Cyber criminals are turning to the cloud to avoid being detected by the authorities in a move heralding a new era in the ongoing fight against cyber crime.
Troels Oetring, head of Europol’s European Cybercrime Centre, told a packed Infosecurity Europe conference that the off-premise nature of cloud data centres has made them a breeding ground for cyber criminals to operate freely.
“If I want to rob you ... [in the non-online world], there is usually some link between the perpetrator and the crime scene, but not with cyber crime. A difficulty for the police is that normally, if we intend to have evidence, we seize things. We will seize a phone, a computer and server and [from here] find the attribution [and those responsible],” Oetring stated during the opening keynote of the conference, according to Cloud Pro.
“In the very near future from now, the criminals will operate from cloud services and ... will be streaming [malware] from the cloud,” and this will make tracing the source of it harder,” he added.
Criminals are unlikely to target well known services from the likes of Amazon and Microsoft to run cyber crime operations instead choosing the lesser likes of the cloud sector, though that doesn’t mean the estabished services will be completely left alone.
One example flagged up by the forum involved a Romanian cyber crime group that managed to infiltrate a bank’s cloud system and clone debit cards so that they were credit cards with no spending limits before being used to withdraw money from ATMs. It’s estimated that in just under two hours the gang pilfered €45 million [£37 million] before the system recognised what was happening and closed it down.
“We already see now that cloud services are being established by criminal entities to make it even more difficult to for us to get attribution,” he added.