Cybercrime: A new Era of Economic Disruptions

The toll from cybercrime is expected to pass $6 trillion in the next three years. Cybercrime is the greatest threat to every company in the world, and one of the biggest problems with mankind. The impact on society is reflected in the numbers. Last year, Cybersecurity Ventures predicted that cybercrime will cost the world $6 trillion annually by 2021, up from $3 trillion in 2015. This represents the greatest transfer of economic wealth in history, risks the incentives for innovation and investment, and will be more profitable than the global trade of all major illegal drugs combined. Ransomware is the fastest growing type of cybercrime, according to Cybercrime Ventures. Every 14 seconds across the globe, a business falls victim to a ransomware attack.

Cybercrime in India has surged amidst the country's unprecedented coronavirus lockdown. Attacks have soared 86% in the four weeks roughly between March and April, according to a recent Reuters report quoting Indian Home Ministry officials and detailing "fake offers that Reliance Industries telecom arm Jio and streaming service Netflix Inc were offering discounted services" during the lockdown. The spike in cybercrimes and attacks has predictably targeted private citizens' wallets and personal data given the sharp increase in the percentage of India's workforce remotely working as a result of the nationwide shelter-in-place measures instituted by the government. Indian officials have reported that malware and phishing schemes operating under the pretext of COVID prevention efforts have similarly seen a steep rise since the outbreak. The so-called "coronavirus malware" is aimed at stealing bank account details, password and other sensitive information from users. India's historic lockdown has also led to cybercrime beyond just opportunistic attacks against private individuals.

Cyberattacks are the fastest growing crime in the U.S., and they are increasing in size, sophistication and cost. The Yahoo hack was recently recalculated to have affected 3 billion user accounts, and the Equifax breach in 2017, with 145.5 million customers affected exceeds the largest publicly disclosed hacks ever reported. These major hacks alongside the 'WannaCry' and 'NotPetya' cyberattacks which occurred in 2017 are not only larger scale and more complex than previous attacks, but they are a sign of the times.

"We are edging closer and closer to seeing Cybersecurity Ventures' $6 trillion in costs attributed to cybercrime damages globally" says Robert Herjavec, founder and CEO at Herjavec Group , a Managed Security Services Provider with offices and SOCs (Security Operations Centers) globally.
"DDoS attacks, ransomware, and an increase in zero day exploits are contributing to last year's prediction becoming a reality," adds Herjavec, a Shark on ABC's Shark Tank. "It's concerning that all of the hype around cybercrime, the headlines, the breach notices etc. makes us complacent. The risk is very real and we can't allow ourselves to be lulled into a sense of inevitability. We all have a role to play in how we protect our businesses from the accelerating threat of cybercrime."

Avoiding Cybercrime
We are often familiar with the terms like- 'Cybersecurity', 'Cybercrime', 'Ransomeware', and many others related to the breach of user data to a third party thereby revealing private details or even bank details of an individual or an organizational loss of business through mass server crash & data leaks. In the world of cybercrime, ransomware and DDoS attacks had the highest profile by far.

However, such cybercrimes can be avoided by following few rules of maintainence
First and foremost, importance should be placed on 'user education' regarding ransomware to ensure an organisation has a solid surface-level defence. User education is the first line of defence in our preventative arsenal where people should not be clicking suspicious links or visiting websites that are known carriers of malvertising networks. Many breaches, including the 2017 one at the Equifax credit bureau that exposed the financial information of almost every American adult, boil down to someone leaving out-of-date software running. So, keeping an up-to-date softwares protects from unwanted intrusion of attackers through exploits.

Using strong & unique passwords avoids easy access by the attackers to the private data Wise selection of passwords with at least 14 characters long including special characters, alphabets, numerics. Such strong passwords should be kept unique and should not repeated over other website logins. Along with this, default passwords which comes with WiFi routers should always be repeatedly changed once a month, enhancing the security of interlinked devices.

Encryption of data is a major method which are often practiced by organizations to safeguard public data. Encryption of data stored uses a cipher, which is an algorithm:- a series of well-defined steps that can be followed procedurally to encrypt and decrypt information. The algorithm can also be called the encryption key. However, organizations uses hashing and salting methods to protect public data from leaks. Common hashes used are: MD5, SHA-1, SHA-256, SHA-384, SHA-512.

Avoid clicking on shared links on social platforms or emails Whether it's being used by the business or any other, technology has been a great enabler. The report found that fraudsters are using real customer data to leverage machine learning algorithms and generate pitch-perfect social engineering attacks. Additionally, malicious websites are using AI-driven malicious chat bots to dupe customers into sharing personal information. While much of the banking industry is distracted by the recent spate of distributed denial of service attacks, a new wave of cybercrime has hit online and mobile banking users' devices.
Attackers are using AI driven technology to create virtual machines that are clones of customers' real computers or mobile devices, including their IP addresses. Then many of the methods banks use to authenticate a customer can be compromised without the bank or consumer being aware. Such an attack is possible through random clicks on deceiving links shared in emails or social media.

As technology evolves, investment comes from both attackers and defenders. Because cyber-criminals are using the same technologies, it's all the more important for businesses to ensure that machine learning algorithms actually point to legitimate customer. Companies need to understand the patterns and behaviors of their customers, and there are more data points available to them to identify what looks like a genuine and authentic customer. Steps are being taken by companies like Microsoft to secure data through Kernel Data Protection (KDP) which prevents data corruption attacks by protecting parts of the Windows kernel and drivers through virtualization-based security (VBS). According to the company, KDP is a set of APIs (application programming interfaces) that provide the ability to mark some kernel memory as read-only, preventing attackers from ever modifying protected memory. The concept of protecting kernel memory as read-only has valuable applications for the Windows kernel, inbox components, security products, and even third-party drivers like anti-cheat and digital rights management (DRM) software.

CyberProof Inc., a UST Global company, has become an official member of the Microsoft Intelligent Security Association, an organization of cyber security industry leaders, and will be partnering with Microsoft in providing cloud-based security services to joint customers. Microsoft customers will now be able to access CyberProof services through the Microsoft Azure Marketplace to take advantage of our cloud-native, next-generation managed security services in order to accelerate their visibility of new threats and reduce costs. This latest initiative follows an announcement in 2019 regarding CyberProof's integration of Azure Sentinel, a Security Information and Event Management (SIEM) solution, and the Microsoft Graph Security API, a solution for connecting with security solutions from Microsoft and partners.

"We're delighted to join the Microsoft Intelligent Security Association (MISA), which will further accelerate adoption of cloud-native security solutions," said Tony Velleca, CEO of CyberProof. "Our membership in MISA helps us lower the barriers for organizations seeking to move their workloads into the cloud. As their critical assets are becoming more exposed to cyber threats, the need for a smarter, cloud-native approach to security operations that is able to scale at the speed of digital has never been greater," he added.