Dziennik Gazeta Prawana logo
E-wydanie

Remote Opportunities… In Crime

Remote Opportunities… In Crime
Shutterstock
Grzegorz Kowalczyk
5 grudnia 2021

Opportunity makes a thief – this saying has become more and more relevant now that we have moved a significant part of the economy online due to the pandemic. The scammers followed our lead.

COVID-19 has motivated cybercriminals to refine their previous strategies and successfully introduce new ones, allowing them to reap record profits. According to the research firm Cybersecurity Ventures, global damages caused by illegal online practices for the current year are estimated at over $6 trillion. And things are only likely to get worse – thieves will continue to prey on the gullibility of those who cannot adapt to virtual reality. Analysts predict that the worldwide cost of cybercrime will increase by 15% annually over the next five years, reaching $10.5 trillion by 2025. For comparison, even 10 years ago the equivalent figure was “only” around $3 trillion.

Why is this happening? There are several answers. The simplest one is that there are simply more opportunities for fraud. After all, the pandemic has generated a record number of online transactions, forcing a huge number of new, inexperienced web users – including the elderly – to go digital. Criminals are taking advantage of the naïveté of users who are dealing with teleworking or handling official matters online for the first time.

It is not true, however, that these are the only groups who fall victim to crime – it turns out that young people and regular internet users only seem to be immune to attempted fraud.

Preying on ignorance, pity and gullibility

Tried and true methods of swindling money out of personal accounts have undergone a veritable renaissance of efficacy. Emails that trick people into transferring money to previously unknown accounts or persuading them to share confidential information (phishing) are once again becoming lucrative for criminals.

Methods vary – from impersonating wealthy people temporarily in need of money and promising fabulous compensation for a quick loan, to exploiting people’s sympathy through photos of sick people supposedly in need of help, or children left out in the cold. Cyber-security experts repeatedly point out that human gullibility is in fact the weakest link in protecting against attacks.

COVID-19 also affected phishing effectiveness. The fact that the disease was unknown and creating panic meant that thieves had no trouble finding easy prey. Criminals pretended to be institutions waiting for data or sending out the latest urgent information in attachments. As calculated by F5 Labs 2020, a company that deals with cyber threats, the pandemic has exponentially increased the scale of scams that prey on internet users. During last year’s pandemic peak, phishing incidents increased by 220 per cent compared to the 2015-2019 annual average.

The answer to these threats must be effective prosecution of criminals and continuous education and warnings from multiple channels. Nevertheless, experts are under no illusions: human error will remain the weakest link in the system and criminals will cynically exploit these mistakes.

Business at high risk

Even more important in the context of safeguarding economic interests are cases of attacks on financial institutions and companies.

E-banking, for example, has become a target for hackers. The rapidly growing volume of online sales has inspired fraudsters to hone methods of successfully impersonating banks or phishing for credit card data. Some strategies also involve direct attacks on the network infrastructure of individual banks. According to a VMWare report, between February and April 2020, attacks on the financial sector increased by 238 per cent worldwide.

Attacks on individual companies do not have to be particularly sophisticated, yet they can disrupt large parts of the economy. According to Kaspersky’s calculations, ransomware that blocks access to data will inflict losses of up to USD 20 billion in 2021. This figure has already increased by around 57 times compared to 2015.

Some of these attacks can be spectacular, such as the one launched again software company Kasey, whose services were used, among others, by the Swedish retail chain Coop. The attack resulted in the temporary closure of about 500 shops, in which the cash registers stopped working. And this is not the only high-profile case. Last year, criminals tried to steal data from, e.g. Honda, Orange and Whirlpool.

Less well-known companies are also at risk. A report by consulting firm KPMG indicates that 64 per cent of companies surveyed in Poland reported at least one cyber incident in 2020. 51 per cent of companies admitted that the need to organise remote working was a challenge in terms of ensuring security, as it increased their vulnerability to cyberattacks. Responding to this challenge, a quarter of companies have increased spending on security assurance.

A trillion for defence

Hacking attacks are often launched not only to grab money, but also to capture intellectual property or technology. Hence, in addition to individual market players, states and international organisations are also springing into action. On one hand, they must ensure the security of economic operations, and on the other, secure their own servers, which contain sensitive citizen data that are invaluable to criminals.

Such was the case of an attack by the Hafnium hacker group in March, which penetrated the Microsoft Exchange email software for business customers.

Up to 30,000 US companies and organisations, including schools, financial institutions, and even government agencies fell victim to the hackers. In total, the attack might have affected as many as 250,000 users. This issue is not unique to America. The European Banking Authority reported that it was also targeted by cybercriminals. Although the EBA gave assurances that the hackers had not gained possession of the data and that the attack had been repelled, the very fact that the attackers had decided to carry out such an audacious act was cause for concern. This was particularly true given the fact that, in late 2020, criminals breached the Solar Winds software and intercepted some confidential data belonging to American customers. As a result, up to 18,000 companies fell victim to the hackers.

Such attacks have prompted governments to step up their efforts. Joe Biden’s infrastructure package proposes an additional USD 2 billion to beef up network security. The funds will go toward securing critical infrastructure, helping vulnerable organisations defend themselves from criminals, and funding a key federal cyber office, among other things.

In Poland, the government recently decided to set up a special fund for cyber security. Action is also being taken at the EU level; in the middle of this year, the European Commission proposed establishing the Joint Cyber Unit to allow for a better and faster response to major cyber-security incidents. “Cyberattacks are growing in number, scale and consequences, greatly impacting our security. All relevant actors in the EU need to be prepared to respond collectively and exchange relevant information on a ‘need to share’, rather than only ‘need to know’, basis,” the EC release reads.

Cybersecurity Ventures predicts that within five years , total global spending on cyber-security products and services will exceed $1 trillion. Regardless of the outcome of the battle governments and companies are fighting against cybercriminals, spending in the coming years is expected to skyrocket, becoming an increasingly important part of global investments. ©

Źródło: Dziennik Gazeta Prawna

Materiał chroniony prawem autorskim - wszelkie prawa zastrzeżone.

Dalsze rozpowszechnianie artykułu za zgodą wydawcy INFOR PL S.A. Kup licencję.

DGP