Not only must major organisations be acutely aware of the risks of cybercrime, but so must small businesses and individuals.
It is vital to realise that cybercrime today is no longer solely perpetrated by nefarious, tech savvy opportunists. The image of lone actors snatching the odd cyber fistful of cash from another unsuspecting user is still lingering in the minds of many. Today cybercrime is organised crime, networks of hackers working in sync to deliver vast waves of attacks by spreading their nets wide.
Large and well organised teams do not only operate for financial gain, with countries around the world training teams of specialists to launch and defend against incoming cyberattacks. The threat of cyberwarfare has risen in recent years with instances of major infrastructure attacks believed to be rooted in politics being recorded. The SCADA attacks that hit power grids in the Ukraine are a prime example.
While the potential for politically motivated malicious activity on a global scale remains a major concern, businesses are facing a daily barrage of attacks that are delivered in a variety of ways. Areas of high concentration include financial services, unsurprisingly proving a lucrative target for hackers. Individuals also run a sometimes daily gauntlet of dodging common forms of attack like phishing emails, meaning that everyone must have at least some degree of cybersecurity savvy to stay safe.
There could not be a more apt place to begin when listing the top forms of cybercrime than phishing, with attack volumes growing exponentially in recent years. In terms of attack volumes and success, 2017 proved a stand-out year for hackers who were able to engineer formidable new methods.
Phishing attacks are designed to discretely bait a user into following a link or giving away their valuable information under false pretences. An email for example could be sent under the guise of an official organisation or individual, aiming to trick the user into providing information or clicking a link. Clicking a link for example could cause a malicious payload to be launched.
A prime 2017 example is the phishing scam that had major success against Gmail targets. Although not specifically designed for Gmail, this attack involved an embedded image and also appears to have been sent from a familiar individual. These elements were found to even mentally disarm usually savvy users, causing the mind to focus on the origin that was made to look like a friend, family member or colleague.
Ransomware is another form of cybercrime that gained unparalleled notoriety in 2017, causing global shock and panic following the WannaCry ransomware attack that debilitated the NHS in the UK and sent numerous other organisations into meltdown.
Ransomware is a worm that infiltrates an organisation and infects systems with malicious software, this causes devices and systems to be locked down until a ransom is paid. In the case of many attacks, the user is given a strict time within which to pay up, or else the attackers threaten to delete the vital data on the systems that they have held hostage.
Having been around since the dawn of computing, some may have thought ransomware had been relegated to technology history, but the attack type was risen from the dead with the growth and development of a current top tech trend. This top trend is cryptocurrency, Bitcoin in particular as this currency happened to be the ransom requirement of the notorious WannaCry attack from last year.
IoT hacking is growing, but perhaps more relevant is how serious some are predicting this problem will become. This is the case because manufacturers are continuing to pump cheap connected devices into the market without a second thought for their cybersecurity. The potential for crime here is tremendous due to the readiness with which consumers bring connected devices into their homes and lives.
All sorts of household objects can now be found fitting into the Internet of Things category, a firm favourite is the image of the fridge, enslaved by hackers so as to get hold of valuable banking information. As comical as this might sound, this is not fantasy, with examples as severe as autonomous vehicles being hacked into and controlled in test environments.
A further way in which breaching the security of IoT devices could be serious comes regarding IoT botnets. This is the new way hackers are looking to launch a crippling DDoS attack, harnessing an army of devices to pool enough power to drown a target in an uncontrollable torrent of traffic to render it helpless.
We live in a world that now seems underpinned end-to-end by technology, causing one to forget the convergence of cybercrime with the real world. You and particularly your business is not only vulnerable when you are at the desk or using a device, it is important to have good conduct in the real world as well.
Major physical risks could include something as seemingly harmless as leaving documents in a printer tray, cybercrimes have been committed in the past by people physically trespassing and stealing important information or hardware. An example that proved a major risk that was fortunately headed off arose last year when a USB stick was discovered containing critical security information on Heathrow airport. In the wrong hands, this information could have been deadly.
This will also be an area of focus when GDPR comes into force on the 25th of May 2018, the EU regulation set to clamp down on organisations that are failing to provide ample data protection. Proof that physical cybercrime prevention is in place will be a requirement for compliance.
The Dark Web
The Dark Web is also a reminder of the convergence of the real and cyber worlds, with it continuing to be a place of business for those looking to capitalise on the sale of items and services that are prohibited in the real world.
Drugs continue to be a prime commodity available on the Dark Web, in addition to other items you might expect like guns and other weapons. Stolen objects are also traded on the Dark Web so as to avoid the usual tracking processes that take place in the real world.
An unusual 2017 example of a stolen item on the Dark Web is that of a 133 year old Gottfried Lindauer painting, having been stolen in a high-profile case from an art gallery in New Zealand. The painting was found listed on the White Shadow marketplace of the Dark Web with a ‘buy it now’ price tag of $500,000.