OPINION: Cyber crime trends

The Australian Signals Directorates's cyber experts are cracking down on offshore cyber criminals who are using the coronavirus pandemic to target Australian businesses and households through scams and cyber attacks. Picture: WWW.DEFENCE-CONNECT.COM.AU

Today more and more of government and business’ infrastructure are moving online. As technology keeps evolving at an exponential pace, newer forms of cyber threats are also evolving.

This is making businesses and govern­ment agencies vulnerable to cyber at­tacks and data breaches in which sensi­tive information can get leaked. Political interference and state-sponsored cyber­crimes are also on the rise.

Cybersecurity is unquestionably a growing matter of public concern. Here are a few of the cybercrime trends you need to be aware of.

Social engineering attacks

Social engineering attacks like phish­ing have always been used by attackers to trick victims into surrendering sensitive information like login details and credit card information. Though most organisa­tions are enhancing their email security to block phishing attacks, cybercrimi­nals are coming up with sophisticated phishing kits that aid in data breaches and financial fraud.

Since phishing is an effective, high-re­ward, and minimal-investment strategy for cybercriminals to gain legitimate access to credentials, it will continue to be a big cybersecurity threat in 2020. In fact, the 2019 Data Breach Investigations Report by Verizon reveals that phishing remains the number one cause of data breaches globally.

SMiShing (SMS phishing) is another form of social engineering attack that will gain prominence in the near future. The immense popularity of apps like WhatsApp, Viber, Slack, Skype, WeChat, and Signal among others is encouraging attackers to switch to these messaging platforms to trick users into download­ing malware on their phones.

Ransomware attacks

Ransomware continues to be one of the greatest threats on the Internet to­day. Ransomware attacks doubled in 2019 compared to the previous year and the trend will continue this year as well as cybercriminals discover code innova­tion and newer, more targeted attack approaches. There are also advanced de­cryption tools available on the market to combat these types of attacks.

Artificial intelligence (AI)

Artificial intelligence is the latest technology tool that is impacting the cyber security landscape. While govern­ments of enemy states are deeply re­searching and developing AI to cripple each other’s civil and army infrastruc­ture, terrorist organisations and crimi­nal gangs have also started leveraging the power of artificial intelligence for fraudulent activities and financial gain.

So, it’s not just about the war against countries but also the race between phish­ers, hackers, crackers and data thieves. Cybersecurity experts also have started to tackle threats using AI-driven tools. Since artificial intelligence can learn to identify patterns of cyber attacks, it can also learn to disguise the same behaviour and combat these attacks.

Thus, the simultaneous development of offensive and defensive capabilities of AI systems will become widespread, more available, and simpler to deploy.

5G and IoT devices

5G carriers such as Verizon, who re­cently signed an agreement with Sam­sung for their 5G network, are stimulat­ing customers’ expectations about the new technology. As 5G networks roll out, we can expect a dramatic increase in the use of IoT devices. This will result in a massive rise in vulnerability of the net­work to multi-vector fifth generation cy­ber threats.

This is because IoT devices and their connections with the network and the cloud are still quite weak and will not be able to manage ever growing person­al data that needs far stricter security against theft and breaches. To deal with these issues, we will need a more holistic approach that combines both traditional and modern access controls to protect these networks across various industries.

Vehicle hacking

The cars of today are like moving per­sonal data reserves. They are fitted with a range of GPS devices, in-car communi­cation systems, sensors, and entertain­ment platforms that make them an in­creasingly attractive target for hackers and data thieves.

Cyber attackers have already learned to access personal networks through in­terconnect smart devices and home ap­pliances owing to the lack of security protocols among several device manu­facturers and home service providers. Similarly, in the coming years, your car will increasingly become the choice for criminals to gain access to your personal information and to your day-to-day lives. The idea of hijacking self-driving cars may seem far-fetched at the moment, but it’s a serious threat that is already wor­rying car manufacturers as well as law enforcers.

Cybersecurity skills gap

Hackers and phishers are clearly not stopping, so businesses will have to come up with cybersecurity strategies to stay in business. This is creating a skill gap and the deficit will become a growing matter of concern during the first half of the new decade. From 2014 to 2020, the number of unfilled cybersecurity job po­sitions has increased to 4.5 million from just 1 million.

Therefore, there is going to be a greater need to invest in training existing staff on ways to prevent or mitigate cyber at­tacks as well as hiring experts with the right skills to detect emerging threats that can make industries lose millions of dollars.

Mobile devices

The emerging cyber threats and the in­creased use of mobile devices for Internet use, especially social media in combina­tion with inbuilt cameras, makes an ideal target for cyber attackers. With the ever-growing number of mobile users, there is also a rise in employees routinely ac­cessing corporate data and applications through their devices. This gives hackers an opportunity to override conventional secure email gateways and firewalls. As soon as they gain entry into your de­vices, hackers can steal and manipulate your business data easily. In addition to that, phishing emails, insecure WiFi con­nections, and mobile spyware further in­crease the risk of data breaches.

Deepfake

First coined by Reddit users in 2017, ‘deepfake’ is a fake video or audio re­cording that cybercriminals use for il­licit purposes. For instance, amateurs and criminals have created deepfakes by swapping people’s faces in videos or al­tering its audio track.

This AI-based technology has made steady progress as algorithms are better able to process data today. As the tech­nology matures, cybercriminals use it to foster disruption across various industry segments, mainly financial markets, me­dia and entertainment, and politics. In fact, deepfake can pose a huge threat to the upcoming 2020 elections.

In the business world, these AI-gener­ated fake videos or audios can be used to impersonate CEOs, steal millions from enterprises, spread wrong information about them, and interrupt business op­erations. In the coming years, deepfake will evolve into a sophisticated and con­vincing method of forgery, making it a huge cybersecurity threat that organiza­tions need to be wary of.

Quick cybersecurity tips;

m Prioritise cybersecurity by setting up a security strategy to assess and clas­sify the data you handle and the type of security you need to protect them. Run a security audit on a regular basis;

m Focus on cybersecurity awareness. Educate your employees on the impor­tance of data protection and security protocols;

m Create a unique and strong password combination and complement it with two-factor authentication to access the system;

m Invest in cybersecurity tools like an­tivirus software, firewalls, and other pri­vacy tools to automatically scan threats. Install and update your antivirus soft­ware;

m Have a strong backup policy. It will protect you from ransomware attacks;

m Patch and upgrade software on all your servers and devices including mo­biles and BYODs;

m Apply end-to-end encryption to all your confidential files; and

m Have regular cyber vulnerability and risk assessments carried out by profes­sionals. This will let you know how se­cure your network is and how to improve your security posture.

In this age of digital transformation and globalisation, cybercriminals are constantly looking for new exploits and coming up with advanced strategies to defraud and damage institutions and or­ganisations.

In light of this fact, businesses should be mindful of not just the ever-growing number of vulnerabilities but also of the cybersecurity threats that are in store.

Governments too need to be aware of the National Security impact of cyberse­curity on critical infrastructure — most of which is owned by commercial compa­nies.

Perhaps a lesson from the Canadians whose nuclear power plants’ air-gapped control systems are still based on DECs 16-bit PDP-11, developed in the 1970s and scheduled to remain in service until 2050!

n Ilaitia B. Tuisawau is a private cy­bersecurity consultant. The views ex­pressed in this article are his and not necessarily shared by this newspaper. Mr Tuisawau can be contacted on ilai­tia@cyberbati.com

More Stories