close
Share with your friends

Emerging technologies, such as the Internet of Things (IoT), artificial intelligence (AI) and cloud computing, are now a part of our everyday lexicon. Such technologies may be a doorway to a more cost effective and efficient future for the business world. Perversely, these technologies can also provide avenues for the criminal fraternity to commit larger, more rewarding and potentially more sophisticated cybercrimes.

Cybersecurity Ventures’ 2020 annual cybercrime report states that the global cost of cybercrime is projected to hit USD 6 trillion annually, by 2021.[1] The average cost of a ransomware attack on an organization is USD 133,000.[2] This type of crime is here to stay. However, while most ransomware attacks currently infiltrate an organization via email, a new delivery system for both mass and targeted attacks is on the horizon with the mainstream adoption of IoT.

Attack surface

The number of devices connected to the Internet, including machines, sensors, appliances and cameras that make up the IoT, continues to grow. The International Data Corporation estimated 41.6 billion connected IoT devices (or “things”), generating 79.4 zettabytes (ZB) of data, by 2025.

Therefore the attack surface for cybercrime is growing, which is further evidenced by the predictions from two major technology companies: Microsoft's digital growth and data volumes online will be 50 times greater in 2020 than they were in 2016; and Cisco has predicted that its cloud computing data center traffic will represent 95% of total data center traffic by 2021.

Cybercriminals – hackers in particular – have been probing software and hardware for security vulnerabilities for as long as computers have existed. However, the discovery and exploitation of security holes used to be an exhaustive process – hackers had to patiently explore different parts of a system or application until they found an opportunity. Now, hackers can enlist the services of machine-learning AI bots[3] to automate the process. The result is a technology-powered increase in cybercrime.

Use of emerging technologies to gather intelligence

AI will continue to radically change our use of information technology – in particular, how personal information is interconnected, and how our private lives will potentially be vulnerable and exposed. The criminal fraternity draw motivation from monetary gains. They will adapt and leverage future emerging technology developments to complicate investigations.

As cybercriminals conduct more sophisticated criminal activities, we need to prepare in order to avoid playing catch-up. Already, we see cybercriminals using AI to successfully carryout Business Email Compromise and phishing attacks in the cloud.

These cybercrimes hinge on having excellent knowledge/intelligence of the victim and require meticulous preparation. It may take months to study targets, internally and externally, while data is gathered, which also includes intelligence from data markets in the Dark Web[4] and bots. AI can cut the time required by automating much of the process, collecting data from social media and online sources, and finding relevant relationships that will help the cybercriminal develop an approach.

 

Most current bots are applications that use AI to interact with users to achieve a task, such as a hotel booking, answering customer service questions, and directing the caller to the right department. But advances in big data processing and machine learning are laying the foundation for AI machine bot development. They become faster and constantly improve their understanding of human interactions. These malicious bots are now leveraging the exact capabilities of Amazon’s Web Services[5] machine learning cloud platform, services and tools. Criminals are doing the same but using them for fraudulent purposes.

Manipulation of emerging technologies to commit cybercrimes

Cybercriminals are harnessing the latest emerging technology and are forever changing techniques in order to make their cybercrimes more effective, faster and adaptable to current safety measures. This makes it very hard for investigators and cyber security teams to identify evidential artifacts and the methodology. This is demonstrated by the way malicious bots impersonate genuine users to unlock security systems.

Bots accomplish this by finding various ways to extract money from websites and accounts, which include account takeovers. This is where large bot collectives crack passwords and test stolen credentials in a short time in order to obtain access to accounts. Personally, identifiable information from various accounts can also be pulled together and sold, posted on the Internet, or used to create false identities, and as a consequence, open the gates for novel methods of identity fraud.

Emerging technologies are being used to improve captcha cracking systems; identification of vulnerabilities in prevailing defense systems; creation of new malware that can avoid detection; and real-time identification of cloud computing targets by collecting and processing data from a number of different public domain sources. Employing emerging technologies, these cybercrimes become more accurate, targeted and innovative, thereby expanding the number of potential victims.

The way forward

Cybercrime prevention is one way to reduce and potentially stop cybercrimes. The availability of a cybercrime framework could support various entities and businesses in applying best practices to secure emerging technologies used within their infrastructure by aligning to standards, regulations, guidelines, best practices and policies.

Another way is to expand outreach initiatives among public–private partnerships to understand the implications of emerging technology on cybercrime, and to develop research. Initiatives, like confronting the potential challenge of future cybercrimes and making lawful use of emerging technologies, may help to address all types of cybercrimes, as well as securing existing and emerging technologies.

History tells us that cybercriminals will likely outdistance us. They are entrepreneurs who constantly look for new and innovative ways to commit crimes. We may never be on a par with them, but we can close the gap by being innovative in how we implement cybercrime prevention, analysis, investigations and security measures, as well as remaining up to date on regulations, standards, guidelines and policies.

 

[1] https://www.herjavecgroup.com/the-2019-official-annual-cybercrime-report/

[2] https://www.sophos.com/en-us/press-office/press-releases/2018/01/businesses-impacted-by-repeated-ransomware-attacks-according-to-sophos-global-survey.aspx

[3] A bot (short for "robot") is an automated program that runs over the Internet. Some bots run automatically, while others only execute commands when they receive specific input. There are many different types of bots, but some common examples include web crawlers, chat room bots and malicious bots.

[4] https://www.thedarkwebsites.com/

[5] https://aws.amazon.com/