The fight to outsmart today’s cybercriminals

Clare Hopping

Friday 19 September 2014

Levels of cybercrime have exploded over the past five years, so what are the biggest threats and why have criminals become so good at what they do?

With more connected people and devices around the world, it’s no wonder the opportunity for cybercrime has exploded over the past five years, in terms of frequency and severity.

The types of cybercrime taking place have advanced in the past few years, migrating from spam emails filled with gibberish that didn’t pose such a threat, to hacks that expose millions of people’s data to malicious groups.

According to research by the Identity Theft Resource Center, more than 10.9 million personal records were exposed in the first half of 2014 and the majority of those breaches happened in the business sector.

The growing threat

Cyber attacks have increased exponentially, thanks to a range of easily accessible automated attack tools. There were 30 million new malware strains in circulation in 2013, increasing at an average rate of 82,000 per day, according to a report by Panda security. For comparison, Trend Micro put the number of new unique threats in 2005 at 333,000 in total, including malware, viruses, bots and worms.

Mark Nunnikhoven, vice president of cloud and emerging technologies at Trend Micro, says the increase is in line with the number of new devices being used by consumers and businesses.

“While those numbers are scary, remember we’ve also seen a close match in the increase in the use of technology. Who doesn’t have a smartphone and a tablet? More and more of our devices are connecting online. Increased use of technology means a matching increase in the potential threat.”

A profitable crime

Symantec says cybercrime has now surpassed illegal drug trafficking as a criminal moneymaker. Needless to say, that should make it a top priority for businesses.

Nunnikhoven says one of the reasons the threat has become more serious is because criminals have become more sophisticated.

“Groups are organising around different skill sets with a focus on cybercrime. And why not? Cybercrime has quickly become more profitable and less risky than traditional criminal enterprises.

“Technical know-how and hacking skills are the new must-haves for criminals. Being able to hide your tracks across the internet has become the new ‘getaway driver’. It’s a whole new way of conducting crime.”

He explains that while all sectors need to be on their toes, there are some that stand out, including organisations in the financial, retail, government and IT sectors that have all seen a marked increase in attacks in the past year. It all boils down to the fact that attacks on these organisations tend result in a big haul for the attacker.

The changing nature of cyber-attacks

Cybercrime tends to fall into two categories: incidents where the computer is used as a tool to commit an offence (cyber-stalking, phishing and fraud or identity theft) and those where a computer is the object of an offence (viruses and denial-of-service attacks).

A study by McAfee predicts that between now and 2020, the biggest cybercrime trends affecting business will be:

Attacks on electronic identity (interception and data theft). Criminals are most likely to use malware tools, phishing and spamming to gain access to personal details, including full names, addresses and email addresses, allowing hackers to defraud individuals and businesses.

Attacks on infrastructures (cyber-terrorism). Whole infrastructures will be targeted in the coming years – whether transport, communications or power-distribution networks – as criminals focus their attacks en masse. This cyber-terrorism could bring whole countries down and could massively impact the economy, safety, health, sanitation, civil peace, and more, fostering hostility between opposition parties and enabling resistance groups to usurp governments.

Attacks to reputations. Cybercriminals are able to target an individual easily now and as a result, McAfee predicts this will lead to hackers maliciously attacking employees of a particular company or even high-profile figures such as celebrities and government officials to put that person’s reputation on the line.

Attacks to intellectual property. Another theme the security company thinks will become more common is intellectual property theft and counterfeiting. For example, by stealing a company’s trade secrets, using interception, a hacker group can reproduce that product or service and distribute it widely.

Find out more about these emerging threats, including strategies to protect your business, in our Essential guide to cyber security.

Mass data theft is becoming a trend

One of the most concerning things about all of these methods of cybercrime is that hackers are becoming more focused on mass attacks.

Take, for example, the latest large-scale data theft revealed by authorities in South Korea. A group of hackers is said to have compromised 220 million data records, containing personally identifiable information on 27 million people – more than half of the country’s population.

The stolen data, including names, account names and passwords, was allegedly sold on to criminals and third parties, including black-market gambling advertisers and mortgage fraudsters.

How can you protect against the threat?

It doesn’t matter whether your company could be brought down using a distributed denial of service (DDoS) attack or used as a vehicle for hackers to steal customer information – you must be prepared to secure your systems before criminals are given the chance to interrupt business.

The increase in attacks means that IT departments need to keep security at the forefront of their minds, especially as employees are increasingly using their own devices (whether smartphones, tablets or laptops) in a work environment.

“As the cost of scaling an attack from one company to a thousand is effectively zero… everyone will be attacked at some point,” Nunnikhoven says.

“IT departments need to ensure that they have a strong combination of modern technologies, the right people, and efficient processes defending their information.”

Find out more about the current risk landscape and what you can do to protect your organisation by downloading our free guide to cybersecurity.