Blog / The Evolution of Cyber Crime – The Cost of Effective Cyber Security Counter-Measures is on the Rise…
Two things came together late last week and this morning that caused me to choose a topic for this week’s Tech Update. I normally allow Karl, our Cyber Security technician, to write about all things Cyber Security, but allow me to provide a lay-person’s view of some recent activities and information. It might be a not-so-welcome distraction from relentless Pandemic news. First, the event from this morning:
I was forwarded an article from Jon Harmon, one of our Account Managers. It described a Cyber Attack on the City of Saint John in Newfoundland. While details are sparse, it appears the City suffered a Cyber Attack on the weekend, which caused a system-wide shutdown of all IT systems and services, including their website and resident payment systems. Residents were encouraged to “regularly check their bank accounts and credit cards for suspicious activity.” You can read more information here:
The second event was a short webinar we attended as part of a larger virtual conference last week. The session was hosted by Trend Micro. Many of you will recognize Trend as one of the premier providers of Anti-Virus software; it may be installed on your computer, as we’ve used it to protect Clients’ IT systems for years. The webinar was a high-level review about the current state of the Cyber Crime “industry”. The message was clear: Cyber Crime is very much an Industry.
We tend to think of Cyber Criminals as the proverbial Vladimir hiding in his basement in an eastern-bloc state, tapping out mystical code, as he tries to break into IT systems all over the world. Hollywood fiction.
Cyber Crime is Organized Crime in every aspect of their operation. In fact, Cyber Crime mimics all the best practices of our legitimate corporate IT world. It’s global, highly organized, and very efficient. It’s also huge in scope and reach. Here are three examples drawn from the presentation, that might surprise you:
1. People who develop the “code” used to crack into IT systems are rarely those doing the attacks. These coders work in teams and just like any other well-organized software development team, they’re paid normal wages for their efforts. They analyze Best Attack vectors: develop, test, and refine their attack code – and package it for resale to other Cyber Hoods. That’s right: there’s an active black market for well-designed, efficient Cyber Attack systems. They include warranties, support, and constant upgrades, just like legitimate software we use every day. And of course, they’re branching out, by using AI (Artificial Intelligence) and automated BOTs to do the work.
2. Cyber Crooks use Search Engine Optimization (SEO) services to draw traffic to their clandestine websites to promote their products; either to resell such products and services to other criminals, or to attract unsuspecting legitimate users to download Malware. Imagine the firm you hired to enhance your website presence, also working for Cyber Rogues; and they may not even know it!
3. Early versions of Ransomware didn’t care what information or data was on the computer; it simply encrypted everything and asked you for money to unlock the computer. But that is inefficient as the user may not care about the information and choose to reformat the system and start over rather than pay the Ransom. Today’s Ransomware is much more sophisticated. Once they break into a system, they search out and analyze the type of info they can find and what systems are used to host the data. They may look for specific kinds of information; personal data, database configurations, or closely held info that may be embarrassing or damaging, if released. They may also analyze backup systems to see what, where, and how often information is backed-up. Once analyzed, they tailor the attack to cause the most damage to the BUSINESS operations of their victim. Hence, they can maximize their profits, by increasing the Ransom demands and targeting organizations with the most to lose.
If you think we’ve licked the problem of Cyber Crime, think again! It will get worse as more information is stored on Digital Information systems and Cyber Criminals increase their efforts to harvest more profit from their activities. In fact, we attended another presentation at the conference, whereby Cyber Security countermeasures were described as the “fastest-growing segment of Managed IT Support Services” – sometimes adding as much as 40% to 50% to the per-seat cost for an organization. If you’re paying an average of $100 per-seat, per-month, for Managed IT Services, expect an increase to $140 or more when adding the proper tools and Cyber Security countermeasures required to keep your info safe.
And you thought that COVID-19 was the only anxiety keeping you up at night! If you would like some more information about effective Cyber Security or want to book an appointment to talk to one of our Account Managers, please contact me.
Director of Account Management and Marketing