The cybercrime monetisation system

Artificial Intelligence could prove to be an effective tool in the fight against cybercrime.

Forget the lone wolf or script kiddie cyberattacks of old where individuals carried out malicious attacks just to prove they could. Cybercrime today is becoming professionalised with enterprising criminals building lucrative illegal businesses by using more sophisticated techniques in their attacks, being more ambitious in who they target, and even selling or licencing their own malware.

Recently, it has felt like not a day goes by without a cyber incident being reported. Increasingly, too, the cyberattacks of recent months have appeared more organised and targeted. Ciaran Martin, head of the new National Cyber Security Centre (NCSC), reported that UK public sector and infrastructure organisations are targeted by two significant cyberattacks every single day. In October 2016, it was discovered that at least 28 NHS trusts in England had been the victim of ransomware attacks. It has even been alleged that state-sponsored Russian hackers may have affected the outcome of the US presidential election.

Understandably, awareness of cyber security issues is therefore at an all-time high with consumers and business, while security experts are moving quickly to deploy the latest technologies to tackle this rapidly expanding threat landscape. 

Man versus machine  

Security researchers rely on the established technologies of machine learning and artificial intelligence (AI) which collect data from security attacks to build a database of known threat signatures. This allows them to use both genuine breaches and false positives to more accurately model threat behaviours and attack vectors in order to improve real-time detection of new as well as known threats.      

The cooperation between man and machine through using these more sophisticated technologies creates a far more secure and efficient system. If an AI can be responsible for detecting and fixing vulnerabilities, it frees up researchers’ time to analyse the more complex threats, which they’ll in turn teach to the AI and add to the database.   

However, there is concerning potential for AI to be misused – or turned against us. In the hands of criminals, off the shelf machine learning algorithms and AI code are already being used to improve the effectiveness of attacks and to stay ahead of detection.   

Phishing attacks, for instance, where publicly available personal data is used to create a fake email with a malicious link or attachment, could be rendered far more convincing with the addition of AI. The AI could tailor phishing messages to mimic the writing style of the victim making a target far more likely to be convinced to click on malicious links or open unsolicited attachments. 

Additionally, AI and machine learning technologies are used by cybercriminals to try to stay one step ahead of security defences by continually altering the code to avoid detection or providing it with improved attack methods. We have already seen the first AI vs AI cybersecurity battles waged in the lab and, with AI now a powerful tool in cybercriminals’ arsenal, in the real world.   

Ransomware makes a mint 

2016 was dubbed ‘The Year of Ransomware’, with the likes of Locky, Cerber and TeslaCrypt among the most prevalent malware strains identified. But this was only the tip of the iceberg. Over the course of 2016, Avast detected more than 150 new ransomware strains and in 2017, this has already more than doubled.  The reason for the rapid proliferation of ransomware families is simply the success of this malware model for monetisation purposes.   

Not only are criminals able to exploit the immediate victim for payment, but they now sometimes offer an innovative alternative to paying where victims recommend two other contacts to receive the malware instead, taking advantage of social engineering tactics to expand their malware distribution base more widely. It is usually the case that no matter what option a victim chooses – whether to pay or not, whether to pass on the malware to contacts or not – they will still lose their files and possibility access to their PC altogether. 

Experts are tracking the development of the most prolific malware families have noted cybercriminals spending time adding in new languages to fool more victims, and regularly updating their code to make it harder for the security experts to prevent and mitigate – especially if the ransomware has already been activated on a user’s PC.   

For consumers, ransomware can cripple their device and forever erase their most precious files. For businesses, an attack can not only expose them to privacy law breach and data protection issues but to a mass clean-up operation longstanding reputational damage. 

Show me the money! 

What’s more concerning is that wannabe cybercriminals today need not be skilled hacks. There are now more options than ever to create their own malware if they have only basic coding skills including DIY open-source ransomware programs and licensed malware development kits which are both easily found on hacking forums. 

Even those without the necessary abilities can benefit from the RaaS (Ransomware as a Service) model. Automatically generated ransomware executables can be provided to anyone tempted to try their hand at cybercrime, creating a new army of budding cybercriminals. It is this availability of ‘malware for purchase’ which has changed unassociated instances of mischief making or theft into a real, lucrative underground economy with malware being a viable if illegal source of income.   

Despite the huge risks it poses, there’s a knowledge gap around ransomware and how to protect against it.  Avast’s small business arm, AVG Business, conducted research amongst SMBs specifically which found only 68% of small business owners had heard of ransomware, and only a third of those who thought they knew what it is could in fact accurately define it.   

As with most cyber threats, education is and will continue to be, the best line of defence against ransomware. Companies need to begin driving the best security culture and emphasising best practices, such as keeping all software programmes up-to-date, as updates often contains security fixes, and thinking twice about unusual or unsolicited emails rather than automatically clicking on any links. For small businesses, which often lack dedicated IT support, having educated employees can be the best first line of defence.  

New vulnerabilities, new defences  

When smart devices, most notably smart phones and tablets, first came to prominence 10 years ago, cybersecurity practitioners were charged with the daunting task of securing organisational networks for this myriad of new access points. Once again, we see new technologies opening up potential avenues for cybercrime to exploit. 

The Internet of Things (IoT) devices are increasingly commonplace in day-to-day life, both at work and in our homes. The rapid availability of these devices to market has been matched by enthusiastic early adopters – but at the cost of securing these devices properly. Mass produced hardware devices like web cams, printers and routers are increasingly being shipped without any security measures in place, making users vulnerable to attack. It’s clear why hackers love IoT devices – they are open doors to our private lives, our sensitive data, and our personal worlds.     

Avast recently scanned 598,913 networks in the UK to understand the extent of the issue. The findings indicated that nearly half (47%) of all routers are vulnerable to a cyber breach, and 22% of all webcams and 5% of all printers were equally open to attack.   

This highlights an important issue: that although the number of connected devices in our homes will continue to increase, the critical access point will remain the same - the router. The old standby of flashing firmware to keep pace with threats is inadequate, and the challenge is now for hardware manufacturers and security experts to work together to find a way to build security in from the ground up for smarter, safer devices.   

As the threat landscape evolves, a collaborative, multi-layered approach will be necessary to keep our data safe. On the one hand, consumers and businesses need to take the initiative to understand the risks of using connected devices and online services and to take responsibility for keeping up with the key cybersecurity best practices around installing antivirus products, changing passwords and trying to spot fake emails, links and attachments.   

On the other, cybersecurity experts will continue to focus on advancing the techniques and technologies to keep one step ahead of the criminals in this cyber game of cat and mouse. One thing that is certain is that, AI in the hands of the good guys is already a powerful and effective weapon against cybercrime, giving users the freedom to enjoy the benefits offered by the latest connected devices and technologies.   

Ondrej Vlcek, EVP & GM, Consumer at Avast 

Image Credit: Kim Britten / Shutterstock