Fourth Industrial Revolution is transforming businesses into lucrative fraud operations
Cyber threats and attacks are not limited to a selected few corporations or high-profile individuals but is a real and true threat to survival and health of every business and private individual on this planet. One of the main effects of the Fourth Industrial Revolution is increased human productivity and creativity. Over the past year we have seen companies continue to be exposed to massive fraud, corruption and cyber security attacks. You either have a monitory loss or reputational loss – sometimes both.
Looking beyond the sheer volume of cyber security threats, the sophistication is spectacular. Fileless malware is an emerging tactic. These malware types write the malicious code directly to random-access memory (RAM) and distribute via online advertising. Apps are created to mine cryptocurrencies by exploiting computing resources.
Upward trends show that attackers also focus on social engineering at scale (i.e. Phishing, Baiting, Pretexting, Whaling) as a tool to assist in their attack strategy – a bullying tactic fraudsters are thriving on tricking people into breaking normal security procedures.
The intent of cybercriminals using ransomware determines the methods used for distribution of malware payload. If the goal is revenue generation, the e-mail route or channel will remain the distributor of choice when compared to using ransomware as a tool for disruption and destruction.
The click of a mouse by the end-user fires off the initial attack activation when accessing compromised mail that contains the malware payload. Even though end-points can be patched “patching” to eliminate the vulnerability which the malware exploits, the human factor remains a challenge. Angler phishing is the latest ploy being used by scammers on social networks like Twitter and Facebook. Angler phishing is a trend that spiked with 150% in the last 18 months with cyber criminals using social media as an attack vector. Angler phishing makes use of fraudulent social media accounts impersonating corporate client services directing unsuspecting clients via links to very realistic landing pages. This trend started with targeting the financial sector but has moved into the retail space over time as cyber criminals find this vector more and more successful.
Malware is a manual process for cyber criminals. By applying Artificial Intelligence to malware, the speed at which evasive malware will be able to adapt, evolve or adjust to a specific attack surface or victim profile/range, will mean that traditional measures will become completely incapable to counter attacks. Bad Artificial Intelligence will apply its intelligence to botnets, creating self-learning hivenets and swarm-bots, advance spear phishing and poisoning the good AI machine learning engine.
According to Financier, worldwide it has been estimated that the annual cost to the global economy from the booming cybercrime industry is more than $400bn, a figure that most analysts expect to increase in coming years. When organisations can understand how these events occur with associated risk, it becomes a little bit easier to implement preventative strategies and mitigate the risks. Failure to embrace change through technology will lead to organisations being subjected to a higher number of criminal attacks and those fusillades will be more damaging.