The recent “WannaCry” cyber attack has so far affected hundreds of thousands of computers around the world, causing disruption across government and industry.
According to a BBC report, organisations caught up in the attack include the United Kingdom’s National Health System, FedEx, the Russian Interior Ministry, Deutsche Bahn (a German transport entity) and the carmaker Renault.
WannaCry is a species of ransomware, which infects networks and freezes all files and systems until a ransom amount is paid. Generally, ransomware is given access to networks through users clicking on a link in a spam or phishing email. In the specific circumstances surrounding WannaCry, Forbes reports the malicious software appeared to use a flaw discovered by the US National Security Agency.
The potential consequences of a disabling cyber attack on any number of large or significant organisations are obvious. But ransomware is only one type of cybercrime which is currently being perpetrated worldwide.
The 2016 Threat Report published by the Australian Cyber Security Centre details a number of other types of global cybercrime.
Common types of cybercrime
Although this list is far from exhaustive, the Threat Report identifies various categories of malicious cyber activity, including:
- Cyber attack/terrorism
This is a broad definition of a malicious attack on a computer system, and has been defined by the Australian Government as being a “deliberate act… designed to manipulate, disrupt, deny, degrade or destroy computers or networks or their information with the effect of seriously compromising national security, stability or economic prosperity”. This can be effected through the use of:
- Distributed Denial of Service (DDoS) which intentionally paralyses a computer by sending data from many other computers at the same time, effectively jamming it.
- Website destruction or altering.
- Hijacking social media.
- Theft of personal data.
Although technically anybody utilising a computer system could be affected by a cyber attack, the most likely intended victims would be significant global businesses, or potentially military or government departments.
- Cyber espionage
As the name suggests, this involves the targeted use of technology to obtain corporate or national secrets.
- General cybercrime
Although all of the categories identified in the Threat Report are technically cybercrime, this specific type of criminal activity involves criminal organisations making an online profit, generally through theft or extortion.
In addition to ransomware, identified as one of the most devastating types of cybercrime, the Threat Report notes that criminal syndicates may also rely on credential-harvesting malware and/or DDoS extortion in order to make money.
Credential-harvesting malware functions by inviting unsuspecting email users to click on a link and, once they have been taken to a foreign page, input credentials which will be recorded by the cyber criminal and used for their own purposes. Even more deviously, the malware will then replicate itself by sending future emails from the “hacked” account to its contacts, meaning that the correspondence seems trustworthy at first glance.
Another type of malware heavily used in cybercrime involves the redirection of bank customers from their trusted online site to an entirely different (but apparently very similar) site which records and steals the unsuspecting customer’s bank details.
DDoS extortion involves a threat against a (generally large) business to shut it down by launching a DDoS attack unless a certain sum is paid. If that does not occur and the threat is carried out, the targeted business will likely be paralysed until the DDoS attack is finalised. Although there was no cybercrime involved in the failed 2016 census, a successful DDoS attack would have had very similar characteristics.
Why is cybercrime so challenging to investigate?
One of the most difficult aspects of investigating and prosecuting cybercrime from a law enforcement perspective is unmasking the perpetrators, who are utilising sophisticated technical skills. Moreover, attacks such as WannaCry are borderless, meaning that an additional challenge is determining who has jurisdiction to detain, prosecute and punish any wrongdoers.
The financial burden of tackling cybercrime can also be significant, as the costs of remediation and immediate response must be added to the actual loss caused by the crime to develop a true picture.
The extent of the cybercrime problem
Given the nebulous nature of cybercrime, and the difficulties involved with detection and prosecution, it can also be difficult to assess how prevalent these types of crimes are.
According to the Threat Report, the extent of cybercrime activity in Australia is a concern, with these types of crimes both under-reported and misreported.
Although the type of crime is not specified, the report does state that there were 1,095 incidents involving government systems between January 2015 and June 2016 that were considered serious enough for the Australian Signals Directorate to respond to. The government contact point for businesses on cyber security issues, CERT Australia, responded to nearly 15,000 incidents affecting Australian firms between July 2015 and June 2016.
Cybercrime is a reality of modern life, but the borderless nature and increasing sophistication of these activities makes it very challenging to investigate and prosecute those involved. As the report points out, cybercrime poses a continuing threat to Australia, particularly given our increasing uptake of technology and relative wealth.
Nyman Gibson Miralis provides expert advice and representation in complex international cybercrime investigations. Our expertise includes dealing with malware, phishing and computer hacking offences, bootlegging and tripping, Bitcoin and crypto-currency fraud, as well as offences relating to identity theft, spreading computer viruses and DDoS attacks.
Contact us if you require assistance.