Cybercrime Is Changing

Uploaded on 2016-03-22 in NEWS-Cybersecurity News, GOVERNMENT-Law Enforcement, FREE TO VIEW, BUSINESS-Services-Law

The anonymous and borderless nature of cybercrime puts every organisation at potential risk

Once considered an irksome pastime of geeky teens, cybercrime has grown up fast. In 2014 its annual cost to the global economy was estimated at US$445 billion.

A 2015 Hewlett Packard-sponsored study of large US companies found cyber-attacks growing “in frequency and severity” in every sector, at an average yearly cost per company of more than $15 million. Cybercrime’s increasing scale and sophistication have elevated it into a full-fledged illicit industry.

Unlike legitimate businesses, cybercriminals are not constrained by national borders and operate under a cloak of anonymity. This can make it especially difficult for law enforcement agencies, acting on their own within a strict jurisdiction, to catch them and be ready for the next attack.

That is why, in 2014, INTERPOL inaugurated the Global Complex for Innovation (IGCI) in Singapore, which coordinates anti-cybercrime efforts internationally using a digital ecosystem mostly operated by the private sector, as well as expertise from academia. As this diverse partnership suggests, defeating cybercrime will entail a paradigm shift for public and private organisations alike.

Two types of cybercrime

Broadly speaking, law enforcement divides cybercrime into two categories:

  • Advanced cybercrime – sophisticated attacks on computer hardware and software;
  • Cyber-enabled crime – illegal activity that exploits the Internet in some way (e.g. terrorism, human trafficking, money laundering)

But the two often blur together nowadays, as when hackers steal databases of customer information from companies and hawk them on “DarkNet” websites (such as the now-closed Silk Road), where other illicit items including drugs and weapons can often also be found.

The online black market gives hackers a quick and easy way to profit from purloined data without putting themselves at further risk, not to mention a strong incentive to continue plying their destructive trade and refining their technique. This is emblematic of a broader trend.  Cybercriminals are becoming less and less motivated by anti-establishment ideology and the desire for bragging rights, and more by cold hard cash. Consequently, no organisation should consider itself too small or obscure to merit hackers’ notice.

Ransomware

Case in point: A number of local police departments in the United States have fallen victim to ransomware attacks. Outmatched by the perpetrators, officials had no choice but to pay the relatively modest sums demanded to regain access to their files. But don’t let the small dollar amounts fool you: Once all the takings are tallied, ransomware attacks are big business. The group behind Cryptowall 3, an especially virulent ransomware campaign from 2015, reportedly reaped $325 million in profits from victims.

INTERPOL has helped shutter black-market portals used by cybercriminals to market themselves as ransomware hackers for hire. Anyone with access to the “DarkNet” could provide a target URL, fill in an online form, and pay a fee (usually in a crypto-currency such as bitcoin) – and without so much as exchanging an email with a cybercriminal, they could then download a kit allowing them to deliver ransomware to their target.

“Zombie army”

Not all collaborations between hackers and the outside world are consensual. Cybercriminals commonly scale up their operations by assembling a network of malware-infected computers, also known as botnets or “zombie armies”. Unbeknownst to their owners, bots can be remotely deployed to distribute spam or shut down target websites with a sudden flood of traffic, a/k/a a “distributed denial-of-service (DDoS) attack”.

To evade detection, advanced “bot herders” route infected computers through rendezvous points, rather than issuing marching orders to the network directly. Domain name generation algorithms (DGAs) help conceal the address of the rendezvous point, essentially burying it under a tidal wave of auto-generated domain names (as many as 50,000 per day). The volume can be so great that websites have temporarily shut down as a result of the surge in traffic that occurred when a DGA happened to spit out their domain name.

As authorities caught on to the scheme, hackers developed more complicated DGAs. For example, INTERPOL recently came across one designed to churn out unintelligible domain names based on the most recent foreign exchange rates from the European Central Bank.
INTERPOL has been working with the Internet Corporation for Assigned Names and Numbers (ICANN), the non-profit responsible for overseeing the Internet’s domain name structure, to prevent these abuses.

Prevention

Most cyber-attacks begin with a single infected file that ends up on a computer’s hard drive, very often first appearing as an email attachment. Smaller public agencies (police departments, hospitals, etc.) often fall victim due to scant IT and training resources. But even large organisations may not be able to shore up every weak point. A regularly updated, “cold” data backup is your best option to minimize damage in case you get hacked.

Meanwhile, the ICGI continues to be a global hub for the development of more proactive solutions in the fight against cybercrime. It provides a neutral platform for international collaboration among its 190 members. Last year, for example, INTERPOL coordinated joint efforts among police in five countries (among them Russia, the Netherlands and the United States) to take down Simda Botnet, which was thought to have infected over 770,000 computers.

Barclays recently announced it would be the first financial institution to have a full-time cybercrime analyst working hand-in-hand with INTERPOL and other IGCI experts.  “The scale and complexity of today’s Cyberthreat landscape means cooperation across all sectors is vital”, commented IGCI Executive Director Noboru Nakatani.

Greater awareness among the general public is needed too. In the current public mindset, internet-based threats simply don’t loom as large as more tangible concerns. That needs to change, now that global cybercrime syndicates have the ability to do serious damage to the fundamental institutions of our world.

Gilles Hilary is The Mubdala Chaired Professor of Corporate Governance and Strategy at INSEAD.

Christophe Durand is INTERPOL’s central point of contact for cyber strategy.

This article is based on ideas shared at the latest INSEAD Risk Breakfast.

INSEADhttp://ow.ly/ZMWUe

« ISIS Hackers Publish US Police Officers’ Private Details
Facial Recognition Might Stop the Next Brussels »

CyberSecurity Jobsite
Check Point
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

ZenGRC

ZenGRC

ZenGRC (formerly Reciprocity) is a leader in the GRC SaaS landscape, offering robust and intuitive products designed to make compliance straightforward and efficient.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

Security Magazine

Security Magazine

Security, the business magazine for security executives, focuses on management issues facing top security professionals and effective solutions being employed, both physical and cyber.

National Authority Against Electronic Attacks (NAAEA) - Greece

National Authority Against Electronic Attacks (NAAEA) - Greece

The National Authority Against Electronic Attacks (NAAEA) is the national computer emergency response team of Greece.

World Wide Technology (WWT)

World Wide Technology (WWT)

WWT is a technology solution provider in the areas of big data, collaboration, computing and cloud, mobility, networking, security and storage.

Scanmeter

Scanmeter

Scanmeter helps identifying vulnerabilities in software and systems before they can be exploited by an attacker.

MagicCube

MagicCube

MagicCube is a device independent IoT security platform that protects against on-device, cloud, and network attacks.

Jobsora

Jobsora

Jobsora is an innovative job search platform in the UK and more than 35 other countries around the world. Sectors covered include IT and cybersecurity.

Sectra Communications

Sectra Communications

Sectra successfully develops and sells cutting-edge solutions in the expanding niche segments of medical IT and cybersecurity.

InfoLock

InfoLock

Infolock are experts in data governance, providing consulting and advisory services that help organizations effectively secure, manage, and optimize their data.

CYRISMA

CYRISMA

CYRISMA is a revolutionary cybersecurity platform that helps organizations manage risk without the usual headaches associated with enterprise cybersecurity tools.

Theta432

Theta432

THETA432 is a cybersecurity firm that provides 24/7/365 managed prevention, detection, response, Hybrid SOC, cyber defense monitoring services with dynamically defined defense (3D™).

Anjuna Security

Anjuna Security

Software from Anjuna Security effortlessly enables enterprises to safely run even their most sensitive workloads in the public cloud.

BLOCX

BLOCX

BLOCX is designed to address the ever-growing challenges of managing and securing digital devices, from personal computers to corporate networks.

Windstream

Windstream

Windstream is a leading provider of advanced network communications and technology solutions for consumers, small businesses, enterprise organizations and carrier partners across the US.

Abissi

Abissi

Abissi offer cyber intelligence, IoT security, automotive security, red teaming, application security and artificial intelligence security services, with a focus on security by design.

Sword Group

Sword Group

Sword is a leader in data insights, digital transformation and technology services with a substantial reputation in complex IT, business projects and mission critical operations.

HeroDevs

HeroDevs

HeroDevs is the trusted leader in providing secure, long-term support for deprecated open-source software.