Raconteur

cybersecurity-2019

Issue link: https://raconteur.uberflip.com/i/1084979

Contents of this Issue

Navigation

Page 7 of 11

C Y B E R S E C U R I T Y 8 Silk Road website, which ran on online black market in illicit drugs. The dark web thrives as a treasure trove of automated software applications which can be used to troll and attack vulnerable accounts automatically. "A cybercriminal can simply purchase any number of password-cracking programs and can rent or purchase exploit kits which con- tain many attack tools," says Corey Milligan, one of the US Army's first cyber operations technicians and now a senior threat intelli- gence analyst at Armor Defense, a cloud secu- rity firm in Texas. "The kits are designed to make it quite trivial for an average computer user to successfully attack various vulnera- bilities and then distribute malware or poten- tially wipe a victim's hard drive." Cybercrime in the dark web is thriving, especially as people can be hired through third parties to conduct attacks. "The great- est impact they can have is when they are hired to do something for somebody else," adds Mr Milligan. In effect, a whole new underground industry has emerged, dubbed "malware as a service". And as the IoT expands, so too will opportunities for commercial and criminal growth. According to Intel, we are moving from a world of two billion smart, wirelessly con - nected objects in 2006, to a world of 200 bil- lion by 2020. By 2021, half a billion of these will be wearable devices. Dr Janusz Bryzek, a Silicon Valley guru who pioneered sensor technology, predicts that within 20 years there will be 45 trillion networked sensors, devices which detect and respond to physical environmental changes such as light, heat, sound, moisture and pressure. Already, attacks on connected devices, including routers, cameras, thermostats, electronic appliances and alarm clocks, are among the top cybercrime targets. But com - panies are not doing enough to protect these devices, preferring to get them on the market without delay. "The risk is global. Regardless of the size of your business, or what sector you're in, if you're connected to the internet, you're at risk, as anyone can find you and any of the assets you have connected," says Mr Milligan. Most businesses remain dramatically behind the curve on safeguarding against these heightened risks. In 2018, the Ipsos MORI Cyber Security Breaches Survey found that four in ten businesses and a fifth of charities had experienced a cyberattack. The findings led King's College London's Cyber Security Research Group this January to call on the UK government to name and shame companies whose cybersecurity meas - ures fail to protect the data of consumers. Complacency is not an option. In a taste of things to come, one of the largest electric power companies in America, Duke Energy, was hit with a $10-million regulatory fine in early-February for 130 violations of physical and cybersecurity standards. If companies fail to act now, governments will have little choice but to make them pay later. he internet of things (IoT) has been hailed as ushering in a technologi- cal revolution that will transform our lives for the better. With every conceiv- able tool and device we use seamlessly inter- connected through the cloud, everything we do from work to leisure will be increasingly automated, efficient and easily configurable in ways that were previously unimaginable. But even before the IoT revolution has fully arrived, associated costs are rising exponen- tially. A new Accenture report estimates that businesses could incur up to $5.2 trillion over the next five years in additional costs and lost revenue due to cybercrime "as depend- ency on complex internet-enabled business models outpaces the ability to introduce ade- quate safeguards that protect critical assets". According to the report, some 80 per cent of business leaders admit having a hard time ensuring their companies are protected. And it's not just businesses. Government fig- ures reveal that UK residents are more likely to be a victim of cybercrime or fraud than any other offence. While the costs to legitimate businesses and consumers escalate, so do profits for cybercriminals. A 2018 University of Surrey study conservatively estimates that cyber- crime carried out on well-known platforms such as Amazon, Facebook and Instagram rakes in a cool $1.5 trillion, equivalent to the GDP of Russia. This is not even particularly sophis- ticated cybercrime. According to study author criminologist Dr Michael McGuire, these platforms are being used to evade tax, move money, trade illicit drugs and sell fake goods. As technology advances, the oppor- tunities for such crime will transform. "In a world where almost every instruction, process, transaction and secret is located in cyberspace, there could be a wealth of oppor- tunities for criminals," warns an October 2018 report from the UK Ministry of Defence Global Strategic Trends programme. With relatively low startup costs and potentially huge profits, organised cybercrime has an obvious business appeal, the report says, especially for "people in countries with lim- ited economic opportunities". Most cyberattacks in the European Union, for instance, actually come from outside the region. And like any other business, cybercrimi- nals are rapidly investing in innovations and new techniques to improve their productiv- ity. A report by the Tel Aviv-based global IT security firm Check Point Software Technol- ogies highlights how cybercrime methods have become "democratised" and available to anyone willing to pay for them. "Cybercriminals are successfully explor- ing stealthy new approaches and business models, such as malware affiliate programs, to maximise their illegal revenues while reducing their risk of detection," says Peter Alexander at Check Point. Maya Horowitz, Check Point's director of threat intelligence and research, paints a picture of an increasingly corporatised approach to cybercrime. Attacks involve organised teams of programmers, corpo - rate insiders, IT technicians and phishing experts. These teams even issue job ads for new roles for the next hack. This sort of activity has been facilitated by the dark web, a hidden part of the internet where criminals can act undetected, using complex encryption and anonymisation tools. The dark web first hit the headlines in 2013 when the FBI shut down the notorious T Nafeez Ahmed Trillion-dollar industry hidden in the dark web The low startup costs and huge profits associated with cybercrime have resulted in a thriving industry, and no companies – regardless of sector or size – are safe from its reach C Y B E R C R I M E Bromium 2018 ANNUAL RE VENUES OF CYBERCRIME Conservative estimates, based on data drawn from five of the highest profile and lucrative varieties of revenue-generating cybercrimes $1.5trn Total cost Illicit, illegal online markets Crimeware and ransomware Data trading, such as stolen financial information Trade secrets, IP theft $860bn $3bn $160bn $500bn

Articles in this issue

Links on this page

Archives of this issue

view archives of Raconteur - cybersecurity-2019