Trends in world criminal activity indicate that cybercrime is increasing proportionally compared to other types of crime. This makes sense. As smart criminals look for new ways to foil authorities, they shy away from more traditional crimes and move to the greener pastures of cybercrime. Authorities are less used to policing sophisticated cybercrime than traditional crimes, so the criminal stands more chance of evading them.
Innovation in cybercrime is thriving! The use of machine learning, social engineering, and corporate espionage is on the increase. They have more tools and mechanisms available today and a large network of members to assist. The cyber security team needs to have the same, and if possible, more, opportunities to innovate otherwise they will be always be reactive and be one step behind.
Identity is the first challenge that a cyber criminal faces. If an attack can be traced back to an IP address and linked indisputably to the criminal’s name, then the chances of avoiding apprehension are low. If, however, the criminal can create a fake ID, the chances are higher. One new method of deception is the creation of a synthetic ID. This where a criminal uses both real and bogus information in the creation of a new identity. For example, a criminal may use a real driving license number combined with a made up name, address, and date of birth. As there is no clearly identifiable ID, they often avoid detection. Synthetic ID’s are often hardened over time by creating a trail of legitimate transactions that add credibility to the ID. Furthermore, the use of multiple, synthetic ID’s can create a complex web of interconnected relationships making detection even harder. Synthetic ID fraud is one of the fastest growing types of fraud in the Unites States.
Where do I launch my attack from? The source is typically where cyber security starts its investigation… so they hide this in Cloud services. AWS is now the chosen cloud platform they launch from.
Identity – Creating a fake persona with synthetic ID’s is used as a mechanism to mask the attacker. They use real user information to impersonate, change some small detail, and replicate this change. This means that the ID can be traced, yet due to inconsistencies in data sets, is harder to track. e.g. Some skilled hackers have cultivated 6-7 year old Facebook accounts to provide a history for investigators to get caught into.
Continuing with the weird world of cybercrime, consider the rise of AI Hacks. Cybercriminals are using “AI and Machine Learning” to build baselines for recon of a target’s environment before launching the attack. They are using trending analysis to assess response, timing, and actions that may be undertaken by the organisation.
Cybercriminals study the rules and machine learning algorithms embedded in vendor technologies. The vendors document them. They then assess the acceptable risk components of these rules and target to either:
1. Be seen as another number.
2. Not be seen as there are no rules that apply.
They then use both their recon functions and their knowledge of the AI rules to launch a stealth attack that doesn’t get detected.
One more weird one for you – Prosthetic Attacks.
Mark N Gasson and Bert-Jaap Koops wrote a paper in 2013 entitled: Attacking Human Implants: A New Generation of Cybercrime. The premise of the paper is that the advent of micro processor controlled human implant or prosthetic devices poses significant societal challenges from a cyber defence and cyber law perspectives. The outcomes of attacks on such devices are hard to predict and open a new realm of attack possibilities. If a prosthetic limb, controlled by a computer and a human pushes a key on a keyboard, who is responsible, man or computer?
So, what’s the moral of these stories? The moral is that we need to think laterally as we prepare for the future wave of cyber attacks. Conventional thinking and defences are not enough; just like in chess, the black pieces will always be one move behind. Whatever weird and wonderful attack scenarios we can conceive, we can be sure that cyber criminals will be exploring even more bizarre techniques. As the provided examples show there is no limit to the ingenuity of cyber criminals; perhaps the maxim, “If it can happen, it will happen” should be our mantra.