Baccoursroraccoun —sdmaserysionentcinm — & Asay it | Search Q ‘© (tel-+80048484484) #4 yj Povtercrretandiane cyber Crime Landscape {cyber treats ae very real and can have 2 serious impact on organisations ofall ypes and sizes. The ntemetis beyond any agency's contrl and, a5 such, security in cyberspace doesn't exist ‘The intst surveys on data breaches show thatthe treat of cyber crime is becoming ever mare wide-spread. On this page we explore the most common threats and targets What's on this page? > Who is afected by cyber exime? > Wha information do cybercriminals target? > What types of cyber crime are most widespread? > How to combst eyber cima? Who is affected by cyber crime? cybercrime ies global phenomenan which affects everyone from ineviuse and employees ta small and large organisations, The majarty of cyber cimes are perpetrated overseas, bayond the jrsction ofthe victim's country, meaning that, fr example, inancal institution in London can be attacked fom China and ‘there's nothing the British authorites can do about it ‘According tothe 2013 Norton Repor(htp//iww symantec comjcontent/en/us/about/presskits/b-norten-report-2013.pp0d, the highest numbers of cybercrime cts globally were tobe found in Rusia (85%), China (77%) and South fica (73%; the cost of consumer eyoer crime was found tobe highest inthe USA (828bn), Europe ($13bn) and China ($3720) [According tthe BS Infermation Security Breaches Survey 2073 (htps//wuw.gov.uk/government/uploads/system /upleads/atachment, ata/fie/2004S5/bis-13. 184-2013-informaton-securty-breaches-survey-technical-repartpd, 87% of small rms and 93% of large msn the UK experienced a cybersecurity breach in 2012 Some incidents caused more than £1 milion in damages. The median number of breaches sufered by lage organisations rose from 71 the previous year to 113 and for small fms from 11 to 17. The average cost of 2 serious cybersecurity breach fora small frm i between £35,000 and £65,000. ‘The True Cost of Information Security Breaches and Cyber Crime i/shop/productthe-tue-cost-t information secutty-breaches-and-cyber-crime) Pockst Guide) sets outa sensible, realistic azessment ofthe actual costs of data of information breach and exphins how managers can determine the business damage caused What information do cyber criminals target? ‘Tae mostly targeted information i commercial including financially sensitive information letual property, custome sts and related information, business and commercials tegy and Data assets suchas banking information, payment card deal Pl (personally idatiable information) and contact details are also on the top of cyber ciminal's agenda ‘According to The Global State of Information Securty® Survey 2014 (tip//umm pw com/gxen/consultng-services/infermation-secuty-survey/download html, “compromise of employee and customer records remain the most cited impacts, potentially jeopardizing an organisation's most valuable relationships”. The survey, bic included more than 9600 responses rom across the globe, found that: > in 35% of cases, employee records were compromised, >in 39% of cases, customer recorde were compromised or unavailable >in 29% of cases, intemal records were lost r stolen; and > in 29% of cases, identity thet occurred (lent or employee data was stolen What types of cyber crime are most widespread? cybercrime is continually evolving, and itis becoming ever ease for cybercriminals to commit stacks, While advanced persistent theats (advanced-persistent ‘thrests-9p) (APTS continue tobe a serious issue on a nation-state level, most organisations are likely to be hil by ather outsiders The Global Sate af information Securty* Survey 2014 (tip//wwew pre com/gxieniconsuling-senicesinfrmation-scurty-survey/downloadjhim) found thatava a8 yer cme naeape hackers represent the mos likely source of ever attack (25, followed by competitor [1286 and organised cme (1259) Only 46 ofthe respondents reported securly incidents perpetrated by foreign nation-states, ‘The Eurobarometer Cyber Security Report 2013 (tp/ec europa eu/publicopinin/archives/ebs/ebs.£04_en pa provides comprehensive statis based on the ‘experiences of EU cizens of various types of cybercrime. It shows that internet users in the EU ae wry concerned sbout cyber security: 52% were concerned about ‘experiencing identity thet 49% about being the victim of banking fesud and 45% sbout having their socal media orem account hacked, {An Inrodution to Hacking & Crimeware - A Pocket Guide Ushop/product/an-introduction-to-hacking-and-rimeware-s- pocket guide) provides a foundation level ‘overview ofthe dak world of cybercrime, [With the acvancement of communications technologies, hackers ae exploiting the weaknesses of mobile devices, software and applications to acess information asses, More importantly they themselves have access to unlimited information an hacking software an techniques ‘The most widely-spread and evolving thesis tobe sware ofa! Social engineering atacks Social engineering entails exploiting an individual's weakness by making them click on malicious links, or by physically gaining access to their computer through deception Avypical social engineering stack was catied an GoDaddy in 2014, The company admited that one ofits employees as socially engineered into giving out _dditonal information whch allowed s hacker to gain access to Naoki Hitshims (htps//medium comy/p/24eb086026dd)'s GoDaddy scour Pharming and phishing ae other examples of socal engineeting > Pharming sims to radvect a website's vai to aiferen, fake website where the individu’ information i then compromised > Phishing attempts to acquire user information by masquerading a legitimate enti, through the use of such 38 spoaf ems or websites Password theft Using adequate passwords leaves you open to atack, especially when those with malicious intent have access to ists of key passwords to make it easy fr them ta get access to others’ accounts, Matk Burnet, the author of Perfect Passwords has compile lit of populr passwords (htps/xatonet/passwords/more-top- ‘wors-passwords/Uu-3RUL.12), hich i vslable online, According to his esearch, 85% of passwords are ‘password’ or 128456. Using such simple passwords oF sing the same password on multiple accounts makest easy fr erminals: once they gain cntel of one secount they can easly gan conto of others Website hacking [Almost all websites have vulnerabilities that can be exploited by hackers, IT Governance’s aun Penetration Testing Service Upenetation-testing-packages) has found ‘that, on average over the ast sx tsts carried out there were 19 high-level threats, 26 mediumlevel teats, and M low-evelthrents, These ae not oat cases, ind many ofthese wulnrabilties will have been easly accessible by eyber criminal Hackers have access to online tutorials which st knawn software vulnerabilities, making it easy to know where to start with tele new-found sills Automated software is ailabe for those who need it and support packages are available in ease hackers need guidance Fraud as a Service (395) Fraud-as-aServce 9) offerings ave now more widely accessible than ever before. Fass fist appeared with the release of the fst commercial banking Trojan, Zeus, in 2007 and was largely offered though postings in secret hacking forums, However, Faas is now offered through social media platforms including Facebook (Source Infesecurty Magazine (stp //ww infosecunty magazine com/view/3211/faudasasovce-akes-f0-facebook-to-market-inanciacrimeware/) Citadel's atypical example of Faas the most advanced cimeware tel maney can buy and isthe only cimeware af its grade being marketed to faudsters in ‘open underground venues. even has its ovm dedicated customer relationship management system where clientele can congregate, ase isues, get support and equest nen modules be implemented, Theft of mobile devices ‘Almost hal ofthe respondents tothe 2013 Norton Report (hip /immm symantec conyicontenten/us/sboutpressits/b-norton-epert-2013 ppt don't use basie precautions such as passwords, secuty software ot back-up fles for thei mobile devices 38% of mobile users experienced mobile cybercrime lst year, and 27% of dul lost ther mobile device or hadi stolen. nly 26% of smartphone users have mobile secur software with advanced protection, The petis of social medie ‘The 2018 Norton Report (htp:/mnsymanteccom/content/enfus/about/presskts/b-norton-repor-2013 ppt also found that 12% of socal media users elim someone has hacked int thei social network account and pretended tobe them. 39% of socal media users don't lag aut afer each session,» quarter of users ‘have their social media passwords with ethers, and 315 connect with people they do not know. Internet of Things increases threats The so-called Internet of Things will mae lt easier For hackers to take central of devices as they ae being connected tothe Intemet in increasing numbers. A recently discovered botnet was even found ta have a rdge on its Ist of infected devices. As more and more devices are equipped vith chips and are connected tothe interne, so this wl become an increased source of heel. A hacker coud soon contol every pst of youre, (Source The Independent (htp/anaw independent co.uk/ite-style/gadgets-ond-tech/news/couléyou-fidge-send-you-spamsecuy-researchets-repor-intermet-of things onet-9072083 hh How to combat cyber crime? ‘No single standalone solution is sulieient to combat eyber crime ‘orm ovorrceansintercrmeoniace »©) (https://twitter.com/ITGAsia) (https://www.facebookgom/ITGovernanceLtd) (https://www.linkedin.céh/compa ny/11327551/) @ (htto://www.youtube.com/itgovernanceltd) e) (https://www.itgovernance.asia/blog)