Scams to Billion-Dollar Threats [Research Saturday]
Release Date: February 22, 2025
Host: Dave Buettner (N2K Networks)
Guest: Selena Larson, Threat Researcher and Lead for Intelligence Analysis and Strategy at Proofpoint
Contributor: Greg Rat
1. Introduction
In this episode of CyberWire Daily, host Dave Buettner engages in a compelling discussion with Selena Larson and Greg Rat about the evolving landscape of cybersecurity threats. Titled "From Small-Time Scams to Billion-Dollar Threats," the episode delves into the prevalent bias within the cybersecurity industry that disproportionately emphasizes Advanced Persistent Threats (APTs) linked to nation-state actors, while often underestimating the pervasive impact of cybercrime like ransomware.
2. Understanding Advanced Persistent Threats (APTs)
Selena Larson introduces the core research topic: "Why Biasing Advanced Persistent Threats Over Cybercrime Is a Security Risk." She and the guests explore the origins and definitions of APTs.
Dave Buettner explains the term "APT," stating:
"The apt moniker, which is of course, advanced Persistent Threat and is essentially only used for threat actors that are operating on behalf of states. Right. So Russia, China, DPRK, all of these big-time bad actors..." [02:10]
Greg Rat adds historical context:
"It was reportedly first coined in 2007 by a US Air Force colonel named Greg Rat." [02:20]
3. The Industry's Bias Toward Nation-State Threats
The conversation highlights a significant industry bias towards focusing on nation-state actors, often at the expense of addressing more widespread cybercrimes.
Dave Buettner critiques this focus:
"In many ways that has contributed to this bias of focusing on nation-state adversaries... But cybercrime ransomware and certainly banking trojans... were a multimillion-dollar business." [04:01]
He emphasizes that cybercriminals have long been financially motivated and sophisticated, challenging the notion that APTs are inherently more dangerous.
4. The Real-World Impact of Cybercrime
Selena Larson and Dave Buettner discuss the tangible effects of cybercrime on individuals and institutions. Dave shares a personal story to illustrate the pervasive disruption caused by ransomware:
"My sister has been impacted by ransomware four different times. She's worked in the healthcare industry... she's had multiple different ransomware attacks impact her life in different ways." [07:52]
This narrative underscores the normalization of cybercrime's impact on everyday lives, from healthcare disruptions to the closure of schools and libraries.
5. Organizational Focus and Resource Allocation
The guests examine how organizations, guided by prevailing biases, allocate resources to defend against threats. Dave argues that most organizations face a higher risk from cybercriminals than from nation-state actors:
"The average organization is at a much, much greater risk of being impacted and targeted by cybercriminals than any nation-state threat actor in general." [08:23]
He contends that the allure and media portrayal of APTs overshadow the more immediate and widespread threats posed by cybercrime.
6. The Role of Federal Organizations
The discussion turns to federal agencies like the Cybersecurity and Infrastructure Security Agency (CISA) and their focus areas. Dave acknowledges the challenges these agencies face due to limited resources but points out the persistent bias toward APTs:
"I do think there is still a bias in what we're thinking about what we're looking at from sort of a national level, you know, sort of assessment." [15:50]
He praises international counterparts, such as the UK's National Crime Agency (NCA), for effectively prioritizing ransomware and disrupting cybercriminal operations through initiatives like Operation Endgame.
7. Societal and Emotional Impacts
Greg Rat expresses frustration over the lack of a robust response to cybercrimes compared to physical attacks:
"If a foreign nation were sending people here and physically shutting down hospitals, the response to that would be one of overwhelming force... And yet here we are." [17:27]
Dave Buettner echoes this sentiment, highlighting the human cost of cyberattacks:
"The impacts are so much greater to the general population and our communities at large... It’s a threat to our communities and our way of life and national security..." [18:10]
8. Shifting the Focus: Recommendations
To address the imbalance, Dave proposes several strategies:
-
Change the Mindset: Shift conversations to prioritize cybercrime alongside APTs, emphasizing both business and human impacts.
-
Focus on TTPs: Concentrate on Tactics, Techniques, and Procedures rather than the identity of the threat actors. Dave states:
"What are the major techniques that are being used by these adversaries? What are the ways that we can make sure that our organization is defended?" [20:11]
-
Public-Private Partnerships: Strengthen collaborations between government and private sectors to disrupt cybercriminal ecosystems, drawing lessons from successful operations like Operation Endgame.
9. Conclusion
The episode concludes with a reiteration of the research title and a call to action for listeners to engage with the findings. Dave emphasizes the importance of reevaluating industry priorities to better defend against the more immediate and widespread threats posed by cybercrime.
Selena Larson summarizes:
"The reality is most organizations are at a far greater risk of being targeted by cybercriminals." [20:11]
Key Takeaways
-
Bias in Focus: The cybersecurity industry disproportionately focuses on APTs linked to nation-states, potentially overlooking the pervasive threat of cybercrime like ransomware.
-
Real-World Impact: Cybercrime has significant real-life consequences, affecting individuals’ daily lives and essential services such as healthcare and education.
-
Resource Allocation: Organizations and federal agencies may need to reassess how they allocate resources to balance the focus between APTs and cybercriminals.
-
Strategic Defense: Emphasizing TTPs and fostering public-private partnerships can enhance defenses against both state-sponsored and financially motivated cyber threats.
Notable Quotes
-
Dave Buettner [02:10]: "Advanced Persistent Threats... are essentially only used for threat actors that are operating on behalf of states."
-
Greg Rat [12:18]: "You would just... say there was nothing we could do. We were attacked by foreign adversaries with endless resources."
-
Dave Buettner [08:23]: "The average organization is at a much, much greater risk of being impacted and targeted by cybercriminals than any nation-state threat actor in general."
-
Greg Rat [17:27]: "If a foreign nation were sending people here and physically shutting down hospitals, the response to that would be one of overwhelming force... And yet here we are."
This episode of CyberWire Daily underscores the need for the cybersecurity industry to broaden its focus, ensuring that the response to cyber threats is as comprehensive and nuanced as the threats themselves. By addressing biases and promoting strategic defenses, the industry can better protect organizations and individuals from the multifaceted dangers of the digital age.
![From small-time scams to billion-dollar threats. [Research Saturday] - CyberWire Daily cover](/_next/image?url=https%3A%2F%2Fmegaphone.imgix.net%2Fpodcasts%2F58ab7ae0-def8-11ea-b34c-b35b208b0539%2Fimage%2Fdaily-podcast-cover-art-cw.png%3Fixlib%3Drails-4.3.1%26max-w%3D3000%26max-h%3D3000%26fit%3Dcrop%26auto%3Dformat%2Ccompress&w=1200&q=75)