Javelin Strategy & Research (2014) reported that in 2013 there was a new victim of identity fraud every two seconds. In fact, according to that report, more than 13 million people were victims of identity theft that year with an $18 billion financial impact. Businesses also fall victim to various forms of cybercrime, often by way of email scams. In fact, in 2014 the Federal Bureau of Investigation's (FBI) Internet Crime Complaint Center (IC3) logged 2,417 complaints about compromised business email accounts that resulted in losses of $226 million (2014 Internet Crime Report). Cybercrimes (listed in Table 1) may include fraud, identity theft, theft of money or data (which could include patent or trade secrets), and malicious attacks using viruses (sabotage), sextortion, and even sometimes cyber-bullying (although this paper does not address that issue).
Farrell & Hurtado (2015) report that in 2014, JPMorgan experienced the largest cybercrime hack, part of a global criminal ring which stole data from 100 million financial services customers involving 75 companies bank and brokerage accounts (http://www.bloomberg. com/news/articles/2015-11-10/hackers-accused-by-u-s-of-targeting-topbanks-mutual-funds). The global nature of theses high-tech crimes call for a new approach by government, corporations and law enforcement with new methods and new technologies to thwart these attacks and dismantle the criminal enterprises.
In this paper, the authors examine some of the latest cybercrime threats and offer recommendations to thwart those crimes and stop cyber-criminals who use technology to steal from or cause harm to individuals and/or businesses alike.
New Cybercrimes Call for New Global Cyber-Cops
Cybercrimes are a global threat where criminals can be located anywhere around the globe as long as they have a computer with access to the Internet. Most cybercrimes are financially motivated but the form they take can vary. Increasingly, INTERPOL (2014) is becoming involved in hunting down the new types of cyber-criminals. One of the newest cybercrimes is sextortion, defined as sexual blackmail for money or sexual favors from individuals using sexual information such as photos, videos, or explicit messages stolen from their computers. The INTERPOL Digital Crime Center (IDCC), working with the Hong Kong Police Force, the Singapore Police Force and the Philippines National Police Anti-Cybercrime Group, identified more than 190 individuals working for organized crime groups operating out of the Philippines. This multinational enforcement operation, cooperating closely with Police Scotland, U.S. Immigration and Customs (ICE), Homeland Security Investigators (HIS), the Philippines Department of Justice Office of Cybercrime, and the UK's National Crime Agency CEOP Command, identified sextortion victims in Indonesia, Philippines, Singapore, the United Kingdom, Australia, Korea, Malaysia, Hong Kong, and the United States. The sextortion networks are simply out to make money no matter what damage they inflict on their victims.
Tompor (2015) brought to light another of the newest forms of cybercrime--holding data for ransom. Cyber-criminals use ransomware to invade computers, usually by sending an email with an attachment that an unsuspecting recipient opens which then infects and takes over the recipients' computer. Data, in the form of music, photos, or other computer files are the held by the cyber-criminal until the victims pay the ransom to get their data back. Individuals have been extorted for amounts ranging from $200 to $10,000 while business ransoms have been between $20,000 and $50,000. From April, 2014 to June, 2015 there were 992 complaints filed with the FBI and the victims reported losses over $18 million.
Cybercrime around the globe has become so sophisticated that underground organization calling themselves Darkode operates a secure website where criminals can buy, sell, or trade zero days, malware, credit card numbers, and trojans (Pauli, 2015). In July of 2015, the Federal Bureau of Investigation teamed up with the European Cybercrime Center's "Operation Shrouded Horizon" to shut down the site. The operation resulted in the arrest of 28 Darkode operators and administrators from 20 different countries, including the United States, Australia, and the United Kingdom (Pauli, 2015). Unfortunately, the Darkode crime forum was back online in less than two weeks--with even tighter security and by invitation only!
Kovacs (2015) reported that the Darkode site has operated for more than eight years and its use of individual Onion (layered like an onion) addresses gives Darkode administrators greater control over who has access to the service and helps protect their crime operation against outside hijacking attempts. However, even with such sophisticated security systems in place, Darkode users forgot security procedures and reused passwords that law enforcement agencies tracked and closed down the site (albeit temporarily closed).
Evans (2015) reports the world's biggest bank raid which cost more than 100 banks worldwide more than 650 million British pounds.
(http://www.telegraph.co.uk/news/uknews/crime/11414191/Hackers-steal-650-million-inworlds-biggest-bank-raid.html). The gang of hackers used computer viruses to infect bank computer networks and once inside the system, impersonated bank employees to transfer funds to dummy accounts. Farrell & Hurtado (2015) cite this as the largest cyber security breach ever, and O'Neill (2014) reported that 65% of U.S. households or small businesses have been affected by this attack.
Minding your business
Neumann (2014) suggested that cloud computing could reduce some of the new risks currently encountered online, especially if the user's contract would be under a single operational administration such as when employing cloud storage. Cloud storage (or remote storage) can be considered similar to off-site backups utilized before the advent of cloud technology. Heaven (2015) noted that individuals need to become more technologically savvy because, for instance, using smart phones without understanding the technology involved might allow somebody else in China or Russia who knows exactly how smart phones work to use that knowledge against unsuspecting users. The author suggested that people should acquire a sense of cyber hygiene, which can be as simple as understanding that opening an attachment from someone you don't know (or someone you do know when you are not expecting a document from them) could contain a virus. This virus could not only affect the first person to receive the attachment but may also attack anyone receiving the email attachment.
Yes, your business is at risk. Contreras-Sweet (2015) pointed to the National Small Business Association's 2013 Small Business Technology Survey where 44% of small businesses reported being the victim of a cyber-attack, with an average cost to the business of about $9,000. Small businesses are especially vulnerable to cyber-criminals as small businesses typically carry data about employees, customers, as well as bank accounts, and they have fewer resources to defend themselves against cyber-attacks. But there are things you can do to reduce the risk of your business falling victim to cyber-criminals.