Cybercrime Is Changing

Uploaded on 2016-03-22 in NEWS-Cybersecurity News, GOVERNMENT-Law Enforcement, FREE TO VIEW, BUSINESS-Services-Law

The anonymous and borderless nature of cybercrime puts every organisation at potential risk

Once considered an irksome pastime of geeky teens, cybercrime has grown up fast. In 2014 its annual cost to the global economy was estimated at US$445 billion.

A 2015 Hewlett Packard-sponsored study of large US companies found cyber-attacks growing “in frequency and severity” in every sector, at an average yearly cost per company of more than $15 million. Cybercrime’s increasing scale and sophistication have elevated it into a full-fledged illicit industry.

Unlike legitimate businesses, cybercriminals are not constrained by national borders and operate under a cloak of anonymity. This can make it especially difficult for law enforcement agencies, acting on their own within a strict jurisdiction, to catch them and be ready for the next attack.

That is why, in 2014, INTERPOL inaugurated the Global Complex for Innovation (IGCI) in Singapore, which coordinates anti-cybercrime efforts internationally using a digital ecosystem mostly operated by the private sector, as well as expertise from academia. As this diverse partnership suggests, defeating cybercrime will entail a paradigm shift for public and private organisations alike.

Two types of cybercrime

Broadly speaking, law enforcement divides cybercrime into two categories:

  • Advanced cybercrime – sophisticated attacks on computer hardware and software;
  • Cyber-enabled crime – illegal activity that exploits the Internet in some way (e.g. terrorism, human trafficking, money laundering)

But the two often blur together nowadays, as when hackers steal databases of customer information from companies and hawk them on “DarkNet” websites (such as the now-closed Silk Road), where other illicit items including drugs and weapons can often also be found.

The online black market gives hackers a quick and easy way to profit from purloined data without putting themselves at further risk, not to mention a strong incentive to continue plying their destructive trade and refining their technique. This is emblematic of a broader trend.  Cybercriminals are becoming less and less motivated by anti-establishment ideology and the desire for bragging rights, and more by cold hard cash. Consequently, no organisation should consider itself too small or obscure to merit hackers’ notice.

Ransomware

Case in point: A number of local police departments in the United States have fallen victim to ransomware attacks. Outmatched by the perpetrators, officials had no choice but to pay the relatively modest sums demanded to regain access to their files. But don’t let the small dollar amounts fool you: Once all the takings are tallied, ransomware attacks are big business. The group behind Cryptowall 3, an especially virulent ransomware campaign from 2015, reportedly reaped $325 million in profits from victims.

INTERPOL has helped shutter black-market portals used by cybercriminals to market themselves as ransomware hackers for hire. Anyone with access to the “DarkNet” could provide a target URL, fill in an online form, and pay a fee (usually in a crypto-currency such as bitcoin) – and without so much as exchanging an email with a cybercriminal, they could then download a kit allowing them to deliver ransomware to their target.

“Zombie army”

Not all collaborations between hackers and the outside world are consensual. Cybercriminals commonly scale up their operations by assembling a network of malware-infected computers, also known as botnets or “zombie armies”. Unbeknownst to their owners, bots can be remotely deployed to distribute spam or shut down target websites with a sudden flood of traffic, a/k/a a “distributed denial-of-service (DDoS) attack”.

To evade detection, advanced “bot herders” route infected computers through rendezvous points, rather than issuing marching orders to the network directly. Domain name generation algorithms (DGAs) help conceal the address of the rendezvous point, essentially burying it under a tidal wave of auto-generated domain names (as many as 50,000 per day). The volume can be so great that websites have temporarily shut down as a result of the surge in traffic that occurred when a DGA happened to spit out their domain name.

As authorities caught on to the scheme, hackers developed more complicated DGAs. For example, INTERPOL recently came across one designed to churn out unintelligible domain names based on the most recent foreign exchange rates from the European Central Bank.
INTERPOL has been working with the Internet Corporation for Assigned Names and Numbers (ICANN), the non-profit responsible for overseeing the Internet’s domain name structure, to prevent these abuses.

Prevention

Most cyber-attacks begin with a single infected file that ends up on a computer’s hard drive, very often first appearing as an email attachment. Smaller public agencies (police departments, hospitals, etc.) often fall victim due to scant IT and training resources. But even large organisations may not be able to shore up every weak point. A regularly updated, “cold” data backup is your best option to minimize damage in case you get hacked.

Meanwhile, the ICGI continues to be a global hub for the development of more proactive solutions in the fight against cybercrime. It provides a neutral platform for international collaboration among its 190 members. Last year, for example, INTERPOL coordinated joint efforts among police in five countries (among them Russia, the Netherlands and the United States) to take down Simda Botnet, which was thought to have infected over 770,000 computers.

Barclays recently announced it would be the first financial institution to have a full-time cybercrime analyst working hand-in-hand with INTERPOL and other IGCI experts.  “The scale and complexity of today’s Cyberthreat landscape means cooperation across all sectors is vital”, commented IGCI Executive Director Noboru Nakatani.

Greater awareness among the general public is needed too. In the current public mindset, internet-based threats simply don’t loom as large as more tangible concerns. That needs to change, now that global cybercrime syndicates have the ability to do serious damage to the fundamental institutions of our world.

Gilles Hilary is The Mubdala Chaired Professor of Corporate Governance and Strategy at INSEAD.

Christophe Durand is INTERPOL’s central point of contact for cyber strategy.

This article is based on ideas shared at the latest INSEAD Risk Breakfast.

INSEADhttp://ow.ly/ZMWUe

« ISIS Hackers Publish US Police Officers’ Private Details
Facial Recognition Might Stop the Next Brussels »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall (and why does it matter)?

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall (and why does it matter)?

Watch this webinar to hear security experts from Amazon Web Services (AWS) and SANS break down the myths and realities of what an NGFW is, how to use one, and what it can do for your security posture.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

AhnLab

AhnLab

AhnLab provides a range of information security solutions including network security, endpoint security, antivirus and consulting services.

Usenix

Usenix

Usenix brings together the community of engineers, system administrators, scientists, and technicians working on the cutting edge of computing.

Galois

Galois

Galois specializes in the research and development of new technologies that solve the most difficult problems in computer science.

Cyber Execs

Cyber Execs

Cyber Execs is a Cyber Security Consultancy & Executive Recruitment firm.

sayTEC

sayTEC

sayTEC's mission is to develop and deliver next-generation products and services in encrypted data and voice transmission.

Cryptshare

Cryptshare

Cryptshare is a communication solution that enables you to share e-mails and files of any size securely.

Bright Machines

Bright Machines

Bright Machines delivers intelligent, software-defined manufacturing by bringing together our flexible factory robots with intelligent software, production data and machine learning.

ERI

ERI

ERI is the largest fully integrated IT and electronics asset disposition provider and cybersecurity-focused hardware destruction company in the United States.

CyberCube

CyberCube

CyberCube provide world-leading cyber risk analytics for the cyber insurance market.

Thrive

Thrive

Thrive delivers the experience, resources, and expertise needed to create a comprehensive cyber security plan that covers your vital data, SaaS applications, end users, and critical infrastructure.

KETS Quantum Security

KETS Quantum Security

KETS harnesses the properties of quantum mechanics to solve challenging problems in randomness generation and secure key distribution and enable ultra secure communications.

TriCIS

TriCIS

TriCIS design and engineer highly secure integrated solutions that meet the highest government and military security standards, providing information assurance to organisations across the globe.

Radius Technologies

Radius Technologies

Radius Technologies is trusted by progressive SMEs to deliver world-class cloud, IT solutions, IT and data security, and telecoms systems.

C2 Risk

C2 Risk

C2 Risk are focussed on risk analytics for information assurance, privacy and ESG (Environmental, Social, and Governance).

Thero6

Thero6

Thero6 develop dynamic financial analysis algorithms that help prevent coin collapses and theft of cryptocurrency funds by identifying the transaction absolutely throughout the chain.

Chaos Computer Club (CCC)

Chaos Computer Club (CCC)

The Chaos Computer Club is Europe's largest association of hackers.