It’s not just the real economy that is in the midst of digital transformation. Cybercrime is also experiencing.
In the recently published Global Risks Report 2020, the World Economic Forum (WEF) declared cybercrime as one of the five most considerable risks within the next twelve months and the seventh most likely risk for the global economy in the next ten years. All of this is not without good reason: more and more companies’ sales, profits, and brand reputation depend on the availability and integrity of their IT services. At the same time, nation-states act as actors in cyberspace to carry out industrial espionage and sabotage.
Operators of critical infrastructures are mainly targeted. In its 2019 management report, the Federal Office for Information Security (BSI) mentions around 114 million new registered malware variants, DDoS attacks with up to 300 Gbit / s attack bandwidth, and up to 110,000 bot infections daily in systems – predominantly on mobile devices or devices in the Internet of Things.
The WEF predicts that cybercrime could generate a staggering six trillion US dollars by next year, which would be the gross domestic product of the world’s third-largest economy – after the US with 21 trillion and China with 13 trillion US dollars. Adjusted for exchange rates, the cybercrime business would be approximately 23 times as big next year, according to the WEF. Even if you look at Tesla, Facebook, Microsoft, Apple, Amazon, and Walmart together, their combined annual revenue equals just $ 1.28 trillion.
An abundance of products and services can be traded via marketplaces in the Darknet as well as in parts on the regular Internet. The Cybercrime-as-a-Service offering is constantly being expanded. The portfolio is correspondingly extensive, whether denial-of-service attacks (DDoS), malware, phishing campaigns, Trojans, or massive amounts of stolen data.
If the machinations in the past could be stopped at the latest in payment transactions, this was made more difficult by the emergence of cryptocurrencies. In addition, criminals limit their exchanges to very selective discussion forums to determine the threat posed by police and fraudsters.
Cybercrime is a thriving business and appears to be less risky to carry out than any other crime. For example, the WEF estimates that the United States is only 0.05 percent likely to identify cybercriminal groups and bring them to justice.
Some still believe that a typical hacker is a hooded sweatshirt in a dark room. Cybercrime takes place mainly in an organized form and teamwork. Cybercriminal groups act similarly to legitimate companies, from hiring employees to holding executives in charge.
In the report Cybercrime – understanding the online business model, the UK’s National Cyber Security Center (NCSC) found that organized groups have several different roles in carrying out their cybercrime operations. This also includes a “team leader” who coordinates the activities. There are also “data miners” who systematically process stolen data and “coders” who create and adapt damaged program code.
There is also the “intrusion specialist” who infects and infiltrates the targets. The work is supplemented by the “call center agents” who call potential victims and pretend to be support staff. Their goal is to install malware on the victim’s computer. And finally, there are “money specialists” who are familiar with money laundering.
Europol believes that exploit kits, which were once considered the top of the range, have fallen dramatically in popularity. Likewise, malware theft has generally become less of a threat. In contrast, blackmail using ransomware and distributed denial-of-service (DDoS) attacks, which are easier to monetize, have increased.
Booter services are exemplary at this point. DDoS cannons use large-scale botnets or manipulated cloud accounts to create a data tsunami that causes IT systems to collapse. Attacks can last hours or days and are expensive, ranging from $ 10 for a minor attack to hundreds or thousands of dollars for more complex attacks. Attacks are often part of a blackmail campaign coupled with a demand for a ransom.
Other motivations can be vandalism, sabotage, or a disguised diversionary maneuver to tie up IT resources and distract from what is happening, for example, the distribution of malware or data theft. Attacks of this kind are now so widespread that even school-age children use them, research from the University of Cambridge has shown.
According to Europol’s Internet Organized Crime Threat Assessment 2019 report, banks, other financial institutions, and the public sector, such as the police and local authorities, were the main targets of DDoS attacks. In the past year, cybercriminals also targeted travel agencies, Internet infrastructures, and online gaming services. According to Europol’s summary, there were some arrests, but these had no noticeable impact on the growth rate of DDoS attacks or on the darknet infrastructure that enables trading.
Digital services are increasingly becoming the backbone of the economy. Daily life is increasingly happening online or requires the availability of the information superhighway. Whether ordering food to take home, booking mobility services and tickets, reading the newspaper, streaming music and films, using telematics services, or tracking parcels, the use and the associated advantages of digital offers have long been the norm.
Whether it is an online shop, a media group, the financial world, or the public sector, digital platforms and apps are operated everywhere. However, if the services are only partially available or not available, this has noticeable effects on sales, brand reputation, customer satisfaction, and trust. In the past, word of mouth spread only slowly and locally. Today news can travel around the globe with just a few clicks on social networks and instantly reach millions of people.
With virtually every company digitizing in one way or another, cybercrime is ubiquitous. Awareness of the risk is growing, and more and more organizations are focusing their efforts on managing cyber risk. However, as the WEF points out, cybersecurity is still underweighted by the sheer magnitude of the threat.
The state is also asked to maintain the monopoly of violence on the Internet and not allow amnesty. Fortunately, the authorities are now paying more attention to the issue. The BKA set up a new cybercrime department in April 2020. However, these and other measures are also necessary. Furthermore, companies should intensify the exchange and collaboration.
Isolation and going it alone are not the order of the day. Whether employing a public-private partnership in cooperation with the security authorities or industrial associations, the damage can only be contained and risks mitigated through interaction and close collaboration.
Also Read: Cyberattack In The Home Office? This Is How Companies Protect Themselves
As someone who’s spent years working in an office setting, I’ve seen firsthand how energy… Read More
Background checks are a staple in the hiring process. They can make or break a… Read More
There's so much talk about AI at the moment, with a lot of opinions on… Read More
Improving user experience (UX) is not just about making things look pretty; it's about creating… Read More
In the incessant whirlwind of technological advances, where new smartphone launches follow one another at… Read More
What should organizations consider while searching for answers to secure their cross-breed server farm? Against… Read More