(844) 627-8267
(844) 627-8267

Cybercrime: A faceless predator | Daily News | #cybercrime | #infosec

The cybercrime domain has been growing at a staggering rate in recent years, with organisations and individuals across every sector affected. Governments across the world have been put on high alert from potential cyber-attacks as political tensions continue to rise, including possible threats on national critical infrastructure. Criminals take advantage of this online transformation to target weaknesses in online systems, networks and infrastructure. There is a massive economic and social impact on Governments, businesses and individuals worldwide. There are no borders in cyberspace – threats and attacks can come from any location at any time, posing challenges for police because incidents may involve suspects, victims and crimes spanning multiple countries. Criminals are quick to exploit the ignorance and vulnerability of their victims. The recent proliferation of devices, from smartphones and tablets to web-connected appliances, has opened us all up to even greater risks.

For Government officials or other public sector professionals, the hack-for-hire groups will be of particular concern. Often cyber groups adopt a ‘get in where we can approach’, using simple attack vectors such as phishing. They target whoever they can with fake emails and communications, hoping someone, usually on a company work device, will open a link, installing ransomware or other malware. However, with these hack-for-hire groups, they are incredibly targeted, not only going after specific organisations, but specific people within them. And on top of this, due to current conflicts around the world, foreign states are becoming increasingly involved in cybercrime, with many commissioning malicious activity against other countries; again, placing a target on the back of Government officials.

Two Factor Authentications (2FA)

2FA is probably the most effective cybersecurity practice that can be instantly implemented. It is an access management control method, which forces users to provide two forms of identification to access a network, environment, account, or data set. The concept is centred around having something you know (username and password) and something you have (a code or token on your mobile). This means that even if a malicious hacker compromises your work email login credentials for example, they still need access to the unique authentication code that is sent to your trusted device.

Check suspicious links

Even if an email comes from a trusted sender, there’s always the possibility that they themselves have been breached, and the link you’ve just received from them is malicious. As with many walks of life Government, officials should trust their gut when it comes to cyber security. Does something seem off? Is this a strange email to receive from this individual? Have they used your full name, when they normally use a shortened version? If you’re thinking about these things, always check the link. You can do this using phishing tests or link scanners, however sometimes an even easier way is to pick up the phone and verify the communication with the sender. During the COVID-19 pandemic with surgical masks and other medical supplies in high demand yet difficult to find in retail stores, fake shops, websites, social media accounts and email addresses claiming to sell these items have sprung up online. But instead of receiving the promised masks and supplies, unsuspecting victims saw their money disappear into the hands of cyber criminals.

Isolate your sensitive work

Malicious hackers will likely be looking to access your work communications or data, sometimes targeting something specific for the purpose of blackmail or extortion. That’s why it’s crucial to keep more sensitive information and data isolated. This can be done using a different device, or segmenting your data, implementing different access pathways for each part of it. It’s also important to ensure that when browsing the web, or opening sensitive communications, that your work device is also protected. Using ‘virtual machines’ or web isolation platforms means that if you do click on a malicious link, or accidentally download an infected asset, all of the risk is contained, with the software and IT provider absorbing the risk and removing it from the user and their organisation.

INTERPOL and cybercrime

In close cooperation with member countries, the private sector and national Computer Emergency Response Teams (CERTs), we help coordinate transnational cybercrime investigations and operations worldwide. With its 190 member countries, INTERPOL is ideally placed to work with law enforcement agencies around the globe to strengthen their ability to prevent crime and identify and arrest criminals. INTERPOL’s activities are centred around three global crime programmes: Counter-terrorism, Organised and Emerging Crime and Cybercrime.

INTERPOL coordinated Operation Goldfish Alpha in Southeast Asia, where more than 20,000 hacked routers were initially identified. Cybercrime investigators and experts from police and national Computer Emergency Response Teams (CERTs) in the region worked together to locate the infected routers, alert the victims and patch the devices so they were no longer under the control of the cybercriminals. Interpol Cyber Fusion Centre (CFC) brings together cyber experts from law enforcement and industry to gather and analyze all available information on criminal activities in cyberspace to provide countries with coherent, actionable intelligence.

Different from other investigations, in many cybercrime cases, digital evidence sits mainly with the private sector, which operates and maintains many parts of the Internet infrastructure; therefore, a multi-stakeholder collaboration is essential to tackle modern cyber threats.

Social media and cybercrime

Criminals develop a ‘relationship’ with victims through social media with the ultimate goal of obtaining money. This is called a ‘romance scam’. Investment scams happen when victims are pressured into investing in fraudulent or worthless shares. Victims (often men) are tricked by attractive women into participating in nude videos chats which are secretly recorded and subsequently used for blackmail. This crime is labeled as sextortion. One must remember that nothing is private on the web and data cannot be erased. Sextortion ruins families and impacts innocent children.

Credit card fraud refers to using a credit card to obtain money or goods fraudulently. Thieves may steal a credit card, copy the number off a credit card, or take over a victim’s account and have the credit card mailed to their (the criminal’s) address. They may also open a new credit card in the victim’s name or try a variety of other techniques to steal money or buy assets. A Cybercriminal may hack into a bank or business database to steal personal details about customers and sell those details online. Then, the thief who buys that information can use it to fraudulently open an account with the victim’s details.

Cyber-terrorism essentially consists of using computer technology to engage in terrorism. The Internet can be used for terrorist purposes such as the spreading of propaganda (including recruitment, radicalization and incitement to terrorism), terrorist financing, online training; planning of terrorist attacks (including through secret communication and open-source information), execution of terrorist attacks and cyber-attacks.

When computer technology is used as a weapon-of-mass distraction, terrorists launch a psychological attack; their goal is to undermine civilians’ confidence in one or more of the systems they rely upon for essential goods or services. They accomplish this by making citizens believe a system has been compromised.

(The writer is the author of Target Secured- Police Special Task Force) 

Source link


Click Here For The Original Source.

National Cyber Security