How to be a step ahead of cybercriminals

Seattle - Users must use modern operating systems while enterprises need to check all devices in their network.

Cybercrime is increasingly gaining sophistication as cybercriminals lurking on the Internet turn more savvy, creative and well-funded. Even as organisations and individuals up their cyber-defences, hackers are one step ahead of them and tapping the weakest link to wreak havoc. This is because the scope of profit is enormous.
Hacking has evolved from being merely a kids' hobby several years ago, turning into a crime committed for profit, financial gains or political motives, where victims tend to be embassies, consulates and political organisations.
Cybercrime is very damaging to companies as it involves the cost of mitigation, loss of customer, loss of brand and cost to repair. According to Juniper Research, it cost an organisation an average of $11.7 million to fight cybercrime in 2017. It has increased more than 62 per cent in the last 5 years. Juniper is predicting that by 2022, the impact to the global economy will be in excess of $8 trillion. That is a staggering number, but historically, Juniper has been conservative in reporting and under-reported the actual impact.
Did you know that the surface Web comprises only 4 per cent of the total Internet? That is the focus of what most people know about the Internet (e-commerce, banking, etc). Beneath is the vast digital ocean - the deep Web. This is the area behind firewalls and also the area where criminal activity takes place. It hosts marketplaces for illegal purposes such as drugs, weapons, pornography, crime kits, etc.

Today, about 90 per cent of cybercrime begins with a phishing e-mail - where you click on a link which asks you to verify your name and password. While phishing used to be simple (often featuring spelling mistakes), it is sophisticated today - varying from spam to whaling - targeting specific C-level suites and they look authentic.
Tech giant Microsoft has set up a digital crimes unit to tackle this growing menace and it invests about $1 billion in cybersecurity every year. There are about 3,500 security professionals in Microsoft. "The role of the digital crimes unit is to investigate, look for attribution and build evidence for criminal referral. We are trying to make it more expensive for criminals to use the online environment for crime and disrupt their business model," says Patti Chrzan, senior director for strategic programmes at Microsoft's Digital Crimes Unit.
The unit employs 100 professionals, of which 30 are headquartered in Microsoft's Redmond campus in Seattle, and 70 in 30 countries. They comprise lawyers, investigators and analysts who find digital bread crumbs leveraging big data, machine learning and artificial intelligence.
With cybercrime being borderless, victims are global and perpetrators are scattered across countries. It may, therefore, be difficult to gain information and cooperation from local law enforcement. Microsoft works to educate law enforcement agencies around forensics techniques and provides technology, for instance, which alerts you if a site is malicious (called Smart Screen).
"We believe in an integrated security approach to battle cybercrime. Cybersecurity revolves around 4 pillars: [1] building security into products and services; [2] intelligence is shared throughout the company; [3] partners are a huge part of our cybersecurity ecosystem and help us make sure customers make the best choices and use modern techniques; and [4] policy: work here revolves around enforcement [civil action, criminal referrals]. We need 21st-century policies and cybercrime laws. Law enforcement is a huge challenge," adds Chrzan.
 
What exactly do customers and enterprises need to do?
Customers need modern operating systems, use information management and security tools, security updates and anti-virus. Enterprises must check who has access, what devices are coming in and how they are being protected.
"You can't fight crimes of today with tools of the past," reckons Chrzan.
Child exploitation is one of the most common areas targeted by cybercriminals. Today, globally, 500 abusive pictures of children are uploaded every minute daily while 1.8 billion innocent images are also upload everyday. This poses a challenge to law enforcement to identify perpetrators.
For example, Microsoft has developed a tool called PhotoDNA, which is a hashing technology. It breaks down an image into a series of grids and provides a unique value and unique alogrithm. This is stored by the National Centre for Missing and Exploited Children in the US. Criminals who are going to trade or distribute will alter the image in some way to try and avoid detection. However, once they have uploaded it onto the Internet, law enforcement can use this technology to take an image they find, hash it and compare it to the repository - if there is an exact match, they can take action.
"Around 130 organisations outside law enforcement that use user-generated content [Google, Linkedin, Twitter, Facebook] use this technology. PhotoDNA provides 99 per cent of all tips given to the National Centre for Missing and Exploited Children. However, criminals are innovating, they are embedding such images in videos and live streaming," says Chrzan.
Users must also watch out for tech support fraud on the Internet. Here, scamsters convince you that your device is infected with malware. Once they have convinced you, they get you to provide them remote access to your device and then sell services you don't need.
This consumer scam started with older individuals since it was often done through cold calling. They each lost $100 or $200 in this scam. "At Microsoft, we get about 12,000 victim reports each month. Moving on from cold calls, the next tactic they deployed was deceptive Web ads - convince you that you are infected and call a number or lock browser in continual loop, leveraging logos of tech companies," she observes.
In such instances, Microsoft identifies the command and control devices, asks for legal permission and redirects the bad domains to a sinkhole which prevents the infected devices from communicating with the criminal infrastructure.
- deepthi@khaleejtimes.com