A primary concern is the impact of these attacks on businesses, the lifeblood of the economy. A recent survey showed that 43% of cyber attacks target small businesses, 75% of which have no cyber insurance. In the wake of these attacks, these companies spent an average of $879,582 because of damage or theft of IT assets. In addition, disruption to normal operations costs an average of $955,429.
The consequences can be severe and it has been reported that 60% of small companies go out of business within six months of a cyber attack.
Cybercrime is sometimes mistakenly perceived as a victimless crime, however cybercriminals cause their victims emotional, physical and financial trauma,
Terri Howard works for FEI behavioural health, a company that provides support and services to companies in the aftermath of critical incidents. At the ISC Congress in Florida last year, she commented:
“Victims often feel that there has been an invasion of their privacy. People feel victimised, that they’ve suffered a traumatic experience. It is the very same feelings that victims of assault experience. They’re upset, they’re depressed, they feel guilt.”
For some people, the threat of their stolen data being used is as traumatic as it actually happening. Howard referred to the Ashley Madison breach, when a man committed suicide after email threats to expose him. His name was never actually leaked.
1. Virtual Bank Heists
2016 was a year of increased intensity, featuring multi-million dollar virtual bank heists. Until recently, cybercriminals mainly targeted bank customers, raiding accounts or stealing credit cards. However, a new breed of attacker has bigger ambitions and is targeting the banks themselves, sometimes attempting to steal millions of dollars in a single attack.
Gangs such as Carbanak have pulled off a string of attacks against US banks. The Banswift group stole $81 million from Bangladesh’s central bank by exploiting weaknesses in the bank’s security, infiltrating its network, stealing its SWIFT credentials, allowing them to make fraudulent transactions.
2. Cyber Espionage
The world of cyber espionage experienced a notable upsurge and activity was carried out to destabilise and disrupt targeted organisations and countries. Cyber attacks against the US Democratic Party led to the leak of stolen information, becoming one of the main talking points of the US presidential election. The US Intelligence Community attributed the attacks to Russia.
2016 saw two attacks involving destructive malware. Disk-wiping malware was used against targets in Ukraine in January and again in December, attacks which also resulted in power cuts. Trojan Shamoon reappeared after a four-year hiatus and was used against multiple organisations in Saudi Arabia.
3. Business email compromise (BEC) scams
BEC scams which rely on carefully composed spear-phishing emails caused over $3 billion of theft in the past three years.
During the US elections, a simple spear-phishing email provided access to Hillary Clinton’s campaign chairman, John Podesta’s Gmail account without the use of any malware or vulnerabilities.
4. Spam botnets-for-hire
The availability of spam botnets-for-hire, such as Necurs, allowed ransomware groups to mount massive email campaigns during 2016, pumping out hundreds of thousands of malicious emails daily.
Attackers are demanding more and more from victims with the average ransom demand in 2016 rising to $1,077, up from $294 a year earlier.
Attackers have honed a business model that usually involves malware hidden in innocuous emails, unbreakable encryption, and anonymous ransom payment involving cryptocurrencies.
5. Internet of Things (IoT)
The Internet of Things (IoT) is the concept that any device can be connected to an on-off switch to the internet, from our headphones to our washing machines.
Mirai emerged last year, a botnet composed of IoT devices such as routers and security cameras that carried out the largest DDoS attack ever experienced. Distributed Denial of Service attacks amount to a huge numbers of individual systems – usually hijacked – flooding a website with traffic, causing its servers to collapse. Weak security made these devices vulnerable targets for attackers. Several of Mirai’s targets were cloud-related services, such as DNS provider Dyn.
This, along with the hacking of millions of MongoDB databases hosted in the cloud, shows how cloud attacks have become a reality and are likely to increase in 2017.
In the past year RSA, has confirmed that 60% of fraud transaction come from a mobile device. As mobile traffic is ever-increasing and overtakes web transactions, mobile fraud will rapidly grow, especially as banks and retailers serve their customers via mobile apps.
Biometric authentication is starting to happen now and user experience is the motivation over cybersecurity.
Fingerprint, voice, and eyeprint, combined with risk-based transaction monitoring, will be the predominant technology combinations for authentication and fraud management in mobile devices.
2. Card-not-present (CNP) fraud
It is predicted that the launch of 3D Secure 2.0, led by EMVCo will change the e-commerce ecosystem. The new system offers many enhancements to the 1.x password-based, “challenge all” approach. As the scope for in-person fraud diminishes, card-not-present (CNP) fraud is expected to soar to over $7 billion in the U.S. by 2020. Today, online money transfer and bill pay services account for approximately 1 in 5 e-commerce fraud transactions, followed by the hospitality and airline, electronics, jewellery, fashion, entertainment and gaming industries.
Phishers will aim to increase the duration of a live attack through improved methods. It is also a strong possibility that clever phishing attacks will target cardholder information as breaches and skimming of POS terminals and ATM machines will be far less effective as more terminals are upgraded to support EMV cards.
Ransomware is malicious software designed to block access to a computer system, until a sum of money is paid. Increasingly, ransom payments are requested via bitcoin: an untraceable online currency.
From credential-stealing modules like one known as CryptXXX to “aggressive” file encrypts such as Locky, the various forms of ransomware demonstrate today’s cyber criminals’ ingenuity and persistence when it comes to stealing data.
Stephen Wright, General Manager at Cyber Skills Centre, predicts the threat posed by ransomware will only get worse:
“Recently, the most prevalent and newsworthy attacks have been ransomware-based. In the coming 12 months, these will likely have greater sophistication and possibly move to also targeting households, individuals, and mobile devices”.
5. Internet of Things (IoT) attacks
The recent success of Amazon Echo and Google Home demonstrate that IoT is the future for technology in the home. However as the IoT grows and the number of connected devices increases, experts predict that related hacking will escalate.
It is predicted that 96% of senior business leaders will be using IoT by 2020 and, at the moment, this is one of the weakest areas in terms of security.
Up to 200 billion IoT devices will need security by 2020.
6. 3D-printed fingerprints
With advanced technology at hackers’ fingertips, we could have scenarios in which an attacker gains access “to a critical system,” warns Stephen Wright.
He explains: “We often think of fingerprint or retinal scanning being the ultimate passwords, but combine high-quality photography with advanced 3D printing and there’s no reason someone couldn’t copy your fingerprint just by taking a photo of your hand in just the right position”.
Whatever the future holds for cybercrime, one thing is certain: businesses of all sizes will need to have security strategies in place if they want to protect their assets.
There is a global shortage of cybersecurity professionals equipped with the skills required to fight the increasing sophistication and expertise of cybercriminals.
Cybersecurity unemployment rate has dropped to zero percent and it is predicted that unfilled cybersecurity jobs will reach 1.5 million by 2019.
Should we harness techniques based around artificial intelligence, machine learning and deep learning, rather than recruiting and training more humans to fill this skill deficit in the employment market? After all – a specially programmed AI can ‘think’ about cybersecurity in more complex detail than a human.
1. IBM’s Watson – The next superhero of cybercrime?
IMB’s Watson made its debut in 2011 as a winning contestant on the American quiz show Jeopardy! Originally, the cognitive computing system was designed to take large, unstructured datasets in the English language and pull answers to queries out of that data. Watson has evolved to work on large data sets looking for patterns, rather than the answer to a specific question. For instance alongside the Baylor College of Medicine to help with the study of kinases, an enzyme that can sometimes indicate cancer.
With large quantities of data the speed of using augmented intelligence is impressive. For example, while a doctor may read about 6 medical research papers in a month, Watson can read half a million in circa 15 seconds. From this, machine learning can suggest diagnoses and advice on a course of treatment.
Inevitably, IBM Watson, like its literary namesake, is now working to solve cybercrime.
The Watson for Cybersecurity beta program now helps 40 organisations to use the computer’s cognitive power to help spot cybercrime.
Currently, cybersecurity operations, generally, require a human to spend their time going through alerts of potentially malicious activity – a repetitive and time-consuming process. Teams process over 200,000 security events per day on average and over 20,000 hours per year can be wasted in the pursuit of false alarms.
Cognitive computing is 30-40 percent faster than traditional rule-based systems and results in fewer false positives. Because it learns as it goes, it doesn’t repeat the same mistakes. The more it analyses, the more AI can understand malware and fraudulent activity patterns, which is something that will help cybersecurity professionals level in the fight against hackers.
2. AI Squared (AI2)
Researchers from MIT have created a virtual AI analyst. The platform, AI Squared (AI2), is able to detect 85 percent of attacks – roughly three times better than current benchmarks – and also reduces the number of false positives by a factor of five, according to MIT.
AI2 was tested using 3.6 billion log lines generated by over 20 million users in a period of three months. The AI trawled through this information and used machine learning to cluster data together to find suspicious activity. Anything which flagged up as unusual was then presented to a human operator and feedback was issued.
3. Deep Learning
While there are a number of companies using machine learning to fight hacking and cybercrime, there are those who are already looking to take the technology to the next level with the use of deep learning. One of those is Israeli firm Deep Instinct, which lays claim to being the first company to apply deep learning to cybersecurity.
Deep Instinct aims to detect previously unknown malicious threats, the sorts of attacks that might otherwise slip through the net, because they’re too new to be noticed.
It’s simple for malicious software developers to enable their creations to evade detection, as slight modification of the code can make it unrecognisable. However, that can be made much more difficult with the introduction of deep learning.
“We’re trying to make the detection rate as close as possible to 100 percent and make life as difficult as possible for creators of new lines of malware. Today, it’s very easy; they modify a few lines of malware code and manage to evade detection by most solutions. But we hope to make life very difficult for them with detection rates of 99.99 percent,” commented Dr Eli David, Deep Instinct’s CTO and artificial intelligence expert.
Part 1: Can Artificial Intelligence & Robots fight the Cybercrime Epidemic?
Part 2: The impact of these attacks on both businesses and individuals
Part 3: The potential of AI and machine learning to fight Cybercrime