Australia has been caught up in the unrelenting cybercrime scourge sweeping the world, with a new global security report finding that since 2014 the country was hit by more than 114,000 instances of cybercrime, with almost 24,000 of the attacks occurring in the first half of 2017 alone.
The attacks were recording after the Australian government established an online reporting system for cybercrime in an attempt to improve law enforcement efforts.
The report, covering the period 2013 and 2014, singles out particularly damaging email security attacks in Australia, so far costing the county around $15 million in just one year.
The global security report jointly published by the US-based CSIS - the leading cybersecurity think-tank in the US capital - with security firm McAfee, the FBI and the Department of Homeland Security, reports that Telstra in 2016, found that almost 60% of businesses were detecting security incidents on at least a monthly basis.
The incidents included almost one-quarter of businesses that had suffered from a ransomware incident.
{loadposition peter}And according to the report, one particularly damaging segment of cybercrime for Australia is business email compromise, with the Australian government estimating associated losses of more than $15 million over the course of 2016 to 2017.
“One local council was defrauded out of $340,000 when a cybercriminal sent a series of fake invoices to city councilors over the course of a month,” the report says.
“The Australian government has been active in trying to confront this threat, announcing that it would allocate more $170 million in 2016 toward supporting its new National Cyber Security Strategy and proposing legislation that expands the country’s anti-money laundering rules to domestic cryptocurrency exchanges,” the report notes.
“Cybercrime is relentless, undiminished, and unlikely to stop. It is just too easy and too rewarding, and the chances of being caught and punished are perceived as being too low,” the report notes in its overview of global cybersecurity.”
According to the report, cybercriminals at the high end are as technologically sophisticated as the most advanced information technology (IT) companies, and, like them, have moved quickly to adopt cloud computing, artificial intelligence, Software-as-a-Service, and encryption.
“Cybercrime remains far too easy, since many technology users fail to take the most basic protective measures, and many technology products lack adequate defences, while cybercriminals use both simple and advanced technology to identify targets, automate software creation and delivery, and monetisation of what they steal,” the report warns.
The report also notes:
“Where cybercrime is the undisputed leader, however, is in its ability to make hundreds of millions of people victims.
“A good estimate is that two-thirds of the people online—more than two billion individuals—have had their personal information stolen or compromised. One survey found that 64% of Americans had been victims of fraudulent charges or loss of personal information. Cybercrime is front-page news because it touches everyone.
“Cybercrime also leads in the risk-to-payoff ratio. It is a low risk crime that provides high payoffs. A smart cybercriminal can make hundreds of thousands, even millions of dollars with almost no chance of arrest or jail.
“When you think of big cybercrimes, from Target to SWIFT to Equifax, none of the perpetrators have been prosecuted to date. Law enforcement agencies can be aggressive and skilful in pursuing cybercriminals, but many operate outside their reach. This is one reason why the cost of cybercrime continues to grow.”
The report says that in 2014, CSIS estimated that cybercrime costs the world’s economy almost $500 billion, or about 0.7% of global income, noting that is more than the income of all but a handful of countries, making cybercrime a very lucrative occupation. “Our current estimate is that cybercrime may now cost the world almost $600 billion, or 0.8% of global GDP.”
The report says the reasons for this growth are:
Quick adoption of new technologies by cybercriminals
The increased number of new users online (these tend to be from low-income countries with weak cybersecurity)
The increased ease of committing cybercrime, with the growth of Cybercrime-as-a-Service
An expanding number of cybercrime “centres” that now include Brazil, India, North Korea, and Vietnam
A growing financial sophistication among top-tier cybercriminals that, among other things, makes monetisation easier.
According to the report, monetisation of stolen data, “which has always been a problem for cybercriminals”, seems to have become less difficult because of improvements in cybercrime black markets and the use of digital currencies.
“Stolen credit card numbers and personally identifiable information (PII) are offered for sale in quantity on the dark web using a complex set of transactions involving brokers and other intermediaries in black markets. Financial theft is transferred to the criminals’ own bank accounts through a series of transfers intended to disguise and confuse.
“Intellectual property is either used by the acquirers or sold. Digital currency makes ransomware payments easier and less traceable. The increased ease of monetisation is another reason why cybercrime has increased.
“Cybercrime operates at scale. The amount of malicious activity on the internet is staggering. One major internet service provider (ISP) reports that it sees 80 billion malicious scans a day, the result of automated efforts by cybercriminals to identify vulnerable targets. Many researchers track the quantity of new malware released, with estimates ranging from 300,000 to a million viruses and other malicious software products created everyday.
“Most of these are automated scripts that search the web for vulnerable devices and networks. Phishing remains the most popular and easiest way to commit cybercrime, with the Anti-Phishing Working Group Monetisation of stolen data, which has always been a problem for cybercriminals, seems to have become less difficult because of improvements in cybercrime black markets and the use of digital currencies.”