Network Critical - The Window to your Network

Crime and Punishment…and Protection


Crime

The European Cybercrime Center announced in its 2016 Internet Organized Crime Threat Assessment report. Here is a quote from the organization. “The volume, scope and material cost of cybercrime all remain on an upward trend and have reached very high levels.” Another report from BT and KPMG stated that, “Criminal groups who mount a constant assault on legitimate businesses are not simply members of an amorphous underworld. They are, in fact operated as rational hard-nosed businesses with their own clearly defined business models and money making scams.”

Given the above information here is an interesting report. According to a Zurich Insurance Group survey of small and medium sized businesses, about 11 percent of respondents said they worried about cyber-crime. This is not a typo and your eyes are not playing tricks. Also note, this is not a small sample. The survey polled 2600 C-level executives from 13 countries for this study. However, even though the number is small, it is the fastest growing perceived business risk category. So, it appears that cyber-crime awareness is relatively weak in small and medium businesses, it is growing.

Law enforcement, however, is paying attention. About 200 delegates from 56 countries met in Singapore the last week of September to discuss best practices for overcoming the many steep challenges of fighting cyber-crime and bringing perpetrators to justice.

Punishment
As reported in SC Magazine UK, Nazariy Markuta, a hacker for D33D Company, has been convicted and will spend two years in prison by the UK’s National Crime Agency. Two years! That is not a typo either, two years! Now, this is a guy who is believed to be involved in the leak of 450,000 email addresses and passwords from Yahoo!’s contributor network. Further, when he was arrested, agents found thousands or payment card records in his possession. But wait there is more…between 2012 and 1014 Markuta had attacked a video game reseller and SMS messaging service. He actually was sentenced to 11 years pleading guilty to 8 counts of hacking and fraud but the sentences will run concurrently, leaving him locked up for only two years!

Time for a little editorial comment…So, look. Cyber crime is no joke. It hurts real people and causes severe financial distress for victims. Global losses are estimated to be in the Billions of dollars annually. It is also difficult to track, arrest and prosecute perpetrators. Cyber theft of payment cards and personal information should be treated just like bank robbery or any other high crime. Ransomware hackers who disable systems and hold the encryption key for ransom, should be tracked down and treated like any extortionist. Phishers, whalers and other criminals with cute cyber names should be gives stiff sentences with little leniency. What about an international treaty that requires a minimum sentence of 20 years prison time and no cell phone or tech access? It seems that international cooperation and internet crime legislation have not yet caught up to the cyber world. Hopefully, that will change soon.

Protection
Until our lawmakers, judges and leaders catch up with the connected world, all we can do is to be careful, aware and protected. I had just read a report from a company called mimecast that offers some sage tips to help protect against whaling, a cyber crime where the perpetrator sends an email pretending to be a high level company official asking a subordinate to send money. For example, a US networking company called Ubiquiti was victimized to the tune of $46 million dollars in 2015 by a whaling attack. Here are some anti-whaling ideas:

  • Educate senior management and finance teams about this type of attack so they can be aware of the whaling tactics.
  • Carry out tests within your organization to gauge staff vulnerability.
  • Consider technology that alerts users when an email is coming from outside the corporate network.
  • Subscribe to domain name registration so that you will be alerted to domains that look like or are similar to yours.
  • Review financial practices. Insist that multiple signatures and requisition review be done prior to any large fund distribution.

Cyber crime is one of the fastest growing businesses on the global landscape. Law enforcement and the legislators are struggling to catch up with the new and evolving types and styles of cyber theft and extortion. Until that happens, it is up to individuals and companies to read, learn and be aware of potential threats coming at you in cyber space.


Posted: 29/12/2016 22:53:37 by Network Critical with 0 comments
Trackback URL: http://www.networkcritical.com/trackback/9adc86ab-8c2f-4bcb-b801-04333b449b6b/Crime-and-Punishment…and-Protection.aspx?culture=en-GB

Comments

Blog post currently doesn't have any comments.