- On 27. Feb 2018
The bottom line of the first “Global Cybercrime Trends and Countermeasures” conference in February was clear: Cybercrime doesn’t care about national borders and no one accessing the internet – companies, authorities or consumers – should consider cyberspace to be a safe place.
To successfully fight cybercrime, there is no other way except global cooperation, international exchange and information disclosure.
Crime is more and more shifting from the physical realm to the cyber world. Data is the new currency and therefore also the target of attackers. By analysing threats and global data, INTERPOL has observed three cybercrime megatrends: Cyber bank robbery, Ransomware as well as IoT- and DDoS attacks. The good news is, physical bank robbery incidents worldwide decreased since the last 20 years. In the UK for example, from 847 cases in 1992 to only 88 cases in 2014, including attempts as well. On the other hand, cyber bank robbery and online banking frauds have recently become a rising topic. Combined with familiar threats like business email compromise (BEC) these threats are a constant danger for enterprises, especially for the financial sector. Meanwhile, volatile cryptocurrencies are disrupting the threat landscape as their value steeply and quickly rose.
Ransomware: the fast way to dirty money
Ransomware is the fastest growing cybercrime tool and cybercriminals especially look for fast money. The probability of being arrested or going to jail is actually rather low and ransomware targets everyone – from large enterprises to consumers. While not every victim pays the ransom, there are plenty who do: For 2016 almost 1 billion dollars have been paid. “One in five victims that pay up never got their data back. But Law Enforcement needs to know these threats. One can’t deal with this alone. Furthermore, we need to shift mentality from need to know to need to share! Therefore, INTERPOL actively supports international law enforcement cooperation among nations and the private sector”, says Noboru Nakatani, Executive Director of the INTERPOL Global Complex for Innovation (IGCI).
John Salomon, regional director for continental Europe at the Financial Services Information Sharing and Analysis Center (FS-. ISAC) argues in the same direction: “We need more information sharing and cooperation, between financial, public and private sectors. It’s about community building, we need to do it now and stop just talking about it.”
Cybercrime and the Internet of Things
Especially the Internet of Things (IoT) is on its way to become an Internet of Everything in a couple of years. And it might become an Internet of Threats as well, because mobile and IoT-devices typically lack strong defense and offer data exfiltration capabilities.
SEC Consult’s dedicated firmware testing tool, IoT Inspector, was originally developed because of the growing demand to efficiently evaluate the security status of IoT firmware. The number of discovered vulnerabilities in smart devices (such as baby monitors and sex toys) even led to a dedicated research field in that area within the SEC Consult Vulnerability Lab.
DDoS attacks too show increased numbers. In 2012, the Olympic games in London had to deal with a 100 Gigabits per second (Gbps) DDoS attack. During the two-week Olympic event in Rio 2016, DDoS attacks were at an all-time high average value, with daily attacks of over 500 Gbps. OVH, counted amongst the largest hosting companies in the world, had to face more than 1,1 terabytes per second (Tbps) of traffic during a massive DDoS attack in 2016. The source: The original Mirai botnet, which boasts between 500,000 and 550,000 nodes and can be segmented to attack multiple targets simultaneously.
Protecting critical infrastructure
In general, more and more critical IT-infrastructure is accessible online and potentially vulnerable. “Cyberspace is a shark tank. From a military perspective, you consequently have to ask, if it’s really necessary that vital IKT-infrastructure needs to be exposed through the internet”, says Colonel Walter Unger, Head of Cyber Defense & ICT Security, Austrian Ministry of National Defense.
The security situation in Austria is constantly being reviewed and updated. In particular, the latest strategic exercise ASDEM18 has shown, that the coordinated cooperation between ministries and other authorities is constantly improving. In general, however, the prewarning times for serious cyber-attacks are getting shorter.
Philipp Blauensteiner, Head of Cyber Security Center of the Federal Agency for State Protection and Counter Terrorism, Austrian Ministry of the Interior, confirms the overarching cooperation of all relevant authorities.
To ensure that competences in the field of digital security are continuously bundled, a strategy for digital security will be developed in Austria. Considering current figures provided by KPMG, however, Austria recorded a sharp increase in incidents. He therefore takes the companies into account: only a small percentage of the attacks in Austria, one of three cases, are reported to federal authorities. Besides Ransomware, he also sees advanced persistent threats (APTs) on the rise in Austria.
Security on all levels
“All kind of threats need to be observed. It doesn’t matter where you are, hackers are looking for opportunities worldwide”, says Hiroshi Tanaka, Principal Consultant of Infosec Austria. According to him, Vienna is exposed especially due to the numerous international organizations located here. Wherever there are many international conferences and, as in the city of Vienna, tourism is highly developed, cybercriminals gather as well. And it’s not unlikely that if visitors leave Vienna, they might take more than just photos for their families on their devices with them.
When it comes to cyber security in companies, Colonel Unger recommends following a top down strategy – starting from executive to employee-level. For him, the first step companies should do is risk analysis. Companies need to find out where their assets are. Critical areas of IT-systems need to be identified and any risks to be checked to determine what can happen – based on the company’s core mission. With back-up systems and well trained and educated IT-professionals, companies are best advised. Consistent implementation of key security measures, such as regular security software updates and patching, as well as open security architectures, along with investment in advanced defense technology that span everything from endpoint devices to the cloud – that’s the basic requirement and which is why Application Security Management is actually one of the corner stones in the SEC Consult portfolio of managed services.
Vienna as a hotspot for global security
Reflecting the conference “Global Cybercrime Trends and Countermeasures”, both Gosuke Nakae, Executive Vice President and COO Infosec as well as Clemens Foisner, Founder and Managing Director SEC Consult are very pleased with the outcome. The feedback of the participants and the chance to bring together and connect professionals from different sectors with different perspectives is the best way to set a significant sign against cybercrime. The next steps will be to deepen relations with national and global communities and to build strong networks.
Image credits: T. Weilguny.