The Expanding Universe Of Cybercrime: It Is Now Messing With Your Mind

It is a strange moment in cybercriminal history we live in. Simple threats are growing in volume; sophisticated threats are making an impact beyond business loss.

security for safety in data center room-shutterstock_121524487

Have you noticed the distinct shift in the practice of cybersecurity, from solving problems to finding problems? As technology takes rapid strides with Artificial Intelligence (AI), Machine Learning, Cognitive Automation, Internet of Things (IoT) and 5G networks, organizations have become more uncertain about where the threats will come from. Hackers are taking advantage of this. You can tell how anxious the world of business is by looking at some forecasts: A Gartner report says that IT spending will grow 3.7 percent in 2020; contrast this with a 10.5 percent increase in security spending in 2019.

The growth in security budgets was driven largely by the growth in regulatory requirements and privacy laws, and not entirely by cyber threats. However, it should be noted that these were pre-COVID-19 forecasts. With the pandemic refusing to come under control, and Work from Anywhere (WFX) becoming the norm, security spends will become even larger than overall IT spends (in percentage terms). Larger budgets will be set aside to battle old-style malware, phishing, ransomware, DNS tunnelling, man-in-the-middle, zero-day exploits, data theft, data obfuscation and denial-of-service attacks. 

Let’s examine at least one old-world problem more closely before moving on to the darker type of threats from new technology. This problem is related to millions of websites (read that again: “millions”) that are still vulnerable to something as fundamental as an SQL injection (SQLi). Let’s qualify that. WordPress in 2020 is being used by over 455 million websites – or by over 35% of all websites. There are about 55,000 WordPress plugins to choose. These are the most vulnerable to SQLi. It is interesting to note that SQLi is among the most widely recognized, but least discussed, vulnerabilities. Research by the European Union Agency for Cybersecurity shows that 51 percent of attacks in the web application category are SQLi. This is the reigning champion of web attacks! You and I can potentially launch a SQLi attack by entering malicious code into a website’s search box. No kidding. It is that simple—and we would succeed in executing our “crime” on a handful of sites. The point here is that we are way behind the curve when it comes to cybersecurity. While heavy investments are being made in Ensemble Learning algorithms for predictive intelligence, we still have the most fundamental issues nagging us. Incidentally, when simplified, Ensemble Learning is a technique that fills in missing data from data sets. This is a powerful ability that improves predictions and results in stronger generalizations. 

So here we are, towards the end of 2020, still unable to bring the raging fire of low-level cyber threats under control while having to fight the super-sophisticated threats being spawned by newer technologies. 

This is why we are seeing a vast variety of interesting headlines related to cybersecurity. In mid-September, there was news that Chinese firms were mining data of 10,000 Indians including that of the Prime Minister, judges, journalists, religious figures, activists, those accused of financial crimes and terrorism. The same news report said that data of 35,000 Australians and at least 50,000 influential Americans was being tracked. The US accused Chinese hackers of trying to steal coronavirus vaccine data. And now US Secretary of State Mike Pompeo wants to build a coalition to counter China. These are events and actions that could change the political and trade balance of the world in months, perhaps weeks. The news of the 3 billion Yahoo accounts hacked in 2016 surprised us, but it has become meaningless in comparison.

As we approach the US elections, social media disinformation will gather momentum. This will be done using deep fake technology. Synthetic content, that looks convincingly original, will cloud the minds of people. Deep fake technology creates bogus news and hoaxes that look convincingly real and persuasive. There are dozens of deep fake applications, many available for a quick download to your phone. A simple one is Reface. Admittedly, it is also good fun. However, the underlying technology can be put to devastating use. This is the new cyber threat. In principle, it is the same as obfuscating data. Data obfuscation is a well-recognized cybercrime but it can’t do half as much damage as deep fake technology that has the potential to alter the course of politics, culture, social structures, religion, human rights and human history itself. 

Does it sound as if dystopia is closer than we think? It may be. While businesses invest in security measures to meet regulatory obligations, data privacy concerns, reduce breaches, place business assets beyond the reach of hackers, keep pace with evolving technology, even report breaches publicly, there is little or no accountability or penalty for the new cyber threats emerging in the public space. 

It is a strange moment in cybercriminal history we live in. Simple threats are growing in volume; sophisticated threats are making an impact beyond business loss. And the cycle time between the execution of a cybercrime and its impact is reducing. It may not be too far off the mark to say that in the years to come cybercrime will change society more deeply than the coronavirus. 


Tags assigned to this article:
cybercrime

Advertisement

Around The World