The ghostly world of cybercrime is veiled in mystery. An image search on the Internet immediately yields the typecast of the hooded, faceless attacker. So how does cybercrime work? It is a crime committed on or using a computer or other digital devices. In practice, the business of cybercrime elevates common crimes such as blackmail, fraud, money laundering and theft by enveloping them with all the benefits of the high-powered, high-speed world of technology.
Technology has become increasingly prevalent in everyday life due to the advances made in areas such as data storage, processing power, Internet speeds and Artificial Intelligence. This allows for massive growth of data generated daily by businesses and people around the world and efficient, easy access to social media, smart services and distributed systems.
Smart devices, cloud computing, the Internet of Things—all portals of access to the massive amounts of data created daily by individuals and companies alike, yet the advantages they bring are also enablers for cybercrime if not managed securely and effectively. Poorly educated users, who are susceptible to social engineering, badly designed IT networks, design flaws in websites and apps and improperly secured systems provide greater levels of access to cybercriminals now than ever before. Together with the continued advancement in malware and other malicious tools, coupled with the advent of cryptocurrencies and easier methods of transferring of monies around the world, this provides a degree of anonymity that means it is a low risk business proposition that yields high returns.
So how do criminals get caught? On the surface, cybercrime seems like it would be a fairly open and shut case: a cybercriminal commits a crime, law enforcement steps in, catches the perpetrator, and the case is closed. However, due to the sophisticated tactics these criminals use, it makes it extremely difficult for law enforcement to even collect evidence, let alone capture the suspect and prosecute them.
Most cybercrimes are committed by individuals or small groups. However, large organized crime groups also take advantage of the Internet. This criminal fraternity constantly finds new ways to commit old crimes, treating cybercrime like a business and forming global criminal groups. Criminal communities share strategies and tools and can combine forces to launch coordinated attacks. They even have black-markets where cyber criminals can buy and sell stolen information and identities. MagBo, a shadowy online marketplace where hackers sell and buy hacked servers, has soared in popularity to become the largest criminal marketplace of its kind since its launch in the summer of 2018.
In their survey of CSO/CISOs in the UAE between 04.03.2020 and 11.03.2020, Proofpoint state, "Cybercriminals are focused – forever honing their skills and techniques. If you’re not doing the same, there can only be one winner.” So how are cybercriminals taking advantage of the current pandemic? Ransomware and blackmail as a result of Covid-19-related phishing attacks are among the most significant avenues that cybercriminals are using during the current pandemic. KPMG’s recent publication on Ransomware campaigns in 2020 show that there have been over 2.5 million ransomware attacks across 200 countries since the start of the year.
Taking advantage of the world’s focus on the virus and preying on the growing worries and fears amidst times of uncertainty, cybercriminals are attacking companies and people at their weakest points. All it takes is a click of a link on a phishing email, or the response to a carefully drafted but malicious email, to instigate an attack that is causing both financial loss and suffering.
Security researchers have identified that since January 2020, over 4,000 Covid-19 related domains (locations of websites) have been registered around the world, with approximately 3% (120) expected to be malicious and 5% (200) suspicious. We expect this trend to continue into the foreseeable future.
These domains can be used to set up fake websites. Using social engineering techniques, scammers can act under the guise of experts claiming to provide credible information about the virus, offers for vaccinations, and advertisements for prevention of the disease, and set up donation platforms. Typically, the scams will invite a user to provide sensitive information for later misuse, pay money into the criminal's account, or click on dangerous links and attachments. Once the link or attachment has been opened, there is a risk that the user's system can be compromised.
Making them even more dangerous, country borders are meaningless to cybercriminals: their reach is unfettered by the constraints of geography. Keep an eye out for the next article in this series, where we touch upon the risks this poses, and discuss what locations are particularly vulnerable within the Middler East, and reference results from the KPMG 2020 UAE Cybercrime Survey.