Interview: Alastair Paterson, Co-Founder & CEO, Digital Shadows

Written by

Since 2011, the team at Digital Shadows has made a name for itself as specialists in industry trend research, identifying unwanted exposure, defending against threats and helping companies to minimize their digital risk.

The company is now in its eighth year, and Infosecurity recently spoke to Alastair Paterson, co-founder and chief executive officer, to find out what Digital Shadows has been up to recently, explore some key recent threat changes and shifts, and ask whether cybercrime really is evolving quicker than security.

What’s new with Digital Shadows?

We’ve just celebrated two big anniversaries! This month marked the eighth year since James Chappell and I founded the company and our first year in the new London office. More importantly, we have been growing the international side of the business. We opened our offices in Frankfurt and Singapore last year, and we have now added to that with staff on the ground in Australia and Japan. This is in addition to our channel program which now has 170 partners in over 30 countries. Furthermore, we have also recently launched our Photon Research Team, a unique combination of intelligence experts, language specialists, data scientists and security engineers that are needed to understand and monitor today’s threat environment, including monitoring cyber-criminal activity 24×7. We have done this to not only protect our clients but also the wider business community via the sharing of information to security practitioners across the globe.

What are the key recent changes/shifts in the cybercrime threat landscape that Digital Shadows has been seeing, and what do they mean?

Every week, 50% of our customers detect exposed sensitive data. The most common types we see are technical information, employee credentials, sensitive documents (such as exposed contracts or employee pay stubs), intellectual property and customer data. To be clear – a lot of this data is accidental exposure from misconfigured systems or those used by third parties such as suppliers or contractors, but of course, cyber-criminals continue to aggressively seek to gain access to this information too. We found evidence of this in a recent look at extortion. The introductory barriers for this type of crime continue to get lowered via criminal forums, which sell access to compromised systems and openly discuss useful tactics or sell guides on how to conduct extortion-type attacks. A big trend however seems to be a shift away from large criminal market places into more specialized forums. Operation Bayonet truly ‘spooked’ the cyber-criminal community and eroded trust amongst cyber-criminals. It now appears that Dream Market – the closest incarnation to AlphaBay and Hansa – has closed, with reasons still unclear, but many criminals suspect the hand of law enforcement. So instead, criminals are turning to more niche channels on platforms such as Telegram and Discord where they believe they are safer.

Is cybercrime still evolving and moving quicker than security?

Yes, and it will continue to do so, but it would be a big mistake to think that a threat must be brand ‘new’ to catch a firm or individual out. SQL injection attacks have been around for 15 years or more but still breach firms daily. Social engineering remains a serious threat – it is still the case that the biggest weakness in organizations isn’t systems, but people. Also, there has been a longer-term trend for criminals to move away from ‘scatter gun’ to more targeted attacks aimed at specific companies and/or individuals. Business email compromise is a major threat we see but extortion is also on the rise and we recently found that criminal groups are promising salaries averaging the equivalent of $360,000 per year to accomplices who can help them target high-worth individuals, such as company executives, lawyers and doctors with extortion scams.

To try and counter the fact that criminals move quicker than security, digital risk protection is geared towards helping organizations stay one step ahead. Criminals talk and collaborate with each other. By seeing a lot of these conversations, we can help organizations gain insight as to what is likely to be next on their radar.

What might the next year have in store in terms of cybercrime evolution?

I think we’ll see increased fragmentation of the criminal ecosystem into greater areas of specialism. Already we see more and more niche forums dedicated to specialist areas such as insider trading and exploits against specific systems. Criminals are also seeking to cover their tracks to a greater extent with encrypted messaging platforms such as Telegram gaining in popularity.

Unfortunately, criminals are continuing to be successful with their attacks and often target mid-size firms which have smaller security budgets and teams than larger organizations. As such it is important for organizations such as ourselves to continue to innovate and increase our coverage so we give our clients a full picture of how criminals are operating. With this, firms are in a better place to deploy their resources and take the action they need to take to help keep themselves secure.

What’s hot on Infosecurity Magazine?