The Internet As An Eco-System For CyberCrime
David Barnett, author of new book Brand Protection in the Online World, outlines the many forms of online risks in light of the Government's latest plans to combat the national threat of cybercrime.
The recent opening of the National Cyber Security Centre in London, intended to guard against the threats to national security presented by hackers, is part of a program highlighting the scale of criminal activity operating across the Internet and the importance of guarding against the associated risks. The wider National Cyber Security Strategy initiative, intended ‘to make the UK the safest place to live and do business online’ runs in conjunction with a number of other associated plans, including the introduction of cyber security education for schoolchildren.
- Types of online crime to be aware of
Much of illegal activity is perpetrated with the aim of making financial gain, whether this is achieved via phishing activity (intended to steal users’ log-in details for financial or other monetized services), the spreading of malicious software (‘malware’), or the distribution of spam e-mails or other content (or even a combination of all of the above). A review of cybercrime was recently published by the BBC, looking at how the trends have evolved over the last 20 years. The article notes how traditional ways of illegally making money on the Internet, such as trading stolen credit-card details and other data in online forums and areas of the ‘Dark Web’ (e.g. the Tor network), have more recently been augmented by the use of types of malware (known as ‘ransomware’) which encourage (or force) individuals to make payments to the fraudsters. This is achieved either via claims that the software can remove viruses which have purportedly been detected on the user’s system, through a statement that illegal content has been detected on the machine and will be reported to law enforcement, or by encrypting (‘locking’) a user’s computer files and rendering them inaccessible until a payment has been made. The rise in the use of ‘virtual currencies’ such as Bitcoin, with which payments are almost untraceable, has greatly assisted in the growth of these types of criminal activity.
- What are DDoS attacks?
Another major concern for websites and online service providers is the rise of the distributed denial-of-service (DDoS) attack. In this type of attack, a range of compromised computers or other devices (typically located across a wide geographical area), are used by criminals to send large numbers of coordinated web-requests to a particular website or machine, causing it to exhaust its connectivity resources and therefore render it inaccessible by other users. The growth in this type of attack has been particularly assisted by the rapid increase in the number of Internet-connected objects and devices (the ‘Internet of Things’). A number of recent studies have shown that DDoS attacks continue to increase in both size (with average peak size showing a 63% increase between 2015 and 2016) and duration (with a single attack lasting in excess of 12 days having been detected in the fourth quarter of 2016).
- How you can stay protected
Whilst some of the responsibility for the protection against online threats sits with individual Internet users, through education and awareness of good practice (e.g. use of firewalls and anti-virus solutions, knowledge against opening attachments in unsolicited e-mails, looking for the presence of https URLs and valid security certificates on websites), there are also a number of steps which should be taken by brand owners and other organizations. These include:
- Use of security software and vulnerability scans to protect their internal networks and digital platforms
- A comprehensive strategy for managing their official domain portfolio e.g.:
- defensive registration of domain names which could otherwise be purchased and used by criminals
- monitoring for the appearance of (and, if appropriate, enforcement against) new domains which may have been registered with fraudulent intent
- use of SSL certificates on official websites, to encrypt web communications and provide reassurance to users that websites are ‘trusted’
- use of technical solutions to protect against unauthorized changes to domain DNS settings, which may result in users being misdirected to third-party content rather than to official websites
3. Monitoring for the online appearance of the brand name in conjunction with malicious or fraudulent content, or for the appearance of confidential or security-sensitive content (such as credit-card details)
Some of these steps can be undertaken by the organizations themselves, though in many cases it may be appropriate to partner with one or more dedicated brand-protection or other security service providers, to help mitigate threats.
Brand Protection in the Online World, ISBN: 9780749478698 Price: £29.99, is available to purchase now. Readers save 20% with discount code BMKBPOW20