Film and media portray cybercriminals as hooded hooligans, wreaking havoc just for the challenge. In reality, cybercrime is extremely costly, causing major damage to businesses, governments, and individuals. As new technology and funding keep extending the reach and abilities of cybercriminals and hacker groups, it’s important to implement ways to prevent and fight against the growing threat of cybercrime.
The Cost of Cybercrime
Economic Effects of Cybercrime
Cybercrime has the third-highest global impact from an economic standpoint, trailing only corruption and narcotics. As of 2018, $600 billion of global GDP is lost annually due to cybercrime. Additionally, roughly two-thirds of internet users have had their personal data compromised, a percentage that translates to over 2 billion people.
According to the 2018 Cost of Data Breach Study by the Ponemon Institute, $2.2 million was the average cost of a data breach when fewer than 10,000 records were compromised, and $6.9 million was the average cost of a data breach when fewer than 50,000 records were compromised. The average cost of each compromised record was $148.
According to the FBI’s Internet Crime Complaint Center (IC3) 2017 Internet Crime Report, 301,580 complaints were reported, resulting in losses of over $1.4 billion. The agency also determined non-payment/non-delivery, personal data breach, and phishing were the top crimes.
Why Cybercrime is Growing
Because of the anonymous nature of cybercrime, cybercriminals have a low probability of getting arrested. New technology also makes hacking and cybercrime easier and more accessible. Additionally, there has been an increase in cybercrime centers. Finally, there have been more financial resources for top cybercriminals to use.
Profile of a Cybercriminal
The typical cybercriminal is a male between the ages of 29 and 49. Nearly half are from the Asia-Pacific region, specifically China and Indonesia. They can either work individually or in groups of usually six members or more, and they’ll often work in cybercrime organizations with hierarchies of executives, managers, and workers. The skill level ranges from novices, coders, and “cyberpunks,” to cyberterrorists, “hacktivists,” and professional cybercriminals. They’re activated by a wide range of motivations, including espionage, monetary gain, political or religious beliefs, or simply thrill-seeking.
Major Hacking Groups and Cybercrime Attacks
In April 2018, hacking group FIN7 used point-of-sale malware to steal over 5 million credit and debit card numbers from Saks Fifth Avenue and Lord & Taylor department stores. FIN7 has also been linked to data breaches of Omni Hotels & Resorts, Whole Foods, Chipotle, and Trump Hotels.
The ransomware Notpetya used hacked tax software to attack Ukrainian businesses in June 2007. Notpetya spread globally to FedEx, who attributed a loss of $300 million to the attack. Other businesses impacted included Danish shipping company Maersk, Russian oil company Rosneft, and the British advertising agency WPP.
The group Wannacry perpetrated one of the biggest ransomware attacks of all time in May 2017, when they targeted outdated Windows software. Their attack affected over 150 countries, shutting down Ukrainian and British hospitals and California radio stations in the process.
Some cases remain unsolved. For instance, the credit bureau Equifax was famously victimized in July 2017, when cybercriminals stole personal data from 145 people. The data stolen also included social security numbers. The identity of the hackers is still unknown.
Top Cybercrime Tactics Currently Used by Hackers
Cybercriminals have a wide range of strategies they can deploy to execute their nefarious deeds. These include malicious malware-based cryptomining, adware, ransomware, spyware, and worms.
The Threat of Ransomware and How to Combat It
Ramsomware is prevalent enough to have its own subcategory, ransomware-as-a-service. Also known as RaaS, it’s the practice in which cybercriminals share ransomware codes for a fee. There are over 6,000 online criminal marketplaces that sell ransomware services and products. It’s a strong “service” – ransomware worms are powerful tools that can spread into networks and lock multiple computers. It’s also a damaging one, as the FBA found that $209 million was paid in ransom in the first quarter of 2016.
The FBI has created several steps to help prevent and combat cybercrime. These include creating a business plan in case of an attack, patching operating systems on digital devices, managing privileged accounts, and routinely backing up data.
Organizations Against Cybercrime
Several organizations have been formed to specifically meet the problem of cybercrime head-on. The National Cyber Forensics & Training Alliance (NCTFA), for instance, brings organizations together for sharing resources, threat intelligence, and strategies for stopping cyberthreats. The Anti-Phishing Working Group (APWG) fights against phishing by developing data standards and response protocols. Additionally, the Council of Europe: Action Against Cybercrime assists countries in combating cybercrime and making their criminal justice systems stronger. Domestically, the U.S. Secret Service’s Electronic Crimes Task Force (ECTF) investigates identity theft, business e-mail attacks, ransomware, and network intrusions. Finally, the FBI’s Cyber Action Team (CAT) deploys cyber experts to investigate cybercrime within 48 hours.
Cybercrime shows no signs of slowing down. Understanding the profile of hackers and criminal organizations as well as methods for maintaining data security and privacy will help individuals, businesses, and government agencies prepare for the fight against cyberattacks.