Businesses warned to stay vigilant with “cybercrime-as-a-service” firms on the rise
Tuesday, February 27, 2018/
Cybersecurity experts have warned businesses to be aware of the prevalence of online intellectual property theft and the emergence organisations set up with the sinister intent to scam others.
The third annual report into the global costs of cybercrime from security firm McAfee and US think tank Center for Strategic and International Studies (CSIS) has predicted this type of criminal activity costs the global economy around US$600 billion ($765 billion) each year. This is 0.8% of global GDP, a figure which has grown by $100 billion since 2014.
In Australia, McAfee analysts reported that the “business email compromise” scam was a significant issue, with Australians losing an estimated of $15 million through this type of scam between 2016 and 2017.
The report also highlights the growth of ‘cybercrime-as-a-service’ practices, in which entire organisations are established with the sole purposes of gaining income from scams.
This trend has seen hackers make up to $100,000 a year by selling ransomware kits to others online, according to the firm. Others sell cybercrime infrastructure such as ‘botnet rentals’, which is “temporary access to a network of infected computers, using them for anything from spam distribution to [denial of service] attacks”.
McAfee attributes some of the costs of cybercrime to tech-savvy criminals and anonymous services online, such as dark web browser Tor, that can mask scammers. The monitisation of stolen data has also become easier for cybercriminals as a result of digital currencies like Bitcoin.
“The cybercrime ecosystem has undergone an evolution as it has grown in sophistication to accommodate arrival of new actors, and new scrutiny,” McAfee said in the report.
“The threat of law enforcement action has forced most cybercrime dealings onto the dark web, where the anonymity of Tor and Bitcoin protects actors from easy identification.”
Intellectual property theft is a strong factor behind the rise in cybercrime, with the report warning small businesses that IP theft can be devastating and costly. At least one quarter of all cybercrime can be attributed to intellectual property theft. Business owners may not recognise a direct drop in income, but intellectual property theft can lead to a drop in market share and indirect loss of product revenue due to growing competition.
To combat cybercrime, McAfee recommends increased international collaboration and law enforcement measures, and developing multinational treaties that mutually assist nations.
SME owners are encouraged to implement basic cybersecurity measures, with the report highlighting a lot of the onus is on the business owner to ensure their online practices are secure.
“Protection against most cybercrimes does not require the most sophisticated defenses. This responsibility mainly falls on companies and consumers.”
SMEs need to regularly review cybersecurity
Practice manager at security firm Hacklabs Michael McKinnon tells SmartCompany SME owners need to do more to keep up to date with the exact nature of cyber security threats.
“Small businesses tend to underestimate the capabilities of these adversaries. The internet has this global reach and what it creates is a business opportunity that works at a massive scale,” says McKinnon.
Cybercriminals have certainly become more tech-savvy, McKinnon says, leading to greater activity in this area.
“In the old days you’d have to build it yourself, but now many of the tools are readily available,” he says.
“There’s a lot of people who have treated this business model of getting crooks to pay on a regular basis and even subscription updates. It’s a reflection of were we’ve gone as an industry.”
McKinnon also points out a growing trend over the past six months in hackers accessing hardware and introducing cryptocurrency miningware for financial gain, instead of directly malicious attacks. Despite the immediate impact of the attack, there is a still a security weakness ready to exploit.
“There’s been a number of small businesses being compromised for mining cryptocurrencies,” McKinnon says.
“The vulnerability is still there, it’s just being used for a slightly less malicious purpose. If the situation changes, they may go back to ransomware.”