Cybercrime Is Changing

Uploaded on 2016-03-22 in NEWS-News Analysis, GOVERNMENT-Law Enforcement, FREE TO VIEW, BUSINESS-Services-Law

The anonymous and borderless nature of cybercrime puts every organisation at potential risk

Once considered an irksome pastime of geeky teens, cybercrime has grown up fast. In 2014 its annual cost to the global economy was estimated at US$445 billion.

A 2015 Hewlett Packard-sponsored study of large US companies found cyber-attacks growing “in frequency and severity” in every sector, at an average yearly cost per company of more than $15 million. Cybercrime’s increasing scale and sophistication have elevated it into a full-fledged illicit industry.

Unlike legitimate businesses, cybercriminals are not constrained by national borders and operate under a cloak of anonymity. This can make it especially difficult for law enforcement agencies, acting on their own within a strict jurisdiction, to catch them and be ready for the next attack.

That is why, in 2014, INTERPOL inaugurated the Global Complex for Innovation (IGCI) in Singapore, which coordinates anti-cybercrime efforts internationally using a digital ecosystem mostly operated by the private sector, as well as expertise from academia. As this diverse partnership suggests, defeating cybercrime will entail a paradigm shift for public and private organisations alike.

Two types of cybercrime

Broadly speaking, law enforcement divides cybercrime into two categories:

  • Advanced cybercrime – sophisticated attacks on computer hardware and software;
  • Cyber-enabled crime – illegal activity that exploits the Internet in some way (e.g. terrorism, human trafficking, money laundering)

But the two often blur together nowadays, as when hackers steal databases of customer information from companies and hawk them on “DarkNet” websites (such as the now-closed Silk Road), where other illicit items including drugs and weapons can often also be found.

The online black market gives hackers a quick and easy way to profit from purloined data without putting themselves at further risk, not to mention a strong incentive to continue plying their destructive trade and refining their technique. This is emblematic of a broader trend.  Cybercriminals are becoming less and less motivated by anti-establishment ideology and the desire for bragging rights, and more by cold hard cash. Consequently, no organisation should consider itself too small or obscure to merit hackers’ notice.

Ransomware

Case in point: A number of local police departments in the United States have fallen victim to ransomware attacks. Outmatched by the perpetrators, officials had no choice but to pay the relatively modest sums demanded to regain access to their files. But don’t let the small dollar amounts fool you: Once all the takings are tallied, ransomware attacks are big business. The group behind Cryptowall 3, an especially virulent ransomware campaign from 2015, reportedly reaped $325 million in profits from victims.

INTERPOL has helped shutter black-market portals used by cybercriminals to market themselves as ransomware hackers for hire. Anyone with access to the “DarkNet” could provide a target URL, fill in an online form, and pay a fee (usually in a crypto-currency such as bitcoin) – and without so much as exchanging an email with a cybercriminal, they could then download a kit allowing them to deliver ransomware to their target.

“Zombie army”

Not all collaborations between hackers and the outside world are consensual. Cybercriminals commonly scale up their operations by assembling a network of malware-infected computers, also known as botnets or “zombie armies”. Unbeknownst to their owners, bots can be remotely deployed to distribute spam or shut down target websites with a sudden flood of traffic, a/k/a a “distributed denial-of-service (DDoS) attack”.

To evade detection, advanced “bot herders” route infected computers through rendezvous points, rather than issuing marching orders to the network directly. Domain name generation algorithms (DGAs) help conceal the address of the rendezvous point, essentially burying it under a tidal wave of auto-generated domain names (as many as 50,000 per day). The volume can be so great that websites have temporarily shut down as a result of the surge in traffic that occurred when a DGA happened to spit out their domain name.

As authorities caught on to the scheme, hackers developed more complicated DGAs. For example, INTERPOL recently came across one designed to churn out unintelligible domain names based on the most recent foreign exchange rates from the European Central Bank.
INTERPOL has been working with the Internet Corporation for Assigned Names and Numbers (ICANN), the non-profit responsible for overseeing the Internet’s domain name structure, to prevent these abuses.

Prevention

Most cyber-attacks begin with a single infected file that ends up on a computer’s hard drive, very often first appearing as an email attachment. Smaller public agencies (police departments, hospitals, etc.) often fall victim due to scant IT and training resources. But even large organisations may not be able to shore up every weak point. A regularly updated, “cold” data backup is your best option to minimize damage in case you get hacked.

Meanwhile, the ICGI continues to be a global hub for the development of more proactive solutions in the fight against cybercrime. It provides a neutral platform for international collaboration among its 190 members. Last year, for example, INTERPOL coordinated joint efforts among police in five countries (among them Russia, the Netherlands and the United States) to take down Simda Botnet, which was thought to have infected over 770,000 computers.

Barclays recently announced it would be the first financial institution to have a full-time cybercrime analyst working hand-in-hand with INTERPOL and other IGCI experts.  “The scale and complexity of today’s Cyberthreat landscape means cooperation across all sectors is vital”, commented IGCI Executive Director Noboru Nakatani.

Greater awareness among the general public is needed too. In the current public mindset, internet-based threats simply don’t loom as large as more tangible concerns. That needs to change, now that global cybercrime syndicates have the ability to do serious damage to the fundamental institutions of our world.

Gilles Hilary is The Mubdala Chaired Professor of Corporate Governance and Strategy at INSEAD.

Christophe Durand is INTERPOL’s central point of contact for cyber strategy.

This article is based on ideas shared at the latest INSEAD Risk Breakfast.

INSEADhttp://ow.ly/ZMWUe

« ISIS Hackers Publish US Police Officers’ Private Details
Facial Recognition Might Stop the Next Brussels »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

Exploit Database (EDB)

Exploit Database (EDB)

The Exploit Database is a CVE compliant archive of public exploits and corresponding vulnerable software, developed for use by penetration testers and vulnerability researchers.

Virus Bulletin

Virus Bulletin

Virus Bulletin is an online security information portal and certification body, providing users with independent intelligence about the latest developments in the global threat landscape.

Illumio

Illumio

Illumio delivers adaptive security for every computing environment, protecting the 80% of data center and cloud traffic missed by the perimeter.

Rafael

Rafael

Rafael has more than 15 years of proven experience in the cyber arena providing solutions for national security as well as commercial applications.

SQNetworks

SQNetworks

SQNetworks provides a full range of cybersecurity consultancy, services and solutions.

Ioetec

Ioetec

Ioetec's mission is to connect users to their IoT devices securely, ensuring these devices remain safe to use in our increasingly connected world.

Hunters.AI

Hunters.AI

Hunters is the world's first autonomous hunting solution that leverages top-tier cyber expertise and AI to uncover hidden cyber threats.

American Cybersecurity Institute

American Cybersecurity Institute

American cybersecurity Institute is a newly formed not-for-profit organization dedicated to education, advocacy, study and analysis in the space of cybersecurity law and policy.

Solidified

Solidified

Solidified is the largest audit platform for smart contracts. Our community has the highest concentration of top Blockchain security specialists and best-in-class code auditors.

Citalid

Citalid

The Citalid cyber risk management platform combines threat and business intelligence to identify the risks scenarios you face.

Cutting Edge Technologies (CE Tech)

Cutting Edge Technologies (CE Tech)

CE Tech is a Next Generation Technology Partner providing advanced technology infrastructure solutions through partnerships with leading technology providers.

GrayMatter

GrayMatter

GrayMatter provides Advanced Industrial Analytics, OT Cybersecurity, Digital Transformation and Automation & Control services to clients across the U.S. and Canada.

Fenix24

Fenix24

Fenix24 is an industry leader in the incident-response space. We ensure the fastest response, leading to the full restoration of critical infrastructure, data, and systems.

TPx Communications

TPx Communications

TPx is a leading managed services provider offering a full suite of managed IT, unified communications, network connectivity and security services.

Cypago

Cypago

Cypago provides a powerful yet easy-to-use Compliance Orchestration Platform to automate the compliance process end-to-end.

Prompt Security

Prompt Security

Prompt Security provides an LLM agnostic approach to ensure security, data privacy and safety across all aspects of Generative AI.