Cybercrime has become a well-established feature of today's world. For the most part, this takes the form of random, speculative attacks designed to steal personal information from anyone unlucky enough to fall victim to the attack. The main motive behind the mass of banking Trojans, botnets, 'ransomware' and other types of malware is to make money illegally - by assuming someone's online identity and gaining access to their money. Of the 200,000 unique samples that we process daily, around 90 per cent is 'traditional' cybercrime of this sort.
The other 10 per cent is made up of targeted attacks on organisations. As the name indicates, such attacks are aimed at a specific victim, or small group of victims. They are highly-specialised and can be very sophisticated. Their purpose may be to steal confidential information, to damage a company's reputation or to make a social or political point. In other words, financial gain is not the main motive of such attacks. Recent examples include Red October [link to earlier blog] and the successive wave of attacks against Tibetan activist groups. The nature of the people behind such attacks can vary too. They include criminals seeking to trade the sensitive business data they steal, those who wish to register their social or political views (so-called 'hacktivists'), or even law enforcement agencies wishing to gather intelligence on suspects.
A tiny portion of these attacks (increasingly referred to as cyber-weapons) are developed for attacks against the computer systems that support important government, industrial or commercial organisations of another country. This may include the 'critical infrastructure' systems that every citizen depends on - for example, energy plants, telecommunications systems, industrial facilities, etc.
Their purpose is to destroy data, steal it, or sabotage the facility itself. So far there have been just a few attacks of this kind. This is hardly surprising given the level of technical knowledge and intelligence required to develop them - the list to-date includes Stuxnet, Duqu, Flame and Gauss.
Nearly all aspects of our life today are dependent on computers. While this brings many advantages, it also means that an attack on computer systems can have a serious impact on our lives. In the past, an attack an industrial plant meant a physical attack. Now the same effect can be achieved - cheaper, easier and with less chance of detection - using a computer. If such an attack is made on a critical infrastructure facility within a country, the impact could be felt by millions of people, depriving them of electricity, water or other essential services.
It's tempting to think that such things are the concern only of governments or major corporations. But any organisation can be targeted - after all, every business has valuable intellectual property, or confidential data on customers. And notwithstanding the technical sophistication of some targeted attacks, they all too often start by tricking individuals into doing something that undermines the security of the organisation. This could include clicking on an attachment in an e-mail message. Or clicking on a link in a message in a social network. Or revealing some tiny snippet of information that could allow a would-be attacker to build up a profile of the company you work for. So we all have a part to play in safeguarding not just our own personal information, but in preventing an attack on the organisation we work in.
The stakes are very high. We live in a world where nations have the ability to fight each other unconstrained by the limitations of a physical conflict. And looking forward we can expect more countries to develop cyber weapons - designed to steal information or sabotage systems - not least because the entry-level for developing such weapons is much lower than is the case with real-world weapons. That's why governments around the world are anxious to raise awareness among businesses of the potential threat to key systems. Here in the UK, the government recently launched its Cyber Security Information Sharing Partnership (CISP) initiative [link to https://www.gov.uk/government/news/government-launches-information-sharing-partnership-on-cyber-security], designed to provide a framework for government and industry to share information on threats. There are also initiatives designed to enhance security across the EU. The proposed NIS directive [link to http://europa.eu/rapid/press-release_MEMO-13-71_en.htm], published in February, is intended to achieve a common network and information security strategy in all member states. In January, Europol established the European Cybercrime Centre (EC3) as a focal point for combating cybercrime. Interpol has announced the creation of the INTERPOL Global Complex for Innovation (IGCI) as a way of providing law enforcement agencies across the world with knowledge and expertise in dealing with cybercrime.
Cybercrime affects us all. And we all have a role to play in combatting it.Suggest a correction