As digital technology relentlessly disrupts and sculpts the global landscape it exposes organisations to opportunities and threats. All evolution comes with challenges and the dark world of cybercrime continues to thrive and is this year’s second most reported economic crime.
The recent NHS computer hack using Wanna Decryptor ransomware shut down IT systems with 75,000 attacks in 99 countries. The unprecedented ransomware breach froze computers across the health service with hackers threatening to delete files unless a ransom was paid.
Only last week the popular font sharing site DaFont.com was hacked, exposing 699,464 accounts in the breach. The passwords were scrambled with the MD5 algorithm, which nowadays is easy to crack. The hacker unscrambled over 98% of the passwords into plain text.
According to Zdnet.com, the unidentified hacker explained his motives for the attack:
“I heard the database was getting traded around so I decided to dump it myself – like I always do”. He said it was “mainly just for the challenge and training my pentest skills.” He exploited a union-based SQL injection vulnerability in the site’s software, a flaw he said was “easy to find.”
These attacks have unleashed a media frenzy, but what of the other undocumented attacks that are happening every minute?
Cybercrime can be committed with minimal resources and from a remote location. The same systems that have made it easier for people to conduct e-commerce and online transactions are now being exploited. Detection of criminals is difficult and it’s a relatively low risk activity for high rewards.
Last year, Ginni Rometty, IBM’s chairman, president and CEO, said “Cybercrime is the greatest threat to every company in the world.”
According to csoonline.com the costs of cybercrime will hit $6 trillion annually by 2021, up from $3 trillion just a year ago.
It is predicted that humans have moved ahead of machines as the top target for cybercriminals. Microsoft estimates that by 2020 4 billion people will be online – twice the number that are now.
In this article, we review the following areas:
- Cybercrime demystified: what is it?
- The impact of these attacks on both businesses and individuals
- The current state of Cybercrime
- Predictions of future Cybercrime
- How may we be able to use AI and Robotics to combat Cybercrime?
Cybercrime demystified: what is it?
Cybercrime is defined as a crime in which a computer is the object of the crime or is used as a tool to commit an offence. Crimes that target computer networks or devices include viruses and denial-of-service (DoS) attacks. Crimes that use computer networks to advance other criminal activities include cyberstalking, phishing and fraud or identity theft.
Broadly, cybercrime can be divided into three areas of attack:
Theft is rife in the cyberworld. Criminals can steal a person’s bank details and siphon off money; misuse credit cards to make numerous purchases online; run scams to convince people to part with money; use malicious software to gain access to an organisation’s website or disrupt systems. It can also damage software and hardware.
This crime is when a person’s computer is broken into and personal or sensitive information accessed. This differs from ethical hacking, which many organisations use to check their internet security protection. In hacking, the criminal uses a variety of software to enter a person’s computer and the person may not be aware that his computer is being accessed from a remote location.
This crime occurs when a person violates copyrights and downloads music, movies, games and software. There are peer sharing websites which encourage software piracy and illegal downloading .
This has become a major problem with people using the internet for cash transactions and banking services. In this cyber crime, a criminal accesses data about a person’s bank account, credit cards, debit cards and other sensitive information to siphon money or to buy things online in the victim’s name. It can result in significant financial losses for the victim, even ruining credit history.
These are Internet-based software or programs that are used to disrupt a network. The software is used to gain access to a system to steal sensitive information or data or causing damage to software in the system.
This type of cyber crime can be in the form of cyberstalking, distributing pornography, trafficking and “grooming”.
Crimes against a government are referred to as Cyber terrorism. This is the least common area of attack, however if successful, it can cause chaos and panic amongst citizens. Disruptions to last year’s U.S. electoral process was attempted by state-sponsored groups. The perpetrators may be terrorist organisations or hostile governments of other countries.
Part 1: Can Artificial Intelligence & Robots fight the Cybercrime Epidemic?
Part 2: The impact of these attacks on both businesses and individuals
Part 3: The potential of AI and machine learning to fight Cybercrime
A primary concern is the impact of these attacks on businesses, the lifeblood of the economy. A recent survey showed that 43% of cyber attacks target small businesses, 75% of which have no cyber insurance. In the wake of these attacks, these companies spent an average of $879,582 because of damage or theft of IT assets. In addition, disruption to normal operations costs an average of $955,429.
The consequences can be severe and it has been reported that 60% of small companies go out of business within six months of a cyber attack.
Cybercrime is sometimes mistakenly perceived as a victimless crime, however cybercriminals cause their victims emotional, physical and financial trauma,
Terri Howard works for FEI behavioural health, a company that provides support and services to companies in the aftermath of critical incidents. At the ISC Congress in Florida last year, she commented:
“Victims often feel that there has been an invasion of their privacy. People feel victimised, that they’ve suffered a traumatic experience. It is the very same feelings that victims of assault experience. They’re upset, they’re depressed, they feel guilt.”
For some people, the threat of their stolen data being used is as traumatic as it actually happening. Howard referred to the Ashley Madison breach, when a man committed suicide after email threats to expose him. His name was never actually leaked.
1. Virtual Bank Heists
2016 was a year of increased intensity, featuring multi-million dollar virtual bank heists. Until recently, cybercriminals mainly targeted bank customers, raiding accounts or stealing credit cards. However, a new breed of attacker has bigger ambitions and is targeting the banks themselves, sometimes attempting to steal millions of dollars in a single attack.
Gangs such as Carbanak have pulled off a string of attacks against US banks. The Banswift group stole $81 million from Bangladesh’s central bank by exploiting weaknesses in the bank’s security, infiltrating its network, stealing its SWIFT credentials, allowing them to make fraudulent transactions.
2. Cyber Espionage
The world of cyber espionage experienced a notable upsurge and activity was carried out to destabilise and disrupt targeted organisations and countries. Cyber attacks against the US Democratic Party led to the leak of stolen information, becoming one of the main talking points of the US presidential election. The US Intelligence Community attributed the attacks to Russia.
2016 saw two attacks involving destructive malware. Disk-wiping malware was used against targets in Ukraine in January and again in December, attacks which also resulted in power cuts. Trojan Shamoon reappeared after a four-year hiatus and was used against multiple organisations in Saudi Arabia.
3. Business email compromise (BEC) scams
BEC scams which rely on carefully composed spear-phishing emails caused over $3 billion of theft in the past three years.
During the US elections, a simple spear-phishing email provided access to Hillary Clinton’s campaign chairman, John Podesta’s Gmail account without the use of any malware or vulnerabilities.
4. Spam botnets-for-hire
The availability of spam botnets-for-hire, such as Necurs, allowed ransomware groups to mount massive email campaigns during 2016, pumping out hundreds of thousands of malicious emails daily.
Attackers are demanding more and more from victims with the average ransom demand in 2016 rising to $1,077, up from $294 a year earlier.
Attackers have honed a business model that usually involves malware hidden in innocuous emails, unbreakable encryption, and anonymous ransom payment involving cryptocurrencies.
5. Internet of Things (IoT)
The Internet of Things (IoT) is the concept that any device can be connected to an on-off switch to the internet, from our headphones to our washing machines.
Mirai emerged last year, a botnet composed of IoT devices such as routers and security cameras that carried out the largest DDoS attack ever experienced. Distributed Denial of Service attacks amount to a huge numbers of individual systems – usually hijacked – flooding a website with traffic, causing its servers to collapse. Weak security made these devices vulnerable targets for attackers. Several of Mirai’s targets were cloud-related services, such as DNS provider Dyn.
This, along with the hacking of millions of MongoDB databases hosted in the cloud, shows how cloud attacks have become a reality and are likely to increase in 2017.
In the past year RSA, has confirmed that 60% of fraud transaction come from a mobile device. As mobile traffic is ever-increasing and overtakes web transactions, mobile fraud will rapidly grow, especially as banks and retailers serve their customers via mobile apps.
Biometric authentication is starting to happen now and user experience is the motivation over cybersecurity.
Fingerprint, voice, and eyeprint, combined with risk-based transaction monitoring, will be the predominant technology combinations for authentication and fraud management in mobile devices.
2. Card-not-present (CNP) fraud
It is predicted that the launch of 3D Secure 2.0, led by EMVCo will change the e-commerce ecosystem. The new system offers many enhancements to the 1.x password-based, “challenge all” approach. As the scope for in-person fraud diminishes, card-not-present (CNP) fraud is expected to soar to over $7 billion in the U.S. by 2020. Today, online money transfer and bill pay services account for approximately 1 in 5 e-commerce fraud transactions, followed by the hospitality and airline, electronics, jewellery, fashion, entertainment and gaming industries.
Phishers will aim to increase the duration of a live attack through improved methods. It is also a strong possibility that clever phishing attacks will target cardholder information as breaches and skimming of POS terminals and ATM machines will be far less effective as more terminals are upgraded to support EMV cards.
Ransomware is malicious software designed to block access to a computer system, until a sum of money is paid. Increasingly, ransom payments are requested via bitcoin: an untraceable online currency.
From credential-stealing modules like one known as CryptXXX to “aggressive” file encrypts such as Locky, the various forms of ransomware demonstrate today’s cyber criminals’ ingenuity and persistence when it comes to stealing data.
Stephen Wright, General Manager at Cyber Skills Centre, predicts the threat posed by ransomware will only get worse:
“Recently, the most prevalent and newsworthy attacks have been ransomware-based. In the coming 12 months, these will likely have greater sophistication and possibly move to also targeting households, individuals, and mobile devices”.
5. Internet of Things (IoT) attacks
The recent success of Amazon Echo and Google Home demonstrate that IoT is the future for technology in the home. However as the IoT grows and the number of connected devices increases, experts predict that related hacking will escalate.
It is predicted that 96% of senior business leaders will be using IoT by 2020 and, at the moment, this is one of the weakest areas in terms of security.
Up to 200 billion IoT devices will need security by 2020.
6. 3D-printed fingerprints
With advanced technology at hackers’ fingertips, we could have scenarios in which an attacker gains access “to a critical system,” warns Stephen Wright.
He explains: “We often think of fingerprint or retinal scanning being the ultimate passwords, but combine high-quality photography with advanced 3D printing and there’s no reason someone couldn’t copy your fingerprint just by taking a photo of your hand in just the right position”.
Whatever the future holds for cybercrime, one thing is certain: businesses of all sizes will need to have security strategies in place if they want to protect their assets.
There is a global shortage of cybersecurity professionals equipped with the skills required to fight the increasing sophistication and expertise of cybercriminals.
Cybersecurity unemployment rate has dropped to zero percent and it is predicted that unfilled cybersecurity jobs will reach 1.5 million by 2019.
Should we harness techniques based around artificial intelligence, machine learning and deep learning, rather than recruiting and training more humans to fill this skill deficit in the employment market? After all – a specially programmed AI can ‘think’ about cybersecurity in more complex detail than a human.
1. IBM’s Watson – The next superhero of cybercrime?
IMB’s Watson made its debut in 2011 as a winning contestant on the American quiz show Jeopardy! Originally, the cognitive computing system was designed to take large, unstructured datasets in the English language and pull answers to queries out of that data. Watson has evolved to work on large data sets looking for patterns, rather than the answer to a specific question. For instance alongside the Baylor College of Medicine to help with the study of kinases, an enzyme that can sometimes indicate cancer.
With large quantities of data the speed of using augmented intelligence is impressive. For example, while a doctor may read about 6 medical research papers in a month, Watson can read half a million in circa 15 seconds. From this, machine learning can suggest diagnoses and advice on a course of treatment.
Inevitably, IBM Watson, like its literary namesake, is now working to solve cybercrime.
The Watson for Cybersecurity beta program now helps 40 organisations to use the computer’s cognitive power to help spot cybercrime.
Currently, cybersecurity operations, generally, require a human to spend their time going through alerts of potentially malicious activity – a repetitive and time-consuming process. Teams process over 200,000 security events per day on average and over 20,000 hours per year can be wasted in the pursuit of false alarms.
Cognitive computing is 30-40 percent faster than traditional rule-based systems and results in fewer false positives. Because it learns as it goes, it doesn’t repeat the same mistakes. The more it analyses, the more AI can understand malware and fraudulent activity patterns, which is something that will help cybersecurity professionals level in the fight against hackers.
2. AI Squared (AI2)
Researchers from MIT have created a virtual AI analyst. The platform, AI Squared (AI2), is able to detect 85 percent of attacks – roughly three times better than current benchmarks – and also reduces the number of false positives by a factor of five, according to MIT.
AI2 was tested using 3.6 billion log lines generated by over 20 million users in a period of three months. The AI trawled through this information and used machine learning to cluster data together to find suspicious activity. Anything which flagged up as unusual was then presented to a human operator and feedback was issued.
3. Deep Learning
While there are a number of companies using machine learning to fight hacking and cybercrime, there are those who are already looking to take the technology to the next level with the use of deep learning. One of those is Israeli firm Deep Instinct, which lays claim to being the first company to apply deep learning to cybersecurity.
Deep Instinct aims to detect previously unknown malicious threats, the sorts of attacks that might otherwise slip through the net, because they’re too new to be noticed.
It’s simple for malicious software developers to enable their creations to evade detection, as slight modification of the code can make it unrecognisable. However, that can be made much more difficult with the introduction of deep learning.
“We’re trying to make the detection rate as close as possible to 100 percent and make life as difficult as possible for creators of new lines of malware. Today, it’s very easy; they modify a few lines of malware code and manage to evade detection by most solutions. But we hope to make life very difficult for them with detection rates of 99.99 percent,” commented Dr Eli David, Deep Instinct’s CTO and artificial intelligence expert.
Part 1: Can Artificial Intelligence & Robots fight the Cybercrime Epidemic?
Part 2: The impact of these attacks on both businesses and individuals
Part 3: The potential of AI and machine learning to fight Cybercrime
According to 700 security professionals surveyed by IBM the top benefits of using cognitive security solutions were improved intelligence (40%), speed (37%) and accuracy (36%).
IBM say Watson performs 60 times faster than a human investigator and can reduce the time spent on complex analysis of an incident from an hour to less than a minute.
The development of quantum computing, which is expected to be more widely available in the next 3 to 5 years could make Watson look as slow as a human.
Machine learning and AI speed up the lengthy process of sorting through data. Quantum computing aims to be able to look at every data permutation simultaneously.
Canada based company, D-Wave recently sold its newest, most powerful machine to a cyber security company called Temporal Defense Systems to work on complex security problems.
The rules-based systems of yesterday are no longer effective against today’s sophisticated attacks. Any system that can improve accurate detection and boost incident response time is going to be in demand.
We have clearly reached a point where the sheer volume of security data can no longer be processed by humans. The successful answer to beating the cat-and-mouse game of cybercrime lies in so-called human-interactive machine learning.
Human-interactive machine learning systems analyse internal security intelligence, and marry it with external threat data to direct human analysts to the needles in the haystack. Humans then provide feedback to the system by tagging the most relevant threats. The system adapts its monitoring and analysis based on human inputs, enhancing the chances of finding real cyber threats and minimising false positives.
Deploying machine learning to the laborious first line security data assessment enables human analysis to focus on advanced investigations of threats. The unity of applying AI using a human-interactive approach offers the optimum solution for keeping ahead in the cybercrime war.
It’s important to recognise that while machine learning may be both fast and cheap, it is not perfect.
Algorithms can be manipulated by hackers. Donal Byrne, CEO of Corvil says:
“Those software applications interact with each other in very complicated ways. If someone understands how the algorithm works, it can be manipulated in predictable ways. This means that even without changing the software itself, introducing specific input data can allow one to manipulate an algorithm towards a different outcome than expected.”
“Circuit breakers” can be used to monitor the algorithms’ output to combat this manipulation. This is an ‘overseer’ algorithm or software that can pull the plug – stopping all or a specific portion of the action – whenever it sees divergent conditions beyond a certain threshold.
However this cannot completely solve the problem of rogue algorithms.
When these algorithms are used within large computer systems no human can monitor the volume and speed of the interactions. We have to use algorithms to monitor the performance of algorithms generated by other algorithms.
It is the beginning of what John Danaher calls an algocracy – an algorithm-driven artificial intelligence revolution.
“By gradually pushing human decision-makers off the loop, we risk creating a ‘black box society’. This is one in which many socially significant decisions are made by ‘black box AI’. That is: inputs are fed into the AI, outputs are then produced, but no one really knows what is going on inside. This would lead to an algocracy, a state of affairs in which much of our lives are governed by algorithms.”
Global spending on cybersecurity products and services are predicted to exceed £1 trillion over the next five years, from 2017 to 2021.
By 2020, 60% of digital businesses will suffer a major service failure due to the inability of IT security teams to manage digital risk, according to Gartner. If we marry all this new Internet of Things (IoT) data with artificial intelligence (AI) and machine learning, there’s a chance to win the fight against cybercriminals.
With the Centre for Cyber Safety and Education revealing that the world will face a shortfall of 1.8 million cyber security professionals by 2022, we are reaching a critical point where urgent action is needed.
Not only must organisations invest in preventative AI, but the government must continue to back the development of the next generation of technology professionals. After all, there’s no use in having the technology without skilled humans knowing how to use it.