Can threat data exchanges offer a vaccine for cyber-attacks?
Sharing threat intelligence could be considered akin to a vaccine in the race to suppress cybercrime campaigns, the Anti-Phishing Working Group’s co-founder says.
The Anti-Phishing Working Group (APWG) is an international consortium linking businesses, cybersecurity vendors, law enforcement, and government agencies that are all working to clamp down on cybercrime.
Security professionals and organizations at large are fighting a constant battle against both existing and emerging threats.
Phishing scams are no longer limited to emails claiming the recipient has won the lottery, or messages from phony lawyers representing long-lost relatives worth millions of dollars.
Cyber fraudsters now also impersonate well-known and trusted brands with spoofed email addresses, seemingly legitimate but malicious domains, and everything from malvertising to mobile browser overlay techniques are now in play.
And as the coronavirus pandemic has contributed its own set of problems, sharing intelligence has become crucial to protecting consumers.
Detection, deflection, suppression
Founded in 2003 by David Jevans and Peter Cassidy, the APWG has transformed from a small outfit into an international security industry association representing more than 2,200 institutions.
APWG hosts the Symposium on Electronic Crime Research annual conference, runs cybersecurity awareness campaigns, and, most importantly, operates clearing houses for cybercrime-related machine event data.
In an interview with The Daily Swig, Cassidy – who also acts as APWG’s secretary general – said the organization provides resources for the “programmatic suppression of cybercrime” – and while the journey began in machine event data and metadata exchange, it has expanded to include both applied research and policy development.
“APWG has proven that data exchange for detection, deflection, and suppression of cybercrime is not a legal quagmire or a risk-fraught enterprise that would doom its participants, but a normal part of private sector and public sector engagement of a predictable risk – more or less like any other predictable risk that preceded cybercrime,” Cassidy said.
“In that pursuit, APWG has cleared billions upon billions of data entities to secure billions of devices through its members’ network – and educated millions of users.”
The organization says that upwards of a billion records per month are sent to members, informing them of new malicious events and alerts.
APWG has also forged a European branch, based in Barcelona, Spain, which acts as a non-profit research center.
Members range from private companies to NGOs and government entities, including ICANN, the European Commission, the United Nations Office of Drugs and Crime, Europol EC3, Accenture, AWS, McAfee, Microsoft, and PayPal.
APWG says its overall mission is to “unify the global response to cybercrime”. Indeed, many would argue that the need for actionable threat intelligence data has never been more critical.
According to APWG’s second-quarter phishing activity trends report (PDF), the average successful business email compromise (BEC) scam costs victims $80,183 – up from $54,000 in Q1 2020.
Webmail, SaaS applications, and social media are also now top targets.
Another challenge in the phishing landscape is an increase in fraudulent company and small business scams, says Cassidy, many of which are touting fake in-demand medical supplies such as face masks or PPE – a result of the Covid-19 outbreak.
The average BEC phishing scam costs organizations more than $80,000, according to the APWG
Old-timers’ new tricks
On October 15, Singapore-based cybersecurity firm Group-IB joined the APWG eCrime Exchange (ECX) intelligence sharing platform, giving the company access to curated phishing URLs, malicious IPs and domains, and other threat data.
As cyber-attacks continue to increase in scope and complexity, Cassidy says that being able to share vast repositories of threat data “is central to the objective of automating the suppression of predictable cybercrimes”, therefore this could free up professionals to focus on more sophisticated, complex attack vectors.
“The (now) old-timers in the space like Group-IB understand that experientially and intimately – blocklists don’t work if you don’t tell them which, for instance, URLs or wallet addresses to block,” Cassidy said.
“Look at it this way: the seasonal flu program that has saved, who knows, tens of millions of lives by now, is really a strain data exchange that informs an annual vaccine development routine. Different domains but the informatic architecture is the same – name target, neutralize target.”
The Covid-19 pandemic has disrupted businesses worldwide, but according to the executive, it has made the consortium more efficient if anything, as travel is restricted.
In addition, he told The Daily Swig that both memberships and data contributions are now “soaring”, and program proposals are “multiplying like we’ve never seen”.
Looking to the future, Cassidy said that there is now a focus on the economics of cybercrime, an area APWG considers an “unappreciated dimension in cybercrime intervention”.
If society can improve its understanding of the psychology and reasons individuals or groups turn to illegal digital activities, then, perhaps, it is possible to intervene before cyber-attacks occur.