Cybercrime was big business for fraudsters in 2016 with cybercriminals racking up an estimated £1 billion in damages to companies across the UK. But more than the ever increasing financial and reputational risks affecting the corporate and commercial sectors are the very real possibilities of cybercrime being used to execute large scale terrorist attacks, assassinations and even murders.
As programmes like ‘Humans’ and ‘West World’ play out a fictional world of cyborgs turning on mankind, we take a look at the growing number of cyber threats, both to businesses and individuals, and how fiction is quickly becoming fact. The Internet of Things and advances in artificial intellingence have created a swathe of new opportunities for criminals where complacency is, at best, commercial suicide and, at its very worst, potentially world ending.
Ransomware
Ransomware – a program used by fraudsters to infiltrate hardware and hold a computer and its associated data hostage until the vicitim pays a hefty sum for its release – has been causing huge problems for businesses across the globe and is a trend that is set to continue in 2017.
Jason Fry is a cybersecurity specialist at PAV i.t. services. He has worked with numerous corporate and independent businesses across the UK helping them to review and update their cybersecurity policies, procedures and solutions. He said:
“There seems to be no sign of this trend diminishing in the near future and certainly where ransomware is concerned the fraudsters are consistently refining and updating its capabilities resulting in versions that are even self-propagating.
“Information can now be encrypted much quicker, which can also play into the hands of the hackers. Criminals using ransomware can swiftly encrypt large amounts of data, often before a company even realises it’s under attack.”
Confidential Data
Gaining control of an employee’s network by stealing their username and password is nothing new, but cybercriminals are no longer relying on malicious malware in order to gain access to a victim’s machine. Instead they get hold of sensitive information by using tactics such as phishing emails – an email that looks authentic, but tricks the recipient into handing over sentive information.
Robert Schifreen is a former UK-based computer hacker who was arrested in 1985 for breaching computers at British Telecom. He now runs a security awareness training programme called SecuritySmart.co.uk. He said:
“Many of today’s hackers are highly sophisticated and skilled. A criminal group may spend many months hacking millions of devices and computers across the world, ready to form them into a botnet on command, in return for a fee from a third party, to attack a chosen victim. Some of the most innovative companies are helping to thwart such attacks by offering so-called bug bounties, through which hackers and researchers can earn money by uncovering security weaknesses and responsibly disclosing them to the vendor concerned.”
Artificial Intelligence (AI)
The emerging market of driverless cars, which are also able to park themselves and be controlled remotely, along with medicines that can be self-administered by personal devices and the popularity of drones gives us an indication of the automation we can
expect in our day to day lives in the future. As the market grows for such technology the possibilities for cyber criminals start to become endless.
Jason said:
“Cybercriminals with a more sinister agenda than breaching data in return for financial reward will be able to take advantage of technology in order to execute terrorist acts or murders. For example, by hacking medical devices to administer lethal dosages to victims.”
Robert believes this calls into question whether penalties for cybercriminals are substantial enough:
“The Computer Misuse Act of 1990 criminalised computer hacking. The maximum penalty available today under the Act is 10 years imprisonment and an unlimited fine. While this has proved a useful deterrent, successful prosecutions are rare in relation to the huge number of computer-related crimes being committed every day. The party which suffers most as the result of a large-scale hack or data breach is the victim, not just financially but primarily in terms of reputation.”
But human cybercriminals aren’t the only thing we should be worried about.
Jason continued:
“Software that is capable of learning and not making the wrong decision more than once already exists and it will not be too long before systems can make judgements, assessments, and predictions at a much faster pace. Once machines can think for themselves the possible threats to individuals, businesses, and even countries, becomes a real and greater concern.”
So what do we do in the meantime? Jason believes the answer comes from ensuring we have sufficient knowledge to prevent such attacks in the first place:
“People are the key to preventing attacks – knowledge is everything in the current climate. Training staff and greater staff awareness are absolutely essential. One of the major issues currently facing businesses, especially those with numerous employees, is the lack of knowledge amongst staff and the ways in which cybercriminals may infiltrate their systems essentially leaving them at greater risk of falling victim to things like phishing and social engineering scams.”
The opinions expressed in this post belongs to the individual contributors and do not necessarily reflect the views of Information Security Buzz.