When cybercriminals targeted the UK nursery chain Kido, it represented a disturbing new low for the hackers. They threatened to expose personal data about young children and their families, shocking parents and cybersecurity experts alike.

The Kido hack is far from an isolated incident. Cyberattacks have struck organizations across many sectors in the last year, disrupting businesses from retail to manufacturing.

These recurring attacks highlight an important reality—cybercrime has become a very profitable activity. While the official advice is not to pay hackers, the frequency of these attacks suggests that many companies do. They will want to avoid losing their data or having their business and reputation damaged. But most will never admit to paying up.

Whenever there is money involved, more criminals want to participate—which has led to cybercrime becoming an organized industry. Cybercrime has shifted from individual and uncoordinated group attacks to an established business model that generates revenue and mirrors genuine companies.

This model has its own supply chains, affiliates (for example, criminals who use the malware rather than developing it) and even customer support.

The cybercrime ecosystem has evolved to run using the “as-a-service” model. For legitimate businesses, this is an efficiency model that lets them pay to use something “as a service,” rather than purchasing it. Just as businesses use software or security as a service, criminals have mirrored this model into a similar underground economy of cybercrime.

In this underground market, hackers sell ready-made malware, rent out botnets (networks of infected devices), and run payment platforms. They even go as far as providing customer support and help pages for the criminals they serve.

Their customers may shop for ransomware as a service when looking to extort ransoms from victims. Others, looking to cause disruption rather than financial gain, rent botnets to conduct “denial of service” attacks that flood the victim’s systems with traffic and disable them.

In the cybercrime economy, criminals known as “initial access brokers” act as middlemen. These are skilled cybercriminals who break into systems, providing the initial access and selling it as a package for others to use.

The packages often include stolen data, usernames and passwords, or even direct access to compromised networks. This essentially opens the door for cybercriminals with fewer skills to compromise businesses.

Business is booming

This business model is not only thriving right now—it will also persist. That’s just simple economics—everyone involved in the “business” benefits. This includes the experienced hackers and malware developers who take their cut, the brokers selling bundled services and the service-hosting and payment-platform providers taking their share. It also includes the affiliate criminals carrying out attacks and collecting their profits.

This makes it low-risk and profitable, effectively the definition of a successful business. Societal attitudes towards hackers often glamorize them as genius outsiders, while hacking itself—particularly when large corporations are the target—can mistakenly be seen as a lesser crime.

But the truth is that when the cybercrime business model succeeds, it has a lasting impact on the wider economy. Trust in businesses in the UK and beyond is damaged.

The attacks on UK retailers such as M&S and Co-op were carried out using a cybercrime service called DragonForce. This is available for a fee, reportedly set at 20% of the ransom payment. In the case of M&S and Co-op, it caused major disruption to their operations, and millions of pounds in losses.

Meanwhile, the attack on the Jaguar Land Rover (JLR) caused production at the carmaker to be halted for weeks, resulting in a huge loss.

The JLR attack caused a ripple effect on sales, deliveries, the workforce and smaller businesses in the supply chain. These companies may face bankruptcy if proceeds from the loan underwritten by the government do not reach them all.

To interrupt this recurrence of attacks, it’s vital to break the cybercriminals’ model by addressing the two fundamentals that make it successful.

First, businesses should stop paying the criminals. As long as they pay, criminals will try their luck. But it is reported that nearly 50% of companies do pay up. This is money that will fuel this crime and encourage the hackers.

Second, companies must build better resilience into their infrastructure and operations. While companies’ security has improved greatly, they are still not investing enough in things such as AI to improve their resilience to attack and their ability to keep operating (or at least to minimize disruption).

This was evident in the attacks on UK businesses. It took M&S four months to restore all of its services, while JLR’s production will not be at full capacity for several weeks.

Both Harrods and Co-op maintained operations during their incidents. This minimized interruptions, prevented large data losses and reduced the financial hit to the businesses.

There are no quick fixes, but there are steps businesses can take to make cybercrime less profitable for criminals and less disruptive for victims. The UK government is heading in the right direction with the Cyber Security and Resilience Bill and its consultations on ransomware payments.

But the real change must come from companies themselves. Without commitment, the strongest policy and legislation will remain words on paper. While prevention remains critical for a company, resilience if the worst happens is what really decides how much damage an attack can cause.

If companies can maintain operations and refuse to pay ransoms, cybercriminals lose their extortion power. And without that power there will be less profit and so less interest. But maybe most importantly, fewer families like those affected by the Kido attack will worry about their children’s data being held hostage.

This article is republished from The Conversation under a Creative Commons license. Read the original article.

Fooled into following a hacker’s rogue commands, a drone is liable to do any number of things. Fly erratically. Speed up. Slow down. Hang suspended in the air. Reverse course. Take a new course. And, most dangerously: Crash.

What the compromised drone cannot do, however, is regain control. Lost to its original assignment—whether it’s delivering a package, inspecting an aging bridge or monitoring the health of crops—the machine is essentially useless.

At FIU, cybersecurity researchers have developed a series of countermeasures to fight back mid-flight against hostile takeovers.

Because drones are essentially flying computers, they are subject to the same software and hardware exploitation as their land-bound counterparts. But current drone-defense techniques fail to monitor all possible vulnerabilities.

FIU’s technology, called SHIELD, is different. Keeping watch over the entire control system, it picks up on subtle cues of malicious activity. It then identifies the kind of attack—even the stealthiest ones that often slip under the radar—before launching an attack-specific recovery process. The findings were presented at the IEEE/IFIP International Conference on Dependable Systems and Networks.

“Without robust recovery mechanisms, a drone cannot complete its mission under attacks, because even if it is possible to detect the attacks, the mission often gets terminated as a fail-safe move,” said Mohammad Ashiqur Rahman, lead researcher and associate professor in FIU’s Knight Foundation School of Computing and Information Sciences.

“What’s important about our framework is that it helps the system recover, so the mission can be completed.”

Safeguarding the security of drones may soon become more important than ever before. This summer, the Federal Aviation Administration proposed expanding commercial drone use across industries. From Amazon deliveries to agriculture, the FAA expects more businesses to deploy unmanned aircraft, raising questions about safety in the face of increasingly sophisticated cyber threats.

Traditionally, attack detection has revolved around sensors that help the drone perceive its surroundings and fly safely. But these sensors can be easily manipulated. For example, in “GPS spoofing,” hackers transmit fake coordinates to trick the drone into taking a different trajectory.

Sophisticated cyberattacks, though, bypass the sensors and go straight for the control or actuation system, sneaking malware into the drone’s hardware.

“This is why a detection and recovery system that only takes into account the sensors misses the bigger picture,” says Muneeba Asif, Ph.D. candidate in Rahman’s research group and study author. “It will be blind to other attacks that happen across the system and at different levels.”

SHIELD goes further by monitoring the drone’s entire control system. It detects abnormalities not just in sensors but also in the hardware. For example, the battery and computer components reveal a lot. Sudden surges in battery power or overworked processors are strong indicators that an attack is in progress.

The research team, which also includes FIU students Jean Tonday Rodriguez and Mohammad Kumail Kazmi, compares their approach to how a doctor arrives at a final diagnosis. A symptom (in this case, sensor data) doesn’t always reveal the underlying cause of an illness. Physical evidence (what’s happening with the battery), though, can provide a better idea of what’s going on.

And, just as every diagnosis dictates a different treatment, the researchers also find each attack needed a more tailored recovery plan.

Through multiple hardware-in-the-loop simulations in the lab, researchers learned that every attack leaves behind a unique signature and impacts the drone‘s system differently. So, the team trained AI machine learning models to spot abnormalities in the data, use the data to classify the attack and roll out the prescribed recovery protocol. In the lab, all of this happened in less than a second. Average detection time was 0.21 seconds, and recovery 0.36 seconds.

Next, Rahman’s research group will scale up testing, preparing SHIELD for real-world deployment.

With drones poised to reshape commerce, infrastructure monitoring, disaster response and more, FIU researchers say securing them is no longer optional.

“Reliable and secure drones are the key to unlocking future advancements,” Rahman said. “It’s our hope this work can play a role in moving the industry forward.”

Amazon Prime Day comes around but once, or twice, or maybe like three times (?) a year, and it’s a great time to stock up on tech, including grabbing one of the best soundbars you can buy on sale. This Sonos Beam Gen 2 Prime Day soundbar deal certainly qualifies, offering clear and expressive performance and a ton of features for a serious discount during Amazon’s Prime Big Deal Days event.

Before you go, don’t forget to check out our Absolute Best Prime Day deals roundup and our Prime Day liveblog for tons more ways to save big.

Small but Stout

Style meets substance has long been the Sonos ethos, and the Beam Gen 2 exemplifies that brilliantly. You’ll find carefully designed curves, slick touch controls, and a compact chassis that fits on any console and below virtually any TV.

The Beam’s sound quality is among the best in its class, with only Bose’s Smart Soundbar keeping pace. While the Bose bar provides better Dolby Atmos effects thanks to dedicated upfiring drivers, Sonos’ bar offers more low-end muscle and impressive frequency balance, along with some solid virtualized Atmos effects.

As with other Sonos products, the Beam Gen 2 is loaded with networking features, including tons of supported streaming services over Wi-Fi in the Sonos app, third-party connectivity like Apple AirPlay and Spotify Connect, and the ability to connect with other Sonos speakers in surround sound or as part of a multi-room audio system.

The Sonos app has had its issues of late, but Sonos has spent plenty of time and toil fixing it since its relaunch with the Sonos Ace. It has worked fine for me for months, with my Sonos Era 100 and Era 300 standing among the most reliable speakers on my network.

The Beam Gen 2 is also a snap when it comes to connection and usability, connecting to your TV over HDMI eARC for simple control with your TV remote. It’s a highly capable little bar that can grow with your system as needed, and at this price, it’s an easy buy.

Power up with unlimited access to WIRED. Get best-in-class reporting and exclusive subscriber content that’s too important to ignore. Subscribe Today.