This feature first appeared in the Spring 2023 issue of Certification Magazine. Click here to get your own print or digital copy.
The IT revolution sparked the proliferation of everyday personal computing, the rapid expansion of business information networking, and the birth of a global shopping center built across thousands of e-commerce websites. At every step along the way of this paradigm shift, there have been criminals looking to exploit technology and technology infrastructure for their own nefarious gains.
Aside from the motive of ill-gotten gains — greed is certainly the single largest factor driving the ceaseless growth of cybercrime — what accounts for the exploding, expanding escalation in digital banditry? What level of impact is cybercrime having on individuals, businesses, and governments? How do some cybercrime victims inadvertently make themselves more vulnerable to such attacks?
Let’s answer these questions and look at some recommendations for how IT professionals who aren’t cybersecurity specialists can improve their awareness and intervention skills.
What is cybercrime?
In essence, a cybercrime is any event where computing technology is used to carry out illegal activity. While cybercrime's ties to technology have given it a unique category in the justice system, it is in many ways not so different from its brick-and-mortar counterpart.
For example, cybercriminals share many of the same ulterior motives with conventional lawbreakers. Personal vendettas, financial gain, political manipulation, and radical social disruption are well-established motives for many types of crime. And, like conventional crime, cybercrime ranges in severity from nuisance events to serious violations that have devastating consequences.
But cybercrime is different from conventional crime in one important way: A single cybercrime event, even one of relatively low complexity, can potentially affect the lives of millions of people. The ability for criminals to achieve results on such a massive scale is one component of why cybercrime rates have skyrocketed in recent years.
The drivers of cybercrime
A recent Forbes magazine article reported that cybercrime is growing at an exponential rate, with related financial costs expected to hit $8 trillion this year, rising to $10.5 trillion by 2025.
There are several key factors contributing to the current escalation in cybercrime:
Massive number of targets — Every person, business, and organization with an online presence is a potential target for cybercrime. The number of potential points of access found in the average office or home has increased substantially in recent years, much of it due to the proliferation of Internet of Things (IoT) devices.
It wasn’t that long ago when the average home only had a handful of computers and mobile phones connected to a single wireless router. Today, a typical home can easily have a dozen or more networked devices on a wireless mesh network using multiple access points.
As an example, consider an American residence with a family of four where every family member has a smartphone and a personal laptop or tablet — not an extreme scenario in 2023. Now, picture this home with some or all the following devices installed:
- Streaming media boxes
- Videogame console and handhelds
- Doorbell web cam and front/back yard security cams
- Front and back door smart locks
- Smart thermostat and HVAC sensors
- Smart appliances (fridge, stove, washer and dryer, dishwasher, freezer)
- Small smart appliances (coffee maker, convection oven, vacuum robot)
This home could easily have more than two dozen potential points of vulnerability, many of them relying on the diligence of product manufacturers to keep their firmware and software securely patched.
Growing sophistication and availability of hacker tools — The degree of difficulty for discovering and deploying hacking tools has never been lower than it is today. Many of these tools have achieved the ease-of-use level of mainstream apps even as they’ve become more powerful and sophisticated.
Immediate and widespread information on security vulnerabilities — There is very little delay between the discovery of a major vulnerability and the creation and distribution of an exploit for that vulnerability. Consumers and businesses are frequently at risk before they know that a verified threat exists.
Major software companies and product manufacturers attempt to keep discovered vulnerabilities under wraps until a patch can be created and released. These efforts are often thwarted, however, by well-meaning techies who announce discovered exploits the moment they find them.
Increasing geopolitical instability — Cyberattacks initiated due to espionage or open conflict between nations have increased substantially in recent years. Cybercrime is now frequently a tool in the hands of governments, sometimes unleashed — whether passively or actively — to destabilize economic and political systems, as well as cause increased havoc in areas of open warfare.
For instance, the Russian invasion of Ukraine created a digital battleground rife with aggressive cyberattacks. Ukrainian government websites were defaced or brought down entirely. Russian hackers launched denial of service attacks against Ukrainian banks and financial institutions. In a move worthy of a James Bond villain, the Russians have even hacked telecommunications satellites providing Ukrainian telephone and internet services.
Another source of increased global cyberattack activity is the tense diplomatic relations between China and the United States and Canada, a situation which has seen the destruction of supposed spy balloons, and charges that China interfered with the last Canadian federal election. One notable cyberattack at least partially ascribed to the tense relations with China was a recent malware attack targeting SonicWall security appliances.
Security vulnerabilities in open source software — A CSO news item from earlier this year reported on some disturbing findings from the “2023 Open Source Security and Risk Analysis” report prepared by application security company Synopsys. According to CSO, “Almost all applications contain at least some open source code, and 48 percent of all code bases examined by Synopsys researchers contained high-risk vulnerabilities.” And in one instance, “aerospace, aviation, automotive, transportation, and logistics companies recorded a 232 percent increase in high-risk vulnerabilities in the [monitored] 5-year period.”
Phishing and ransomware — The two types of cybercrime currently dominating the headlines are phishing and ransomware. Phishing e-mails have been a security threat for decades, but the practice has seen a modern resurgence due to the popularity of mobile text messaging, as well as direct messages sent through popular social media platforms.
Phishing is one of the most popular types of hacking because it is comparatively easy to implement and continually achieves decent success rates. While early first-generation phishing attempts were relatively crude affairs, the technology has become more sophisticated in recent years. Hackers are able to use professional-grade images and picture-perfect copies of social media templates to add legitimacy to phishing messages.
Individual targets who respond to phishing attacks can become victims of identity theft, or might be coerced into paying “fines” with cybercurrency or other difficult-to-trace methods. Not surprisingly, some of the largest companies offering popular products and services used by millions of people around the world commonly serve as the stand-in sender of phishing messages. Microsoft, Amazon, DHL, Google, FedEx, and Adobe are all popular options that are used as the bait in phishing attempts.
Phishing uses a classic carrot-and-stick social engineering approach — the allure of receiving a reward on one hand, the threat of penalty if action isn’t taken in the other. This approach can be particularly effective with elderly targets, who often have less familiarity with how legitimate businesses and government organizations use the internet to communicate with people.
Ransomware also uses phishing’s psychological tactics, but the target’s response triggers an attack that literally takes control of one or more computing devices. A successful ransomware attack results in a classic scenario of extortion: Pay the ransom, and the affected device and its corresponding functionality and data will be restored.
The punishment for non-compliance can be the destruction of the data being held for ransom, or might extend to consequences causing the collapse of an entire network. Many infosec professionals consider ransomware to be the greatest security threat to governments and businesses in the world today.
According to a CSO survey, 76 percent of the responders were the target of a ransomware attack in 2022, with an infection success rate of 64 percent. Of the successful attacks, only half of the organizations were able to retrieve their data after paying the ransom.
While many infosec professionals advise their companies to never pay a ransom, a greater number of businesses have signed up for cybersecurity insurance policies. These policies are meant to help cover the costs of a ransomware attack, even when the odds of a successful outcome are no greater than a coin toss.
What IT pros should know
IT professionals who don’t specialize in cybersecurity should still have a working familiarity with the most common types of attacks. At a minimum, they should be able to identify the key characteristics of phishing messages and be able to describe these aspects to coworkers and family members.
IT pros should subscribe to security bulletins from the vendors and organizations most closely related to the products and technologies they work with. IT pros who hold one or more certifications should check with their certifying bodies to see whether they offer security-related newsletters or SMS alerts.
Employees of managed IT services companies should be able to describe to clients and potential customers what cybersecurity insurance is, the types of events it can cover, and how putting certain precautions in place might help to reduce insurance premiums.
IT professionals should always know where and how to report criminal incidents, including which law enforcement agency has jurisdiction, and which individuals should be contacted first. This will often vary by region, so it’s a good idea for IT pros to research the best alternative in whatever area of the world they work in.
Thankfully, some of the most popular types of cybercrime can be avoided by learning a few key details and using some basic but important precautions which are relatively simple to implement. Always treat unsolicited text or e-mail contacts with caution. Never open a file attachment you can't directly identify or weren't expecting to receive. And if you haven't taken a refresher course on basic cybersecurity hygiene recently, add that to your to-do list.