January 10, 2019
Cybercrime Report: Protecting Vulnerable Customers from Digital Predators
Posted August 21, 2017
On the heels of the Q2 2017 Cybercrime Report, Neil Walsh, chief of the United Nations Global Cybercrime Program joined Vanita Pandey, vice president of Product Marketing at ThreatMetrix, to discuss evolving digital threats that increasingly put the personal identities of everyone—especially the most vulnerable among us—at risk of criminal exploitation.
Vanita Pandey: Here we are, Neil—another quarter, another all-time high in cybercriminal threats to the digital economy. More than 144 million cyberattacks were detected within the ThreatMetrix Digital Identity Network from April through June. That’s a 100-percent increase in just one year.
But while there’s a lot of data to unpack in the report, one of the most striking things for me was the extent to which we’re no longer talking about cybercrime solely in terms of lone wolves and petty thieves anymore.
Cybercrime has morphed into a sophisticated global industry all its own.
Neil Walsh: That’s spot on, Vanita. We now see nation states or Advance Persistent Threat groups allied to states increasingly acting as the operations backbone for a kind of global cybercrime stock exchange, trading as much in stolen identity data as in cold cash. And it’s all fueling cybercrime attacks that have led to $3 trillion in losses worldwide. In fact, cybercrime appears to have overtaken drug trafficking in terms of the total number of victims each year.
And it’s getting worse. You name it: WannaCry. NotPetya. The rash of heists in Europe, the U.S. and South America. The brazen attacks we’ve seen on governments, critical national infrastructures, and major corporations in just the past few months make it clear we’ve entered a dangerous new stage in the evolution of cybercrime.
Pandey: It’s been breathtaking to watch, for sure. Where once we were largely contending with single-point attacks, we now have a proliferating number of advanced cybercriminal organizations—complete with highly-skilled workforces, executive leadership, middle managers and even ‘customer service’ centers and branch offices—that function much like legitimate software companies.
Walsh: Except that these organizations buy, sell and augment identity data flowing from the perpetual cycle of corporate and personal data breaches for sale on the dark web — names, addresses, social security numbers, usernames, passwords, PIN codes. Fraudsters have access to all of this and more. And if they can’t get a complete identity all at once, they can stitch it together using pieces of information from each subsequent hack or from the sheer amount of personal information that many people willingly – if naively – give away for free on social networking sites.
Once a Victim
Pandey: While many forms of crime typically victimize on a “one-off” basis, it seems to me that cybercrime victims can continue to be exploited and re-victimized in perpetuity.
Walsh: That is true, yes. How the victim’s identity information is used can vary as well.
Many of the more advanced criminal organizations use identity data to perpetrate large scale attacks of their own. But others produce the technological tools of the trade—bots, malware, ransomware, remote access software and more—and then market them on a subscription basis to small time operators who use them to capitalize on that data in their own attacks, which is usually lower-hanging fruit. We call this “Cybercrime as a Service” – or CaaS – as the market has evolved to enable highly technical exploit providers to work for, or on behalf of, other organized criminals and terrorists.
Pandey: I think people would be shocked to learn that for a few dollars a month, even the most tech-illiterate punk can join the ranks the estimated 4,000 ransomware attacks that occur each day, for instance. And she can do it from a simple online interface.
But to your point, it seems like we’re reaching an inflection point where this and other forms of cyberattacks are increasingly interconnected, and increasingly causing disproportionate damage to world’s most vulnerable customer populations—something you’re probably all too familiar with due to your work with the UN.
Walsh: It’s true, Vanita – and “disproportionate” hits the nail on the head. As stolen identity information travels fast. As it makes its way around the globe, it’s filtering down to less wealthy nations where there might be a larger pool of consumers who are only now starting to gain Internet access and may not yet understand the risks that can come with using online and mobile banking or retail. That’s the lower-hanging fruit I’m talking about. And it’s not just consumers – it’s governments too.
But there’s something else at play well. In many of these countries, tough economic conditions might make them breeding grounds for more avid perpetrators of cybercrimes, both against their fellow citizens and those in other nations.
If ever there was a need for national government, international organizations and the private sector to work closer together toward a common goal, that time is now.
Pandey: The Q2 data definitely bares that out, Neil. As just one example, there were more than 300 million bot attacks detected and stopped within the ThreatMetrix network during the period, and they stemmed not just from common originators —the U.S., Germany, China—but also to and from countries such as India, Brazil, Croatia, Vietnam and so on. The largest increase in attacks seen on our Network came from Pakistan.
Walsh: And vulnerable consumers aren’t always living in poverty and just starting to use a mobile phone for the first time. They are based in advanced economies as well. Cybercrime doesn’t discriminate.
But to be clear, a vulnerable consumer is really anyone who, due to their personal circumstances, is especially susceptible to detriment from a cyberattack. If you look at the financial services industry, for instance, the impact of cybercrime is often measured against a mythological ‘ideal customer.’
But a disabled customer whose bank account has been compromised, for instance, may have a harder time getting word of the breach, seeking help from the institution, and mitigating the damage to the rest of their financial lives.
In fact, in the UK, fraudsters are specifically targeting the disabled and those with mental health conditions to exploit them in a similar way to how criminals traditionally targeted victims on their doorsteps.
We also see risk with older generations who are venturing online for the first time, and often have no awareness of online risk, let alone how to address it, simply because it’s new to them.
Pandey: That’s so true. It reminds me of my parents. Well educated, successful. But they and their friends have just discovered the allure of social media, and all the quizzes and sharing. I cringe at the personal information they share on social media—information that can then be used in a social engineering scheme against them. And they have no way of knowing if someone is misusing their social accounts.
Walsh: I’ll give you another example. My mother is in her sixties. Good health, plays golf every chance she gets. But her computer has more viruses than a local hospital.
She is a vulnerable consumer simply because, like your parents, she is not as digitally savvy as you or I, who by the way are more attuned to this than 99.999 percent of the population, might be.
To learn more about the state of global cybercrime trends and their impact on vulnerable populations, download the Q2 2017 Cybercrime Report.