Cyber-crime Threat and Mitigation

South Africa has been ranked as having the third largest number of cybercrime victims - second only to China and Russia. According the CyberThreat Barometer 2012/3, released by Wolfpack Information Risk, direct losses to cybercrime in South Africa between January 2011 and August 2012 were R2.65 billion, with a further estimated R662.5 million of the R2.65 billion not recovered.

For a country and continent that is still developing, those are huge numbers; some of these reports are being conservative and also taking into account that some cybercrimes in South Africa, in particular, are not reported as such but are rather reported as 'fraud'.

Another report shows that the African continent as a whole accounts for only two percent of global GDP, yet it accounts for ten percent of global cybercrime incidents.

Cybercrime is any crime activity that uses the internet or computer networks. This can be further categorised as crimes where a computer is a target, a tool or a repository.

Internet Connectivity Growth

Internet connectivity is no doubt increasing in Africa as a whole. Increase of broadband penetration increases Nigeria's GDP by three percent ( for South Africa it is approximately one and a half percent) , and so will cybercrime.

Hence it is worth repeating that even the free Wi-Fi vendors, as awesome as that service is, should take proactive steps in protecting,informing and educating the users of their services on how to use Free Wi-Fi while keeping safe; instead of waiting until an incident happens and then only trying to jump on the security bandwagon – and really, that's where security has shifted to, from reactive-orientated to proactive-orientated.

Anti-viruses are no longer enough on their own, IDS/IPS (intrusion detection system/intrusion prevention system) are no longer enough on their own.

Organised Cybercrime

Cybercrime, in most cases, is not the stereotypical kid in some darkroom hacking away trying to get rich; these days, cybercrime is a well organised, structured entity- almost like a company!

It's an industry on its own that makes millions monthly and annually. Some of the tools or methods they use include some very sophisticated malware (malicious softwares/programs) which, I must admit, at times I do admire!

ATM's, Point-of-Sale systems, mobile and online banking – all are relatively easy targets for most of these cybercriminals. Some methods include what's known as ransomware (as in, your money ran-somewhere....get it?), they essentially encrypt your computer and demand a ransome in order to decrypt/'unlock' it.

I heard of one such ransomware, cryptodefense, that enables its makers to get $35,000 a month or something like that.

The Unfair Scale

What makes cybercrime even worse is not that the criminals are not caught, but rather, that they have to be stopped EVERY time in order for a company to consider itself 'safe', whereas cybercriminals can be stopped MOST times and only succeed only ONCE and then the whole world (cough main stream media) trumpets how good those cybercriminals were and how pathetic the breached company was – yet neglecting all the times that the company thwarted attack after attack which were never mentioned in the media.

This is, quiet frankly, an unfair scale- but hey, who said life was fair, right?

Automation or the answer to “why would anybody hack me?”

Many people still falsely think they wouldn't get hacked since they are not famous, are not rich or that their company is still relatively small and unknown, but that is far from true, since direct stealing of money is not the only motivation for cybercriminals.

For example:

  • Social media accounts sell for more than credit card information with PIN in the 'underground' economy
  • Your hacked computer or work computers can be used to mine cryptocurrencies; furthermore, your computer or computers can be used to be part of a botnet or zombie network, which can then be used by cybercriminals to launch attacks on other companies or people to make them more money.

There are wonderful tools (I use the term 'wonderful' not because they are good but because of their creativity), such as BlackOS , which essentially automate the hacking of websites/web applications and systems.

Many cybercriminals have bots that are constantly scouring the internet to find vulnerable systems and applications then exploiting them.

Some of the malware used by cybercriminals can evade – yes evade- anti-virus detection! We won't get into details of how anti-viruses work though. But, before you loose heart, it's still better to have an anti-virus than not to have it- besides, it's not all attacks used by cybercriminals evade anti-virus detection.

Many of these cybercriminals offer their malicious software on subscription basis and offer 24/7 'customer' support! That's how good the cybercrime industry is. Botnets and hacking tools can also be rented from the cybercriminals by anyone with the money (and it's not too much).

So yes, everyone can, is or will be a victim of cybercrime, from individuals, established companies and yes – start-ups too.

When one realises the uneven field which we are playing when it comes to the cyber-crime threat, it's so easy to get discouraged. But there are steps that we can take to mitigate these cyber-crime attacks.

What Can Be Done?

Easy money will always be a big temptation.

We also have to keep in mind that we are now playing a game of catch-up with cyber-criminals, as they have a huge head start- but, I believe, the tables can turn if we act right and act fast in our individual, company, policing and governmental capacities.

Some of the immediate steps (which are not exhaustive) that can be taken and those that are suggested are as follows:

Individuals

  • Keep all your devices updated at all times – PCs,laptops and mobile devices.
  • Install and update anti-virus and internet security software on your devices – PCs,laptops and mobile devices.
  • Don't use the same passwords for all your online accounts.
  • Do use a strong password, the more characters the better. You can even use a password manager if you fear forgetting your passwords.
  • When you receive links via email, do hover your mouse over the link and check if the displayed URL when hovering your mouse is the same as the one you are asked to visit.
  • Do be careful when it comes to opening attachments in e-mails.
  • Manually type in the bank URL you want to visit. Don't go to a banking site via a link.
  • Always check the URL address bar of every site you visit to ensure it's the right one, especially when about to input usernames and passwords.

Companies

  • Keep all company devices updated at all times.
  • Install and update anti-virus software on all company devices.
  • Do check your logs – even BEFORE a breach occurs.
  • Do have an Intrusion Detection & Inrusion Prevention System on your networks.
  • Do enforce the use of strong passwords.
  • Offer secure services by default

Companies can or should start collaborating and sharing insights on the threats they face and the mitigations to those attacks.

Banks are on the ball in terms of this, but what about other companies? SMEs?

How many companies and government departments still use Windows XP?

National Awareness Campaigns

I am aware that many African nations are starting to implement or draft cyber-security frameworks and policies, which is a great thing and will really help in combating cybercrime on the continent.

A government-backed national (or even continent-wide) information security awareness campaign would be a huge step forward.

When HIV/AIDS was seen as a serious threat to the continent, huge campaigns were rolled out and steps taken and we can see the results of that.

Perhaps someday when governments see cybercrime as a threat serious enough, similar campaigns will be deployed to educate everyone about cybercrime and what to do.

I'm not discounting the real issues such as hunger, lack of electricity, diseases,etc that we have on the continent, however, cyber-crime is turning out to be a cancer in our economy.

Law Enforcement

Our law enforcement agencies will have to be on their toes as far as tech is concerned.

The reasoning is simple:

A police officer that isn't computer savy would not be able to help you if you report a case of hacking and stealing of intellectual property because she wouldn't be able to understand what you are reporting since your information would still be on your PC, so what crime was commited since your information wasn't stolen?

I'm aware that some police units have cyber-crime units that are doing incredible work, even though we may not often hear of them, but even local police stations should have someone knowledgeable about such matters.

This is vital.

Many companies that get breached not only refuse to disclose that they were breached but they often refuse to report the matter to the police because they feel that our police don't have the skills, man-power or understanding to help them in cases relating to cyber-crime!

Hell, honestly even I wouldn't do that, yet.

But as our police forces are trained in these matters, perhaps then I would.

As big as cyber-crime is in our country (South Africa) and continent (Africa), this is only just the beginning; more is yet to come. With the recent Snowden revelations of what the NSA has been doing, in a couple of years, cyber-criminals will be doing similar surveillance too.

Image credit: DELL Inc.

Comments