10. June 2021

Cybercrime – a Damoclean sword over companies and private individuals

Grafiken-3-EN-Dobler-Blogbild-rgb

Cyberattacks // Cybersecurity is the buzzword of the moment. Not a day goes by without reports of a cyberattack or hacked accounts in the news. Who is behind them? And what do the attackers want? An overview.

In 2018, the Swiss government combined all its cyber security committees into one new organization: the “National Cyber Security Centre” or NCSC, which now incorporates previously known units such as “MELANI” and “GovCERT”. By creating the new specialist center, the government has underlined the significance of “cyber security” and how important it is to pool forces in the fight against cyber crime.
Every week, the NCSC publishes the current statistics on reported cyber security incidents in Switzerland, which average around 350 a week. This simply means that at least 350 attacks are discovered and reported – the hidden figure may well be considerably higher.

Incoming reports 2020/2021 (per week)

Figure 1: Number of attacks per week, source: NCSC.ch

 

The NCSC also publishes data on the type of attacks reported. In calender week 23 of the current year, for example, the majority of attacks were fraud and phishing attacks (see Figure 2).

Incoming reports 2021 by category, CW 23/2021

Figure 2: Attacks by category, source: NCSC.ch

 

In the latest report of the Center for Strategic and International Studies (CSIS) on the topic of Cyber Crime1, published in February 2021, the global damages resulting from cyber-attacks was estimated at approx. 600 billion US dollars per year. For comparison, the international drug trade has an annual turnover of approx. 500 billion dollars. Even more alarming than the high cost of the damage, however, is the development of cyber crime: in the last five years, it has increased by 30 percent, with no sign of stagnating – quite the contrary.

Categorization of attacks and perpetrators
Cyber-attacks can be roughly divided into three categories, based on which the costs and potential victims can be identified.

1. Advanced persistent threats
These are targeted attacks, which are generally carried out with significant expertise and coordinated effort. As a rule, the aim of these attacks is to extract information. The attacks are specially tailored to the target system and typically last several months. The attackers possess extensive technical knowledge and have considerable resources at their disposal. Secret service activities and industrial espionage are the most well-known form of APT attacks.

2. Targeted attacks by cyber crime organizations
These attacks are often driven by a financial motive. The aim is to make money through fraud or extortion. Victims of these attacks are usually small and medium-sized companies, with the attacks most frequently being in the form of ransomware. Here, attackers attempt to encrypt all of a company’s data in order to demand ransom money in exchange for its release. Once the money has been paid, the company usually receives the password and is able to access its data again. Often, a single weak point is enough for ransomware to take hold. Another popular form of attack in this category is “CEO fraud”, where the attacker attempts to pose as the CEO by email or telephone and initiate payments.

The category of targeted attacks by cyber crime organizations also includes activist activities. Their motives are not financial in nature, but ideological. The targets of these attacks are usually companies and organizations with high exposure. The aim is usually to attract as much as attention as possible, rather than to cause damage. As a result, these attacks are carried out and exploited for maximum media attention. This is usually achieved using known software weaknesses, or by targeting administrators for access details.

3. Mass attacks against private individuals
These attacks are usually targeted at private individuals via spam emails. Even if only one person in a thousand clicks a link and enters their login details, the attacker makes a small profit. The damage caused in each individual case is typically too small to make an investigation worthwhile. As a result, these deceptive approaches keep getting better and more sophisticated. Spam emails used to be easy to spot, whether posing as a single woman looking for love, or an African prince seeking assistance. Today, attackers go to greater lengths and pose as the bank or even the police – with extremely well-faked emails.

Figure 3: Simplified representation of the threat pyramid according to SANS.

 

What will the future bring? Are we defenseless?
Unlike law enforcement, which is tied to national laws, cyber criminals operate without borders. Cyber crime is bound to increase; the prospect of making a profit, with comparably low risk and effort, is simply too tempting. An attacker can initiate thousands of attempts, and the target has to deflect them all. At first glance, the odds don't look good. The defense against cyber-attacks must start with the weakest link in the chain: the human factor. How many people use simple passwords, or the same password for every site?

ti&m has made it its mission to make passwords obsolete. A secure future without passwords is possible. Every individual has virtually unforgeable biometric characteristics, such as their fingerprints or face. Another alternative is the “digital footprint”. This involves creating a profile for a user based on their behavior and the devices they use, and recording properties such as time, location, typing speed, device type, browser, language settings and many other factors. With around 40 such factors, almost everyone can be clearly identified. If, in future, logins via biometric features or digital footprints become a reality, identity theft will be nigh on impossible.
The second major weapon against cyber crime is knowledge. If companies are unaware of what exactly is going on in their systems, they will be unable to detect attackers, or will only notice when it's already too late. Security Information and Event Management (SIEM) is the keyword in this regard. The theory is simple: all data and log files are searched by an algorithm and correlated to identify anomalies. Artificial intelligence and machine learning can be used to do this. This way, attacks can be detected before they cause harm. The technical implementation is not quite that simple, of course, but the vision is clear and the result promises effective, sustainable protection against cyber-attacks.


Fabian Dobler
Fabian Dobler

Fabian Dobler has been at ti&m for eight years, where he is responsible for Security Integration. He also volunteers as an officer in the fire brigade.

Leunita Saliji
Leunita Saliji

As Associate Principal, Leunita Saliji is responsible for Service Management & Operations and Application Management at ti&m. She is also a lecturer for the BSc and MAS degree courses in Information Technology at the Swiss Distance University of Applied Sciences (Fernfachhochschule Schweiz – FFHS).