DRJ Spring 2020

Conference & Exhibit

Attend The #1 BC/DR Event!

Winter Journal

Volume 32, Issue 4

Full Contents Now Available!

Monday, 19 December 2016 00:00

The Evolution of Cybercrime: From fire and theft to abduction and ransom


Data crime is more rampant than ever, and every SMB should have a disaster recovery plan (DRP) that anticipates the possibility of data corruption or worse. Like criminals who progress from breaking and entering, to grand theft auto, to abduction, ransom and capital crimes, data hackers and terrorists are stalking the livelihood of businesses worldwide.

From simple beginnings of starting fires or stealing files, data criminals have become more sophisticated to the point of studying the latest cybersecurity techniques and devising ways to subvert them. History has taught us that total prevention may be elusive. As data storage, retrieval and applications have become more modernized and data made more accessible, the downside is that this accessibility creates more opportunities for misuse.

Cybercrime had its beginnings in simpler times, when data theft was a military strategy. Information has always meant power.

Information is Power

Data theft is as old as civilization itself. Every empire had spies to uncover secrets of opposing regimes. Egypt, for example, was constantly seeking information on the political and military strength of Greece and Rome, while it was said that Moses used spies to gain information on surrounding towns for food and military advantages. Alan Turing led a team of code-breakers to decipher German U-Boat codes to help turn the tide in World War II. Wartime espionage has existed in every time period.

Data theft has even become a focal point in popular movies. The Imitation Game depicts Alan Turing’s achievements mentioned above, while another movie, It’s a Wonderful Life, shows how the theft of bank assets can lead to business foreclosure and personal despair. Disaster recovery, in this case, depended on the charity of local townspeople.

But most businesses don’t have town benefactors and must rely on their own form of protection. In the 1970s, digital technology became available, and IT departments were asked to support the exchange of data through electronic media like tape and disk. The promise of technology was tainted by the dangers of losing it and the often dire consequences of down time. SMBs began to plan for such emergencies and the idea of data and resource backup became more prevalent – the beginnings of disaster recovery planning.

In The Life of Reason, the philosopher George Santayana wrote, “Those who cannot remember the past are condemned to repeat it.” It is wise for SMBs to remember the past and prepare for the future because disasters are not only naturally occurring but also being constantly planned in the minds of cyber criminals.

Insider theft and malware should be high on the list of concerns for IT security executives. Cybercrime technology keeps evolving, and SMBs need to keep pace by evolving prevention and recovery strategies. This includes management awareness, budgeting, organizational training, and improving technology – in particular, better use of firewalls and encryption.

Cybercrime Comes in Many Guises

Fraud, data leaks, malware/ransomware and terrorist attacks can be just as damaging as natural disasters. Ransomware is a type of malware that encrypts or locks files on a computer or server and then demands payment to have the files unlocked. The cybercriminal may or may not provide the unlocking key after payment and may, in fact, escalate the situation by asking for increasingly higher payments. The best forms of protection are data backup and anti-virus software.

There are many types of ransomware, including Cryptolocker, Locky, Telacrypt, and Cryptowall. Cryptolocker has been around since 2013. Spread through email attachments, it encrypts certain kinds of files on local and network-mounted drives. It then displays the “ransom message” asking for payment to unlock the files. Cryptowall is a variant of Cryptolocker and is thought to have originated in Australia in 2014.

Denial of Service (DoS) is a type of malware that tries to make resources unavailable to intended users, like interrupting connection to the Internet. If there are multiple attack sources, it is called Distributed Denial of Service (DDoS). These attacks are typically aimed at financial institutions, banks and credit card processors.

The National Fraud Centre, Inc. reports cybercrime is becoming rapidly more sophisticated, with underground websites being developed to receive and re-sell sensitive information to facilitate the distribution of stolen data.

Cybercrime is Hiding Everywhere

Cybercrime invades all countries and all industries. Call centre data leaks and fraud have been reported from India to Scotland. As reported in The Economic Times, a vendor survey was recently conducted of 208 C-level security and IT professionals across different geographies and sectors in India. The survey reveals that 69 percent of respondents “experienced an attempted or realised data theft or corruption by corporate insiders over the past 12 months.”

In the UK, meanwhile, the National Crime Agency (NCA) has published its “Cyber Crime Assessment 2016,” outlining current threats to UK businesses. The assessment states that cybercrime is increasing in the UK, fuelled by significant increases in distributed denial of service (DDoS) and ransomware attacks. The most common crime against businesses is breach of data, with the annual cost to the UK estimated in the billions of pounds. The NCA encourages companies to view cybercrime as a board-level issue, not just a technical one. Crime prevention and disaster recovery planning should have a top priority with all businesses.

As reported by RT news, a US spokesperson has said America is “in the midst of a revolution of the cyber threat.” White House counterterrorism advisor Lisa Monaco compared cyber-attacks to cases of terrorism and said that the White House is launching new sanctions for “significant cyber incidents.” Several federal agencies are being tasked with dealing with cybercrime and its aftermath, including the FBI and Homeland Security departments.

Ransomware attacks in both the US and UK have had more impact than executives expected. Research conducted by Merrill Research (2016 Executive Application & Network Security Survey) revealed that 84 percent of US and UK IT executives said they would never pay a ransom for a cyberattack. And yet, of those companies who were actually attacked, 43 percent said they did exactly that.

In Australia, the government has developed a national cyber security strategy, listing 33 initiatives to fight cybercrime supported by a budget of $230 million; in Hamburg, the Chaos Computer Club looks for flaws in government IT systems; in the Netherlands, it’s the Europol Internet Crime unit that watches online activity.

Tom Kellermann, a noted consultant on cybersecurity, has said, “East Europeans are master craftsmen when it comes to malware development. East European malware are so elegantly crafted, they have been dubbed the Faberge Eggs of the malware world.”

The Radware research, reported on continuitycentral.com, suggests that future cyber threats will be aimed at category devices like wearables and the Internet of Things (IoT). Executives fear losses to their business will be felt in many ways including reputation, operations, productivity, revenue, and share price value. These are universal issues affecting every SMB worldwide, irrespective of location or proximity to a potential natural disaster.

Cybercrime Costs are Becoming Historic

McAffee and the Centre for Strategic and International Studies (CSIC) studied the impact of cybercrime. Their conclusion is that “cybercrime is a growth industry.” They estimated that in 2014 the likely annual cost to the global economy from cybercrime was more than $400 billion – exceeding the national income of most countries and governments in the world.

A recent study conducted by the Ponemon Institute and sponsored by IBM showed that the average cost of a data breach for companies surveyed was $4 million – a 29 percent increase since 2013. The highest cost per record lost was $355, in the healthcare industry.

There have been many recent examples of data theft from large organizations that show the serious business impact of criminal activity.

In 2006, for example, a US Department of Veterans Affairs employee took his laptop home. The information on that laptop was stolen, with the names, birthdates, and social security numbers of 17.5 million military veterans and personnel. The VA was forced to staff a call centre, send out millions of mailings, and pay for credit monitoring for victims. According to the Ponemon Institute, the estimated cost of the breach has been $25 million.

In another example, in 2011, hackers stole millions of names and email addresses from Epsilon, a Dallas-based marketing firm that handles ecommerce for companies like Best Buy and JP Morgan. It is estimated that the lost customer base and eventual misuse of stolen data will cost somewhere between $100 million and $2-4 billion.

More recently, Sony Corporation exposed the data of more than 100 million customer accounts on its PlayStation and Sony Online Entertainment networks. The estimated loss from this breach is $2 billion.

If breaches can happen to large enterprises like these, it is even more likely that they can happen to SMBs. Let history be our teacher.

Vigilance is Needed

Cybercrime is becoming woven into the fabric of worldwide commerce. It comes in many forms, is perpetrated by amateurs and professionals, insiders and outsiders, in every developed country. It costs private companies, public companies, and governments hundreds of millions of dollars every year, and such organizations need to better recognize the true existential threat that it presents. Continual vigilance is needed to watch not only data movement, but unusual behaviour and questionable relationships. Behind every cybercrime is a cybercriminal.

Roy CastlemanRoy Castleman is founder and managing director of Prosyn Ltd. (PROfessional SYNergy), a London-based IT support organization focusing on small and medium-sized businesses. An experienced consultant in disaster recovery, he has accreditations with such companies as Microsoft, HP, and Cisco.