Growing threat of cybercrime?
Growing threat of cybercrime?
Cybercrime is a continuously increasing threat. Not only to individuals but also to businesses of all shapes and sizes, across all sectors and industries. During the pandemic, incidents of cybercrime increased by an astounding 600 per cent. This makes cybercrime the fastest-growing crime in the world and companies and individuals are faced with more cyberattacks than ever before. Criminals are increasingly transitioning to the online space because that is where the money is. And the reasons for the popularity of cybercrime are easy to understand. It is basically a low risk crime that can provide very high payoffs. Cybercriminals can make millions with almost no chance of getting caught. This is because they are becoming increasingly sophisticated, collaborating across global networks and cybercrime centres like Russia and North Korea. And as cybercriminals have access to secure and anonymised payment systems it’s virtually impossible to catch them in the act.
As we are speeding towards a hyper-connected future, no global threat has grown as fast, or is as complex to understand, as cyberattacks. And unfortunately it isn’t a short-term challenge, either – it has become part and parcel of the new world we live in. There are many reasons why we are increasingly faced with cybercrime, some of which include inadequately protected IoT devices, ever larger volumes of data being generated, constantly changing security risks, a continuously expanding remote workforce, a global shortage of cybersecurity personnel, and so on.
An important challenge that leads to an increase in cyberthreats is the fact that smart devices connected to the Internet of Things (IoT) are inadequately protected. This makes them very easy and increasingly popular targets. Devices like smart TVs, air quality monitors, smart speakers, routers, smart doorbells, and smoke detectors can be hacked and used to access home networks, spy on users, and obtain sensitive data like financial information, passwords, or even chat logs.
Many IoT devices are manufactured and sold with inadequately secure default settings, which often remain unchanged after people start using them in their homes. They have hardcoded or easily guessable passwords, and insufficiently secured network services, ecosystem interfaces, backend APIs, and cloud and mobile interfaces are another huge problem. Then there’s the fact that off-brand IoT devices are often fitted with cheaper and insufficiently secured or outdated software components, bringing vulnerabilities right into people’s homes. Furthermore, when it comes to sensitive information – whether during data transfer or stored on the device itself – IoT devices often lack access control or encryption.
And every day, tons more of these smart devices are connected to the Internet of Things. In fact, according to Statista, the total number of installed IoT-connected devices worldwide is projected to reach an astounding 30.9 billion units by 2025, a significant increase from the 13.8 billion units connected to the IoT in 2021. This leads to astronomical amounts of data being generated, harvested, shared, and stored in the cloud. As a result, the likelihood of cybercriminals getting their hands on this – often critical or private – information also grows exponentially. This leads to scenarios in which companies as well as private individuals become increasingly vulnerable to ransomware attacks. Mark Brandau, principal analyst at research and advisory company Forrester, says: “The mountain of data is continuing to compound. Organisations are trying to collect more information, and they’re trying to do more with it. But as they do that, the risk keeps going up. It’s a very interesting dilemma. We know we have to do better and get better data, but with more data, the risk goes up.”
Cybersecurity is constantly challenged and risks are continuously changing; not only due to hackers but also because of privacy issues, data loss, substandard risk management and changing cybersecurity strategies. The evolving nature of security risks is one of the most problematic elements of cybersecurity. With each new technology that emerges, and with each new way the tech is used, different methods of attack are also being developed. And it is extremely challenging to keep up with these constant changes – not only in terms of the technologies developed, but also in terms of the ever shifting attack avenues deployed, and in terms of adapting how we prepare for and respond to attacks
Mainly as a result of the pandemic, many companies have decided to adopt hybrid work models or even transition to a fully remote workforce. But these distributed work environments pose various significant cybersecurity challenges. While traditional offices generally have solid cybersecurity measures in place to protect company assets as well as employees, protecting remote workers is another thing altogether. Remote employees need to access cloud-based applications and sensitive data remotely, and there is generally insufficient software and hardware infrastructure in place to support safe communication and secure data transmission as well as monitor cyber threats. Because of this, cyberattackers are increasingly targeting remote and hybrid employees. What’s more, hybrid workspaces often lack physical security as well, which makes them very challenging to monitor, putting organisations at increased risk.
Another important challenge is the fact that cybersecurity personnel are in very short supply, which impacts the way in which we can respond to and mitigate cyberthreats.
According to the Cybersecurity Workforce Study by the International Information System Security Certification Consortium (ISC)², the global cybersecurity talent shortage currently sits at more than 4 million people. Furthermore, overworked cybersecurity personnel are struggling to keep up with their jobs’ challenges, while employers are struggling to prevent them from leaving. According to a global study of cybersecurity professionals by industry analyst firm Enterprise Strategy Group (ESG) and Information Systems Security Association (ISSA), in which more than 500 cybersecurity professionals were surveyed, almost 60 per cent say a shortage of cybersecurity skills has had a negative impact on the organisation they work for.
The number, complexity, and variety of cyberattacks continuously increase, and according to the Cisco Annual Cybersecurity Report, the advent of network-based ransomware worms even enables attackers to launch attacks without any human intervention. And while cyberattacks are predominantly carried out for extortion and monetary gain, some more recent attacks seem to be aimed specifically at data destruction or political activism. Here’s an overview of the most common types of cyberattacks.
Malware is malicious software that is commonly spread by seemingly legitimate downloads or email attachments. Malware makes use of network vulnerabilities to infiltrate a system and can include computer viruses, worms, spyware, Trojan horses, and any other program or file that can harm a computer. Once inside the system, malware can retrieve data from your hard drive, deny access to critical network components, and even render an entire system unusable. A virus can infect an application where it replicates and infects code in the computer system. Worms are programs that move and replicate across computers and networks and are used to overload email servers. Spyware is, as the name suggests, a type of spy program that gathers data about users, their systems and even their browsing habits. This information is used to download and install malicious programs or for blackmailing purposes. A Trojan is a malicious program that hides inside a legitimate program and is used to provide cybercriminals with access to computer systems.
A Structured Query Language (SQL) injection enables an attacker to manipulate a database. An SQL injection can be used to access and retrieve information that was not intended to be displayed, such as private client details, user lists, or sensitive company data. During an SQL attack, malicious code is ‘injected’ using server query language – usually into a search or comment box on an unprotected website. This enables hackers to send their own requests to a database and forces the server to release protected data. Now they can execute a range of nefarious activities, from manipulating the information in a database for their own ends to stealing sensitive data. According to Kaspersky Lab, because of the prevalence of websites and servers that use databases, SQL injection attacks are among the oldest and most widespread cyber assaults. Automated SQL injection programs that are freely available from open source developers enable cybercriminals to automatically perform attacks with just a few clicks and within only a few minutes.
Phishing attacks involve sending mass amounts of fraudulent emails from seemingly legitimate sources to get sensitive information. The fraudulent emails contain links to a malicious script or file that enable cybercriminals access to your device. Once they have gained access, they can take over the control of your device, install malicious files or scripts or extract information such as login details, banking information, credit card numbers, and so on. Attacks can also be carried out via direct messaging or social networks where cybercriminals collect information about your interests, work, and activities. They use this information to convince the victim that they are someone the victim knows.
The increasingly ubiquitous internet and its many connected devices – such as our cell phones, camera’s, smartwatches, smart appliances, locks, and many others – enable lots of convenience but also present a limitless amount of access points for attackers. These access points become entryways for the exploitation of countless other devices connected to the Internet of Things. The number of IoT devices is growing at an unprecedented pace, with more than a million new devices connecting to the internet every day. These devices all generate, transmit, and exchange significant amounts of data. Not only to and amongst themselves, but also across network environments, to and from remote workers at remote offices, and to and from public clouds. This makes it extremely complicated to monitor, track and secure this data. IoT devices are easy targets and are increasingly hijacked and weaponised to carry out all kinds of cyberattacks. Some IoT devices already have integrated malware and can be remotely controlled or have their functionality disabled.
During a MITM attack, the cybercriminal ‘inserts himself’ in the middle of a data transmission or conversation between two or more people. He does this to manipulate or steal data (logins, account details, credit card information) or to eavesdrop or impersonate one of the parties, all the while making the attack appear as a legitimate exchange of information. You can see it as a postman opening your credit card statement to copy all the important information, and then closing the envelope to put it in your postbox. During this type of attack the cybercriminal makes use of network vulnerabilities, like an unprotected public WiFi, and typically targets users of financial applications, e-commerce sites or other websites where logins are required. Man-in-the-middle attacks are extremely difficult to detect, as the victim believes the information he sends is transmitted to a legitimate destination. Information harvested during MITM attacks could be used for illicit password changes, identity theft, or unauthorised money transfers.
A Distributed Denial of Service (DDoS) attack is when multiple compromised computer systems, networks, servers, services, applications, devices, and even specific transactions within applications flood a system or website with requests for data. These attacks can consist of hitting a database with extremely high volumes of queries, or sending a web server so many requests to serve a page that the available internet bandwidth, CPU and RAM capacity become overloaded and crash under the demand. This renders systems unable to process and fulfill legitimate requests. DDoS attacks can be carried out by many types of threat actors, ranging from individual criminals to organised crime rings and even governments. Typical targets including e-commerce sites, online casinos and any organisation or business that provides online services. Although DDoS attacks are relatively easy and cheap to implement, they vary significantly in complexity and can have a devastating impact. Once underway, it is nearly impossible to stop a DDoS attack, which can lead to significant business risks and lasting debilitating effects.
Social engineering attacks come in many different forms and encompass a wide range of malicious activities that are carried out through human interaction. During social engineering attacks, cybercriminals make use of psychological manipulation to trick a victim into providing sensitive information or making security mistakes. First, the attacker gathers background information on the target, such as weak security protocols or potential points of entry. Second, the attacker establishes trust by impersonating bank or tax officials, colleagues, or other persons who have right-to-know authority. The attackers ask questions to verify the victim’s identity, through which they gather important personal information, such as personal addresses, telephone numbers, phone and bank records, and social security numbers. The fact that social engineering attacks don’t rely on vulnerabilities in operating systems or software, but on human error, makes these attacks particularly dangerous.
You can become a victim of ransomware attacks when malware enters your computer via a website that has been hacked (or a legitimate website with malicious ads), when you download infected files, when you install apps or programs from unknown sources, when you open a malicious attachment or link in an email, and various other ways. Ransomware locks you out of your computer and prevents access to your data until you pay a large payment in cryptocurrency. It’s very difficult to defend your systems against this type of malware, whereas the code behind it is easy to get hold of via online criminal marketplaces. Ransomware often targets organisations with huge volumes of sensitive (consumer) data and cyber insurance policies, which makes them more likely to pay large sums of money, like medical institutions, government organisations, supermarket chains, media conglomerates, banks, universities, and so on.
Cybercriminals are increasingly purchasing Attacks-as-a-Service tools, with criminal organisations even selling access to botnets or infected machines within organisations and businesses, significantly lowering the entry barrier for other hackers. Users don’t need to be skilled to use these services, empowering even the most inexperienced hackers to carry out highly sophisticated cyberattacks. Most of these services circulate in the underground economy and are based on either a convenient flat-rate or a subscription fee. The tools are very user-friendly and customer-oriented, and even provide easy to use admin consoles and dashboards to monitor and manage profits ‘earned’. Criminal organisations sell or lease access to entire botnets and control infrastructures on cloud architectures that can be used to steal sensitive information or launch massive DDoS attacks against specific targets. Some subscription-based models – such as Ransomware-as-a-service – even enable affiliates to earn a percentage of each successful ransom payment.
Cybercrime has significantly expanded and recently transitioned from harming computers, networks, and smartphones to targeting cars, people, plans, railways, power grids, infrastructure, and basically anything with an electronic pulse that’s connected to the Internet of Things (IoT). Here are some fairly recent notorious cyberattacks.
In December 2020, a massive, highly sophisticated supply chain attack by APT29, an organised cybercrime group connected to the Russian government, was detected. The SolarWinds attack, named after its target – US information technology firm SolarWinds – also spread to the firm’s clients and went undetected for months. During the attack, malware was injected into the company’s software updates that were supposed to provide performance enhancements and bug fixes. As customers downloaded the Trojan Horse installation packages from SolarWinds, attackers were able to access the systems running SolarWinds products. The SolarWinds attack compromised about 100 companies – including Intel, Microsoft, and Cisco – and approximately twelve federal agencies – including the Pentagon and the Treasury, Justice and Energy departments – and is considered one of the most serious cyber espionage attacks on the US to date.
On 21st March 2021 Chicago-based insurance giant CNA Financial Corp. fell victim to a sophisticated ransomware attack that exposed the personal information of thousands of policyholders, contractors, and employees. The cybercriminals used malware called Phoenix Locker, a variant of the ‘Hades’ ransomware created by Russian cybercrime syndicate Evil Corp, also known as the REvil cybercrime group. The attack led to a network disruption that affected systems like corporate email and reduced the functionality of the firm’s website to a static display. More than 75,000 people were affected by the cyberattack, which revealed personal identification, social security numbers and names. CNA Financial initially ignored the ransom demands and pursued various options to recover their files instead of engaging with the hackers. A week after the attack, however, the firm entered into negotiations with the hackers, who demanded $60 million. CNA eventually paid $40 million to regain control of its systems. According to experts familiar with ransomware negotiations, the payment was larger than any previously disclosed payments to hackers.
On 2 July 2021, a catastrophic global ransomware attack caused widespread downtime for more than 1000 companies worldwide, including hundreds of Coop supermarkets in Sweden, where point-of-sale tills and self-service checkouts had become inoperable. The attack was part of a worldwide attack in which Miami-based software company Kaseya, a provider of remote management app solutions, was the main target. By exploiting software security gaps, the cybercriminals managed to infect between 800-1500 small to medium-sized companies worldwide that use Kaseya customer systems with an encryption Trojan – disguised as a software update – by the REvil cybercrime group. The ransomware locked data in encrypted files, after which hackers demanded $70 million to restore the data. Besides the Coop chain of stores, many other companies around the world were affected by this attack. “This was probably the biggest ransomware attack of all time”, said Ciaran Martin, cybersecurity professor at Oxford University. REvil reported to have infected more than a million systems.
Businesses as well as individuals are more vulnerable than ever when it comes to not only the financial implications of a cyberattack but the reputational repercussions as well.
The costs of cybercrime are on the rise across the globe, increasing by 15 per cent per annum, according to the CyberSecurity Ventures 2021 cyberwarfare report. It’s estimated that by 2025 cybercrime will cost businesses across the world .5 trillion per year – compared to trillion in 2015. “If it were measured as a country, then cybercrime – which is predicted to inflict damages totaling $6 trillion globally in 2021 – would be the world’s third-largest economy after the US and China”, according to the report. In 2021, cybercrime cost the global economy an astounding $11.4 million per minute, according to San Francisco-based cybersecurity company Risk IQ.
And a report by Cybersecurity Ventures estimates that global cybercrime costs will grow by 15 percent per year over the next five years, reaching $10.5 trillion annually by 2025. These costs encompass theft of intellectual property and personal and financial information, fraud, destruction of data, loss of productivity, stolen money, embezzlement, forensic investigation, disruption of business activities, restoration of hacked systems and data, and reputational damage.
Businesses need to be more prepared than ever before to mitigate the risk of cyberattacks, especially now that more and more people work remotely, the number of IoT devices in use is seeing exponential growth, extreme amounts of data are being generated and transmitted, and security risks are constantly changing. Below, we have listed the most important cybersecurity best practices to follow to improve your protection against cyberattacks.
In a corporate setting, it’s important to be aware of how many devices contain important data and to minimise (sensitive) data transfers. Be sure to implement measures to prevent unauthorised access to or the loss or misuse of sensitive data. The best way to do this is to use encryption tools for data that’s either transmitted over the internet or stored in a device. Only those who have a key will be able to decrypt the data. Password protection is another way to keep your data from falling into the wrong hands. It’s important to choose a complex mix of characters and to change passwords on a regular basis.
Make sure that you enable your network security. Most people have multiple devices connected to their network, such as TVs, computers, tablets, smartphones, gaming consoles, and wearables. Ensure each device connected to your network has the latest versions of security software, operating systems, and browsers.
It’s also important to secure your router by renaming your network and changing the configurations, and to choose a security key that contains a minimum of 12 characters. Be sure to update the software of your (home) office network on a regular basis and install a network firewall to guard your network against malicious traffic and unauthorised access attempts. To further reduce network security risks, remove any services or software on your network that you don’t use. And lastly, to ensure that no one has access to your webcam, block your camera and only grant camera and microphone access to apps and websites that you trust and know are safe.
Identity management should be one of the most important parts of your cybersecurity efforts. Not prioritising this could result in data breaches as well as compliance and customer trust issues. Identity and access management involves protecting the access to data and verification of people’s identities by means of passwords and usernames (which are becoming notorious for being very easy to crack) or biometric authentication technologies. Ideally, your business should implement multifactor authentication (MFA), which can include time of request and geolocation monitoring, physical biometrics, and even behavioural biometrics. This ensures that only certain individuals have access to (sensitive) information and, in the event of a data breach, enables you to determine who accessed your information.
Cloud network security focuses on minimising the chances of cybercriminals accessing, changing, or destroying information on a public or private cloud network. The unique aspects of cloud environments require different security measures than on-site networks. As cloud networks can easily be expanded without direct involvement from IT departments, chances are that this new infrastructure isn’t securely configured and is, therefore, constantly vulnerable to cyberattacks. Assets in a cloud continuously appear and disappear, as a result of serverless computing and autoscaling. This pretty much renders traditional security measures like vulnerability scanning useless.
Due to the high rate of change it is virtually impossible to maintain a complete and constantly up-to-date picture of the cloud environment. Some important cloud computing security features and services to implement include a top-notch firewall solution to scan and analyse files to determine their source, destination, and integrity. Intrusion detection systems with event logging capabilities are important as well. They manage traffic between every network resource, user, and environment, control access to every part of the cloud network, and protect critical assets and data from exposure. Data encryption is important to keep sensitive information from falling into the wrong hands.
Human error is an important contributor to cybersecurity breaches. In fact, according to some studies, human error is the second major cause. The most common human errors that lead to cybersecurity breaches include misdirected emails at work, which can lead to data theft or loss, such as important customer information. Another human error that gives cybercriminals the opportunity to compromise systems and steal data is when patches to fix software vulnerabilities and prevent breaches are not immediately applied by employees. Substandard passwords resulting in compromised user credentials is another factor that contributes to cybersecurity breaches and can severely compromise the company’s network.
While it’s impossible to completely eliminate human error, organisations can minimise them by creating a security-focused company culture, training employees on cybersecurity and educating them on the impact of mistakes – such as falling for phishing scam or downloading malicious malware. Companies should also prioritise implementing multi-factor authorisation and biometric security, monitoring employee activity, verifying all logins, using encrypted password managers, and regularly testing application security to spot and fix security gaps.
The latest software on the market is ‘self-healing’ cybersecurity software, which – much like our human immune system – repairs itself when under attack from malignant viruses. Self-healing cybersecurity systems can ‘sense’ when they don’t operate optimally and autonomously carry out adjustments so that they can resume normal operations. The self-healing capabilities of this cybersecurity software offer many benefits as they enhance security control efficacy, optimise asset management, and improve help desk services. This cybersecurity technology was jointly developed by Dutch bank ABN AMRO and the Netherlands organisation for applied scientific research, TNO. Martijn Dekker, CISO of ABN AMRO says: “Self-healing security software looks very promising. We are continuously exploring and experimenting with new technologies to see how much security they will be able to offer in the future. It’s a good way to learn from bioscience and to apply this knowledge to our IT systems.” The software will soon also become available to the public.
It’s quite clear that vulnerabilities are not easy to fix and that the threat of cyberattacks will never be fully eliminated. That would require completely disconnecting our lives, which would not only be undesirable but virtually impossible, as almost everything we do depends on connectivity. It enables us to search the internet, gives us access to top of the range medical treatment, allows us to communicate faster and more efficiently than ever before, and enables electricity, water, and food supplies. In short – connectivity has become critical to each and every aspect of our lives. We will need to find ways to live with a certain amount of danger and take steps to prevent cybercriminals from exploiting our vulnerabilities. This is a serious challenge, however. As technologies keep evolving into super-intelligent, almost self-sustainable systems, it will become increasingly difficult to predict where, when, and how cyberthreats will occur. Prevention, detection, and counteraction are still the best measures against cyberattacks, but we need to be very serious about this, as billions more hackable, unpatchable, and non-upgradable devices will be connected to the global digital grid in the next few years.
Article written by: Richard van Hooijdonk who is a futurist, keynote speaker and trendwatcher, an authority on new technology.
Amsterdam, North Holland, Netherlands