Advantage bad actors: Cyber crime costs businesses roughly $600 billion worldwide, up nearly 35 percent since 2014, a new report from McAfee and the Center for Strategic and International Studies (CSIS), concluded. The staggering losses amount to 0.8 percent of global GDP.
The report, entitled Economic Impact of Cybercrime -- No Slowing Down, is the third such volume the two have compiled together. Sadly, it suggests that cyber crime is getting easier for the crooks, who are increasingly turning to black markets and targeting crypto currencies for big scores.
“Cyber crime is relentless, undiminished, and unlikely to stop. It is just too easy and too rewarding, and the chances of being caught and punished are perceived as being too low,” the report said. “Cyber criminals at the high end are as technologically sophisticated as the most advanced information technology companies, and, like them, have moved quickly to adopt cloud computing, artificial intelligence, software-as-a-service, and encryption.”
Compounding the problem are uninformed technology users, many of whom fail to sufficiently protect their data with even the barest of safety tools. And, too few technology products are adequately secured to repel attacks, the report said.
Some of the highlights:
- Theft of intellectual property accounts for at least 25 percent of the cost of cyber crime and threatens national security when it involves military technology.
- Ransomware is the fastest growing cyber crime tool, with more than 6,000 online criminal marketplaces and ransomware-as-a-service gaining in popularity.
- Cyber crime-as-a-service has become more sophisticated, with flourishing markets offering a broad diversity of tools and services such as exploit kits, custom malware and botnet rentals.
- The anonymity of crypto currencies such as Tor and Bitcoin protects actors from easy identification.
- Greater standardization of threat data and better coordination of cyber security requirements would improve security, particularly in key sectors like finance.
It's no secret that cyber gangsters love hitting financial institutions, it's where the money lives. Among nation states, Russia, North Korea and Iran attack banks more frequently than other targets. China is the most active in cyber espionage, the report said.
“Our research bore out the fact that Russia is the leader in cyber crime, reflecting the skill of its hacker community and its disdain for western law enforcement,” said James Lewis, senior vice president at CSIS. “You can rent botnets, you can rent malware programs, you can buy malware, you can buy ransomware. Ransomware is a commodity industry now, at the low end," Lewis said. “This is so easy now because it’s become a market.”
As for the report's methodology, it measures cyber crime in North America, Europe and Central Asia, East Asia and the Pacific, South Asia, Latin America and the Caribbean, Sub-Saharan Africa, and the Middle East and North Africa. Data showed that cyber crime losses are greater in richer countries but mid-tier nations suffer the biggest losses as a percentage of national income.
The report recommends six actions to deal with cyber crime:
- Uniform implementation of basic security measures and investment in defensive technologies.
- Increased cooperation among international law enforcement agencies.
- Improved collection of data by national authorities.
- Greater standardization and coordination of cyber security requirements.
- Progress on the Budapest Convention, a formal treaty on cyber crime.
- International pressure on state sanctuaries for cyber crime.
The White House Council of Economic Advisers last week released a new report that concluded cyber attacks launched by China, Iran, North Korea and Russia cost the U.S. upwards of $109 billion in 2016. The attacks, which aren’t limited only to foreign bad actors but also include organized crime, corporate competitors, company insiders and hacktivists, cost the U.S. at least $57 billion, the report said.
U.S. Takes Cybersecurity Stand?
Meanwhile, U.S. Attorney General Jeff Sessions plans to create a task force comprised of U.S. Justice Department and FBI representatives to figure out how to better combat global cyber threats.
The task force announcement comes a week after Daniel Coats, the U.S. Director of National Intelligence, told the Senate Intelligence Committee that Russia sees the 2018 midterm elections as another chance to influence the outcomes as it did in the 2016 presidential campaign. His remarks echoed those of CIA Director Mike Pompeo, who previously said he has “every expectation” that Russia will try to influence the coming elections.
Sessions’ Justice Department has until the end of June to compile and report its findings, according to a memorandum he signed last Friday, Reuters reported. The task force will dig deeper into how the internet is used by cyber attackers, how hackers breach corporate data and government defenses and the challenges encryption presents to law enforcement.
“The internet has given us amazing new tools that help us work, communicate, and participate in our economy, but these tools can also be exploited by criminals, terrorists, and enemy governments,” Sessions said.
Is the task force a good idea? Graham Brookie, deputy director and managing editor of the Digital Forensic Research Lab, suggested otherwise. The plan “takes a number of really complicated parallel issues in ‘hard’ cyber security and ‘soft’ information security and throws them into the same amorphous task force,” he told Reuters.