Security Concerns and Cybercrime

Security, hackers, and cyber-crime are growing topics nowadays due to the rapid, continuous technological innovation. These major concerns affect most people because technology has become more or less part of our everyday lives whether it is in a work or personal environment. Information technology has provided enormous progression and increased productivity within day-to-day lives, as well as businesses. Of course, with a lot of positives there has been a lot of negatives as well. According to Tavani (2012), security mainly contains three important elements: integrity, accessibility, and confidentiality while computer security is divided into categories: network security, data security, and system security (Tavani, 2012). Network security focuses on securing the infrastructure of the private networks and the internet. Data security, on the other hand, focuses on securing the information and data stored in databases and its transmission between computers. System security focuses on securing hardware and OS resources, including application programs and software. Many of the attacks like DDoS attacks overflow or flood the system or network with “fake” requests which causes overload and can’t process legitimate requests which leads to denial-of-service. Some system security attacks can include worms, viruses, and malware. A lot of these attacks are performed by hackers who perform computer crimes. 

The term hacker has received a bad reputation over the years because many of them perform hacking activities for personal gain whether it’s political, financial, or just intentionally malicious. As mentioned by Georg Thomas (2017), hackers can be categorized as white-hat hackers, grey-hat hackers, and black-hat hackers. The black-hat hackers are considered the bad hackers who perform malicious attacks and exploit company or personal data for gain, ransom, or simple destruction. The grey-hat hackers also perform similar activities to find vulnerabilities in the systems, but they usually either sell their information to the government, publish their findings, or inform the organization. Their actions could still be considered illegal due to the fact that they still perform hacking without the consent of the owner or organization. Finally, the white-hat hackers who are considered to be ethical also find security and system vulnerabilities, but they work for an organization. Georg Thomas’s article (2017) mentions the importance of pin-pointing security vulnerabilities and performing regular updates and patches. As we know, many big organizations use Microsoft products and they ensure to continuously find these vulnerabilities and release patches/updates to protect from these unethical hackers. Many of these hackers begin without a malicious intent and just for intellectual purposes, but the temptation can always we stronger than ethicality. This mostly relates to these grey-hat hackers that perform hacking activities without consent. There isn’t a law making this illegal and it can be very detrimental to a business. It provides a soft of “gateway” for looking in without being punished or having any consequences. Digging can lead to finding sensitive information that could be sold for a lot of money and that is what causes the strong temptation. Most of the time, black-hat hackers tend to earn more money than white-hat hackers which is also another reason why this should be illegal. White-hat hackers have an average salary of $130,00 annually which seems to be a very good salary, but the potential earnings of a black-hat hacker are limitless.  According to Darren Pauly (2015), “The info security company, Trustwave says, criminals (hackers) could clear a conservative $84,000 a month for a $5,900 outlay for the CTB Locker ransomware, the RIG exploit kit, stolen web traffic, and malware crypting packer services” (Pauly, 2015). These criminals can provide off-self to deliver ad stealers, trojans, and ransomware.

 Ransomware, viruses, DDoS attacks, data theft and other malware have been used by these cyber criminals to extort businesses and individuals and pay money in order to regain access to their data which in many cases, especially for businesses, is crucial to remain adequate day-to-day operations. According to Swinhoe (2018), “corporate extortion and ransomware were listed as the “most significant risks to businesses” by 72 percent of respondents in a global survey of 900 CIOs by Logicalis, and Europol’s 2018 Internet Organized Crime Threat Assessment found an increasing trend of cyber extortion, and predicted more in the future” (Swinhoe, 2018). IT professionals know that encryption is used to lock data to criminals can’t gain access to it, but these same criminals have found ways to use this same method and turn it into crypto-ransomware for their own criminal activities. This malware method uses encryption technology to make it impossible for the users to gain access to their own data/information until they pay the demanded ransom and then the criminal promises to decrypt the data. If the organization or person deny to pay the ransom or try to unlock the data, they are often threatened that their data will be deleted.

Ransomware is extremely difficult to trace because of the untraceable payment and many businesses refuse to report the crimes because they do not want to damage their reputation. Because of this anonymity, cyber criminals are not afraid and gain profits from their extortions. Many security experts say that it is best practice to never pay the ransom due to various of risks. According to Andrew Paulette (2016), “there is no guarantee that cybercriminals will provide an encryption key. In most cases, cyber criminals will deliver a decryption key when an organization pays a ransom; however, this practice is not assured” (Paulette, 2016). There has been multiple reports and examples such as the case with the Kansas Heart Hospital that the criminals tried to extort more money after they already paid the initial ransomware. Andrew Paulette (2016) also mentioned that “recent reports of a new ransomware variant called ZCryptor illustrate possible next step for ransomware to act as a traditional malicious worm that propagates itself on removable devices such as flash drives. This allows for malware to re-infect the same network after the ransom is paid and the malware is removed from the network” (Paulette, 2016). There are other issues that arise such as the ethicality of sponsoring these criminals and boosting the profitability of their crimes. Because more and more companies choose to pay the ransomware to regain access to their data. In 2016, Danny Palmer, a cyber security reporter, mentioned that the FBI figures show that during the initial quarter of 2016, the victims of these crimes showed costs of $209 million compared to the dramatic lower costs of $24 million from 2015 (Palmer, 2016). This shows the growing trend and the efficacy of performing ransomware crimes. Finally, companies should also consider the legal repercussions that can occur based on who they will provide the payment to and location. Although all of the above risks mentioned are very high, many organizations still opt out for paying the ransomware and getting access to their data. There are ways to protect and practice best security practices in order to avoid such troubles like backing up your data, keeping the systems patched, train users to spot threats, having anti-virus, reduce attack vectors, etc. In a case where best efforts and standards were followed and the attack still occurred, there are ways to negotiate with these cyber criminals.  One of the first tasks after the attack is to engage with the criminals quickly. Negotiating can buy time for the company to validate the claims of the hacker, find the source of the problem, try to decrypt or restore data/information from backup, etc. A lot of the cyber criminals engage with customer service approaches to maximize their chances of extracting ransom from the victims such as giving the communication channel in order to negotiate. According to Paulette (2016), “early reports from the recent Hollywood Presbyterian Hospital stated that the ransom was originally set at $3.6M for decryption of patient data, yet the final amount paid by the hospital was $17,000” (Paulette, 2016). Another good practice is ensuring that the criminals really have the data and are able to decrypt it. If the data is really confiscated, the hackers will be able to send and show proof of the claim. In this case, it will be easier to see what data was actually obtained, which system it came from, and this will provide a focus point in your research. There could be an option to provide an encryption file with sensitive information to the hacker and this will provide a way to see if they can really decrypt the information. Another consideration that must be taken into account is how to deal with all internal and external stakeholders even after paying the ransomware and getting the data back. It is best to have a business continuity plan and be open and clear to the public. Since breaches occur regularly, clients prefer to know the situations with clear communication which shows them that the company values them and provides transparency rather than trying to hide the situation which ruins the reputation and could lead to legal trouble. Swinhoe (2018) provided an example of Uber who payed $100,000 to hackers to erase customer and driver stolen data and to not make the breach public, which resulted in negative backlash and investigations (Swinhoe, 2018). There might be compliance and legal issues that occur if a payment is made and security experts, legal and finance teams should be involved and ready with a plan after the incident. The regulations and laws might require the public announcement of the breach. Also, there might be legal consequences if the payments are made to criminals that were considered to be terrorists, for example. This goes into the subject of cyber terrorism.

Cyber terrorism engages in various political hacking operations intending to cause harm and lead to loss of lives, economic loss. Cyber terrorism has been done for political agendas, propaganda, power and blackmailing. big example of this type of attack was recently perform by the terroristic organization ISIS. According to Lohrman (2015), Islamic State (ISIS), are able to use social media and the web to recruit members for their terroristic actions (Lohrmann, 2015). Also, he mentioned that there is a group of hackers who claim to be affiliated with ISIS and perform malicious cyber-attacks such as hacking Malaysia’s airline website, as well as hacking the U.S Central Command twitter account (Lohrmann, 2015). As far, they are able to deface websites and make threatening headlines, but it is a concern that they will be able to recruit way more experienced hackers than can cause cyber threats to the U.S. infrastructure. This causes a fear in people and the governments which results in more surveillance and privacy violations that the government imposes with the reason of “protecting society from terrorism”. The other major concern is technology in warfare. Many of the battles and warfare nowadays, depends on technology and even nuclear attacks are just a press of a button. This could destroy entire populations without the right security.

As mentioned above, cyber-security refers to computer/cyber related concerns such as reliability, availability, system safety, data integrity, privacy, and confidentiality. Some other malware include viruses and worms. Viruses are self-replicating that typically attach themselves to other programs and need human action to propagate while worms are also self-replicating but they spread through networks which typically doesn’t require human action to propagate. Trojans are some of the most popular and dangerous malwares used that usually act as if they are a legit or part of the application or software. They typically trick the user to download and execute them in different ways. Trojans are able to modify, delete, steal, copy, or block data and also corrupt networks and performance. According to Unuchek (2017), “In mid-July 2017, we found a new modification of the well-known mobile banking malware family Svpeng – Trojan Banker.AndroidOS.Svpeng.ae. In this modification, the cybercriminals have added new functionality: it now also works as a keylogger, stealing entered text through the use of accessibility services” (Unuchek, 2017). There are accessibility services which are UI enhancements created for people with disabilities. The system provides the Trojan with access to allow extensive permissions, restrict uninstallation, and steal various data from applications. Once the Trojan gains access to the accessibility services, it can gain admin rights, record information on other apps such as banking apps, block attempts to delete, install as a default SMS app, and it also makes an overlay phishing window that is able to record credit card info and other valuable information. Overall, there are different types of trojans and they are classified based on the actions they perform on the computer.

Identify theft/fraud is stealing someone’s identify and personal information to perform crimes which has been another growing concern regarding security and privacy. The Identify Theft and Assumption Deterrence Act criminalizes identity fraud and it makes it a federal felony. With the digital world and cybertechnologies, it has become easier to steal someone’s identity or information by hacking or even paying for sites that will look up background history and other information about people. Social security, credit card information, other personal info is stored, transferred, exchanged by the Internet all the time. Hackers exploit business and system vulnerabilities to gain access to information and steal people’s identity. This could lead to an individual’s harm, loss of finances, and ruined credit score. It could be performed globally and that is why it is so dangerous because the attackers are hard to catch and the victim continuously faces problems.

 Another important topic that has been popular lately is cloud computing. It has provided convenience due to the on-demand network access to a pool of configurable resources such as storage, services and applications, servers, and networks. Some examples of cloud-computing applications include file transfer services, photo-storing services, online backup services, etc. There are four deployment models of cloud-computing such as pubic cloud, hybrid cloud, private cloud, and community cloud and there are three service models such as software as a service (SaaS), platform as a service (PaaS), and infrastructure as a service (IaaS). There are various of concerns regarding cloud-computing. One of the concerns related to cloud and security involves the access to data, for example if the hosting company is allowed to deny the user to their own data. Another concern involves the question of who actually owns the data stored in the cloud, as well as the integrity of the data. There is also concern with integrity of the data. If the company goes out of business what happens to the data. Last but not least, there is a concern regarding the control of the data and how it is stored since currently most users have no idea how their data is being transmitted, stored, or processed.

As mentioned earlier, cybersecurity is a major growing concern and organizations need to ensure they take actions to protect themselves continuously as more and more creative attacks are developed and executed. Mitigating and lowering risk for cyber-attacks is crucial and there are security protocols and standards that can be followed. ISO/IEC is a security management system standard, for example, for automating software quality and size. NIST is a cyber security framework that also provides guidelines and standards for security. Also, security is defined in the CIA triad (Confidentiality, Integrity, Availability). All three must be present in order to ensure security. Security deals with preventing system integrity breaches and recovery from potential attacks and reliability ensures that the system operates as expected. It is a wise choice to invest a lot of money on better, more secure operations, and overall preventative tasks. Investing in protecting networks, systems, data, and overall security could not only prevent ransomware attacks, but all types of malware attacks that could be performed just for malicious, detrimental and not financial gain purposes. Security has been a growing issue in recent years with the development of IoT and overall technological innovation, therefore, more focus and investment in security is crucial for the long-term success of organizations and companies.

References

1. Lohrmann, D. (2015, May 18). Cyber Terrorism: How Dangerous is the ISIS Cyber Caliphate Threat? Retrieved June 30, 2018, from http://www.govtech.com/blogs/lohrmann-on-cybersecurity/Cyber-Terrorism-How-Dangerous-is-the-ISIS-Cyber-Caliphate-Threat.html
2. Palmer, D. (2016, June 01). Ransomware is working, and the cybercrooks know it. Retrieved November 16, 2018, from https://www.zdnet.com/article/ransomware-is-working-and-the-cybercrooks-know-it/
3. Paulette, A. (2016, August 20). Hidden in Plain Sight: Turning Encryption Against Us through Ransomware. Retrieved November 16, 2018, from http://netcentrics.wpengine.com/hidden-in-plain-sight-turning-encryption-against-us-through-ransomware/
4. Paulette, A. (2016, August 20). To Pay or Not to Pay? Recovering from a Crypto-Ransomware Attack. Retrieved November 16, 2018, from https://netcentrics.com/to-pay-or-not-to-pay-recovering-from-a-crypto-ransomware-attack-2/
5. Pauli, D. (2015, June 10). Trustwave: Here’s how to earn $84,000 A MONTH as blackhat. Retrieved June 23, 2018, from https://www.theregister.co.uk/2015/06/10/trustwave_heres_how_to_earn_84000_a_month_as_a_blackhat/
6. Swinhoe, D. (2018, October 18). 7 best practices for negotiating ransomware payments. Retrieved November 16, 2018, from https://www.csoonline.com/article/3313330/ransomware/7-best-practices-for-negotiating-ransomware-payments.html?nsdr=true
7. Tavani, H. T. (2012). Ethics and technology: Controversies, questions, and strategies for ethical computing. (4th ed.). Wiley.
8. Thomas, G. (2017, May 19). An ethical hacker can help you beat a malicious one. Retrieved June 8, 2018, from https://theconversation.com/an-ethical-hacker-can-help-you-beat-a-malicious-one-77788
9. Unuchek, R. (2017, July 31). A new era in mobile banking Trojans. Retrieved June 23, 2018, from https://securelist.com/a-new-era-in-mobile-banking-trojans/79198/