As the economy is pushed towards the digitalization of currencies, and the eradication of liquid cash from the market, money itself is becoming increasingly exposed to cybercriminals. Online crimes already occur with breath-taking scale, speed, and sophistication, with future projections by analysist suggesting definite cause for alarm.
Regulators and governments have been promoting a narrative that states that with the digital economy comes reduction in financial crimes and a greater level of fiscal transparency. But with every major data theft and digital bank robbery the public grows ever more incredulous. There were no less than 11 globally significant cyber-attacksin December of 2018 alone, defined by Center for Strategic and International Studies as attacks “on government agencies, defense and high-tech companies, or economic crimes with losses of more than a million dollars.”
These included Chinese hackers compromising the EU’s communications system and gaining access to records of sensitive diplomatic cables; numerous attempts by Russian cyber intelligence agents to affect the networks of Ukrainian government agencies; North Korean hackers stealing the personal information of defectors living in South Korea; and accusations by a number of nations, including the UK and the US, regarding a 12-year intellectual property theft campaign by Chinese hackers.
“The difficulty with [cybercrime] is it’s a threat that manifests itself in many different ways, and it’s very dynamic. So, the sort of issues we are talking about today are not the same issues we were talking about 18 months ago,” Lord Jonathan Evans said, speaking at a conference in May of 2018. A former head of MI5, Evans believes that machine learning is already taking a significant role in the industry, both in defensive and offensive deployment. In five years’ time, he suggested, data protection from cyber-attacks will become an AI arms race in a “machine on machine war”.
Cybercrime is a roiling, rapidly advancing industry with burgeoning services for hire. According to a report by the Center for Strategic and International Studies, “currently, more than 6,000 online criminal marketplaces sell ransomware products and services, offering more than 45,000 different products”. CSIS identified that quick adoption of new technologies by cybercriminals, the increased number of new users online, and the increased ease of committing cybercrime contribute to rising trends. Added to this, a growing financial sophistication among cybercriminals combined with newer capacities for the monetization of stolen data make it an ever more lucrative business.
“Cybercriminals at the high end are as technologically sophisticated as the most advanced information technology (IT) companies, and, like them, have moved quickly to adopt cloud computing, artificial intelligence, Software-as-a-Service, and encryption,” the CSIS report explained.
Essentially, it seems, keeping security capabilities ahead of the curve of innovative hacking and exploitation methods is near impossible, given the necessarily defensive posture of cybersecurity methodologies.
Spurred by anonymity, cybercriminals who make high-profile attacks on financial institutions are becoming increasingly prevalent. One such example is Carbanak, acybercrime gang tied to $1 billion in losses from over 100 financial institutions. Lurk is another such group that focused its efforts on jackpotting attacks on ATMs, in which the machines were instructed through viral packages to release all of their cash in one withdrawal.
The reason such groups target financial institutions is the direct access to wealth, and likely the challenge of the enterprise. However, as automation and machine learning truly begin rolling out, in an age when data itself is progressively more valuable to criminals, the attacks are starting to trickle down. Juniper Research puts the global cost of cybercrime by 2022 at $2.5 trillion.
Some of the most prevalent financial crimes currently in the industry are electronic fraud and invoicing fraud. Businesses, or often specific employees, are targeted and convinced to wire money to legitimate business partners. However, in these instances the bank details have been replaced by those of the scammers’.
An example of this is the case of a Ferrari NV senior executive who was convinced to make three separate payments to bank accounts in Hong Kong amounting to $6.7 million. Dublin Zoo fell victim to something similar in an invoicing scam that appeared to be a payment to one of its suppliers, costing the organization €500,000.
It’s not just businesses that are vulnerable to social engineering. Dubbed “romance fraud”, there is a growing trend of scams emerging within the online dating community in which romantic relationships are forged over time remotely before eventual financial exploitation ensues.
The worrying side to all of this, is that this is what is going on now, while the age of the internet is, by all accounts, in its adolescence. As start-ups proclaim the utility of IoT solutions to bring all but the most inert objects online, the points of entry for hackers, and the candidates for their bot armies, are only multiplying. And indeed, this is saying nothing about technologies that have not yet emerged or fully taken shape.
As the world moves itself towards the internet of things and autonomous vehicles, drone delivery and machine learning, it might be prudent to push the brakes for a moment. In order to secure our money in the digital spaces that we already have, we need to avoid creating vulnerabilities at the same rate that we fix them. The intuitive use of smartphones to perform daily tasks like dealing with emails and online banking is undoubtedly convenient. But it is this same personal embedded in technology that cyber criminals will continue to exploit in order to harvest their profits.