Inside the underbelly of cyber crimes and criminals
With so much advancements happening today in the technology world whether it be mobile devices, apps, artificial intelligence (AI) or self driven cars and the list would go on and on.
What's even more interesting though while all these advancements are taking place at very rapid pace ever than before how couldn't the crime world be left behind. Probably they are a step ahead of all these innovations going around the world and they too are taking cues to be more innovative than we can imagine or think of.
The other day I was part of Symantec's media briefing where the software security firm released the 21st edition of Internet Security Threat Report (ISTR) 2016.
While the Symantec's 2016 ISTR offers global insights into the regular stuffs like stats on breaches, cyber attacks on businesses and enterprises, social engineering scams, spear-phishing attacks on individuals and staff, massive data on vulnerabilities and spams and so on, it does has couple of interesting note on the cyber criminals and their sophisticated modus operandi.
According to Symantec's 2016 ISTR findings, most cyber criminals today are operating and functioning more like corporates or organizational style. They are quiet organized and employing professional approach even in their dark world.
The trends are based on the enormous data collected by Symantec Global Intelligence Network (GIN) that monitors internet networks across some 157 countries, tracks over 63.8 million attacks sensors and over thousands of events events each second.
Based on these trends, the findings revealed that these cyber criminals are really adopting corporate style in the way they conduct their dark activities like following Monday to Friday work schedules and are off on weekends. That would be surely surprising for most people.
The sensors have found that activities related to cyber crimes and criminals surges between Monday to Friday and then there's dip during last two days of the week. That's they are bit inactive over the weekends and tends to take a break like we all do.
For these cyber criminals, the month of happens to be the favorite period of the year globally. During the year, November is the only month, where the average attacks count goes high as 2.5 per day.
(Image credit - Symantec 2016 Internet Security Threat Report - volume 21)
Though the findings does point to this interesting trend, it has not much information why the month of November remains favorite for these cyber criminals. So certainly November is the busiest month for these cyber attackers globally including India.
Symantec experts assume that probably its the month/time of the year, where some festivals are around the corner and people are spending more money to buy stuffs and so on, which in a way offers more scope and room for cyber attackers to go after their targets.
While data breaches are become common these days due to proliferation of digitization and internet, 2015 marked 30% increase with an estimated over 500 million identities were exposed by breaches and cyber attacks.
What more alarming is that the value in form of money linked with the stolen information whether it be individual or corporate in the underground market has kind of altered than in the past.
There was a time when credit card information of individuals was seen as very valuable to cyber criminals but now with banks and credit card companies adding more layers of security the value of credit card information has considerably gone low.
(Image credit - Symantec 2016 Internet Security Threat Report - volume 21)
In fact, the value of a stolen credit card information fetches as low as around $o.1o-$20 compared to individual's health records that is high as $50. Even hackers are hacking into Netflix account of users and that information is valued sold around $.025.
According to Tarun Kaura, Symantec's Director - Solution Product Management for APJ, cyber attackers would hack use Netflix user's credential to enter Netflix's network and then would try to hack into other network and users, which makes easy for them to carry out their activities.
In terms of the sophistication of cyber criminals' modus operandi there has been a gradual evolution that certainly needs to noted from technology advancement context.
Cyber criminals have moved from the 'FIX' approach using misleading applications in 2005-09 to 'CLEAN' approach using fake antivirus in 2010-11, and from 'FINE' approach using locker ransomware in 2012-13 to the latest 'FEE' approach using crypto-ransomware during 2014-15.
(Image credit - Symantec 2016 Internet Security Threat Report - volume 21)
The 'FIX' approach is when the user gets an alert or warning message on his or her computer system asking to 'fix' a code or patch for some program or system, using some malicious link or pop-up. The moment user clicks or tries to follow the alert message, the bug or malicious code would easily hack into the system and takes full control.
The 'CLEAN' approach is asking the user to clean the system using some fake antivirus which is again a bug or malware sent by hackers to cleverly fool the user and take control of the computer system.
While the two approaches were bit old, cyber criminals came with their new of 'FINE' and 'FEE' post the first decades of 2000.
The 'FINE' approach where the hacker successfully hacks into the system and locker code takes full control of the computer system and completely locks down, whereby the user literally can't do anything.
Then the user would need to follow the message or instruction appearing on the screen posted by the hacker and has to pay money in order to free the computer system in order to use it.
The 'FEE' approach also targets user's specific data or files through crypto-ransomware, which is a malicious code or trojan sent in a form of an email attachment to trick the user and get access to his or her system and data.
And the user has to call upon these cyber crooks and pay some ransom which could be roughly around $200-$300 or even more in order to free certain data or information that's been freezed or locked down.
What more alarming is that today's crypto-ransomware are so unique and advance that they are able to trespass encrypted data or files, making that much difficult to build security that could would not be tracked down by cyber criminals.
Interesting, the ransomware has been around for more than a decade now and over this long period, it has proliferated itself across platforms or operating systems (OS) like Windows, Android, Unix, Linux and even Apple's OSX.
(Image credit - Symantec 2016 Internet Security Threat Report - volume 21)
Almost nothing has been out of its gruesome reach and grip. However, ransomware legacy has certainly grown and expanded over the years across platforms whether it be Gpcoder in 2005 or Browlock at the end of 2013.
In recent years, there far more ransomware legacies than in the past. In fact between the first quarter of 2015 till first quarter of 2016, over 40 ransomware including Simplocker, Unix.Ransomcrypt, Mabouia OSX POC and KeRanger have tracked down.
Going by the Symantec study stats, crypto-ransomware attacks have gone up 35% globally and its no longer targeting computer systems or PC but it has expanded it reach and targets to mobile phones, smart watches and TVs as well.
That means, ransomware are going to pose greater threats than ever before and the as the world is moving toward to wearable devices and Internet of Things (IoT), in near future, we are surely going to fighting against this menace at all levels across all IP based digital devices and systems, be it at our offices or homes.
Continuing with sophistication of cyber crimes, Symantec study also reveals how some of cyber criminals are employing the fake tech support scams to trick users.
(Image credit - Symantec 2016 Internet Security Threat Report - volume 21)
They send out fake messages across devices like smart phones, laptops, computers, TVs and even cars asking users to call upon some call centres and then dupe them by selling fake hardware or services. Last year, the fake tech support scams saw a whooping 200% jump globally.
Overall, its quiet an alarming and shocking fact that has been revealed by the information security vendor's findings. But its just a tip of the surface and probably going ahead into the future, which is more likely to be driven by and oriented towards technology, we would be living with a double edge sword.
There would be growing compulsion from businesses and enterprises on consumers or users to use technology in different forms and in myriad ways for convenience in our day to day activities and yet there will be this constant challenge to how can we protect ourselves from cyber threats and digital crooks of tomorrow.
(Image credit - Thinkstockphotos.in)