New technologies and techniques are changing the cybercrime landscape in a significant way, creating new challenges for those entrusted with protecting networks and data.
For one thing, you don’t have to be much of a hacker–or even a hacker at all–to be a cybercriminal. Easily available (and affordable) attack and exploit kits will do a lot of the work for you. And if you don’t want to go that far, a budding cybercriminal can just outsource the job via Cybercrime-as-a-Service, a growing sector of the underworld that is established enough to warrant the CaaS acronym, just like Infrastructure-as-a-Service and its brethren.
That’s one of the criminal tools outlined in a recent report, Economic Impact of Cybercrime–No Slowing Down, by the Center for Strategic and International Studies, a bipartisan, non-profit think tank, and security company McAfee. While the report focuses on the global monetary costs of online criminal activity–bottom line, it’s at $600 billion a year, up from $445 billion in 2014–it also identifies some of the latest trends facing cybersecurity pros.
CaaS is an increasingly popular resource for cybercriminals. It offers products such as custom malware and exploit kits; services such as botnet rentals and ransomware distribution; and can supply manpower in the forms of teams that will carry out activities for a price. Not only does CaaS expand the pool of potential cybercriminals, but it can contribute to the sophistication of criminal activities overall. With CaaS, “experienced criminals are able to focus on developing more specialized skill sets, confident in their ability to find others within the thriving darknet ecosystem who can complement their services, and with whom they could collaborate to develop new tools of unprecedented sophistication,” the report says.
Also contributing to cybercrime’s growth is the further emergence of the dark-Web sites such as the Tor (The Onion Router) network and cryptocurrencies such as Bitcoin, which provides a digital means to anonymously conduct transactions and launder money. The report says that estimates of cybercrime’s costs have been skewed by the fact that criminals didn’t always get full value for what they stole; a burgeoning digital black market could change that.
Among other major factors in cybercrime are identity theft and intellectual property (IP) theft, neither of which are very surprising but both are a key concern of any organization. The Office of Personnel Management hack in 2015 netted personal information on four million current and former Federal employees. And China’s theft of vendors’ intellectual property on the U.S. F-22 and F-35 fighters reportedly contributed to the development of its own aircraft. China, the report says, has been the clear leader in the theft of intellectual property, although a 2015 agreement between the United States and China to limit IP theft–at least with regard to commercial gain–appears to have had a positive impact.
The growth in cybercrime has resulted from some new technologies and new ways of monetizing criminal activity that has made cybercrime easier than ever. Addressing those technologies and techniques is essential to cybersecurity, which as CSIS points out, “is a central facet of national security strategy.”
The first mission of the Department of Defense’s U.S. Cyber Command, for example, is to defend DoD networks and missions, but it also is there to protect U.S. infrastructure and “national interests”–which would include business and individuals–from significant attacks.
The report notes that cybercrime is the third costliest type of crime globally, behind government corruption and drug trafficking. But it leads in its ability to make victims of hundreds of millions of people. And it’s a low-risk, high-payoff crime in which perpetrators, particularly when working across international borders, are unlikely to be caught and jailed, something that applies to cyber espionage as well as crime.