Chances are cyber crime is going to get worse before things get better and the hacker hunters fight back
Cyber crime, according to the National Crime Agency (NCA) Cyber Crime Assessment 2016 report, accounted for 53 per cent of all crimes in 2015.
Cameron Brown, an independent cyber defence adviser, who has conducted research into emerging trends in cyber-crime offending, warns that opportunities to earn a living through cyber crime “will propel the disenfranchised and those in lower income bands to pursue a life of crime given the low risk and potential high yields”.
Mr Brown insists that cyber crime will continue to grow into a highly lucrative and well organised enterprise, seeking competitive advantage with the aid of sophisticated cyber operations. Operations that include research and development, with cyber criminals becoming increasingly innovative as far as the threats they can leverage are concerned.
Jamie Saunders, director of the NCA National Cyber Crime Unit, argues that “senior members of UK business must think seriously about ways they can improve their defences and help law enforcement in the fight against cyber crime”. And that means they must think seriously about the shape those future threats will take.
To determine the future shape of the threat landscape, we must first look at the seeds which have already taken root, starting with ransomware. Security vendor Malwarebytes has a honeypot to attract unwitting attackers and says in December 2015, 17 per cent of exploit payloads were categorised as ransomware; by May 2016 this had risen 259 per cent to 61 per cent.
Ransomware already dominates the threatscape, but it’s going to get much worse according to Liviu Arsene, senior e-threat analyst at Bitdefender, who predicts “ransomware-like attacks will become more prevalent with the integration of internet of things (IoT) and smart sensors into our daily lives”.
Mr Arsene envisions a scenario where a smart home or office is held hostage and the owners are asked to pay a fee to regain access to lights and appliances, for example.
Smart cars at risk
Raj Samani, chief technology officer, Europe, the Middle East and Africa (EMEA), at Intel Security, works with the NCA and the Europol European Cybercrime Centre as an adviser. He sees ransomware spreading to transport with the arrival of ever-smarter cars. “It’s only a matter of time before we see instances of people left helpless, unable to drive their cars unless they pay up a ransom,” he warns, adding, “we’re not talking driverless cars here, just a standard modern vehicle with connectivity capabilities.”
Connectivity, in particular the increasingly connected world of devices that is heralded by the IoT, will be front and centre of any emergent threatscape. Strip away the lack of secure thinking during the design process and organisations are left vulnerable to cyber attack.
Indeed, one vulnerability can often rule them all. “Our researchers discovered vulnerabilities in a supervisory control and data acquisition solution used in the Large Hadron Collider, several European airports, nuclear power plants in Iran, the largest pipelines, water supply systems, trains and chemical plants in several countries,” Alex Mathews, EMEA technical manager at Positive Technologies, reveals. In the same way, a single vulnerability in a web application can provide direct access to corporate infrastructures of myriad companies.
Inevitability of robots
Predicting the future of cyber crime isn’t all about evolution though, there has to be some revolution in there. This calls for some serious security future-gazing and that inevitably means robots.
By 2040 more crime will be committed by machines than by humans
“As the workforce moves towards more automation, we could find 35 per cent of jobs now done by humans have been replaced by robots,” says Tracey Follows, chief strategy and innovation officer at The Future Laboratory. “Futurists have been forecasting a sharp rise in lone-wolf terror attacks for years. But once robots can be hacked to become suicide-bombing machines, lone-robot attacks could become rife too.”
What’s more, according to Ms Follows, artificial intelligence and machine-learning could enable robots to self-programme criminal activity. “My forecast would be that by 2040 more crime will be committed by machines than by humans,” she says.
Driverless cars will be our transportation reality in the years to come and that’s another opportunity for cyber crime right there. “If you can convince the vehicle its GPS telemetry is wrong with a signal jammer,” says Aaron Yates, chief executive at Berea, “you will be able to pilfer vehicles at leisure.”
But if you think driverless cars are problematical, what about delivery drones? Already being tested by the likes of Amazon, what if delivery drones were hijacked and deliveries stolen? What if they were herded by the hundreds into flying bot armies? Art Swift, president of the prpl Foundation, fears drones could be dropped on to a motorway or flown into a plane on take-off.
And it’s not just drones that could be herded by hackers, humans could be as well. Darren Thomson, chief technology officer of Symantec, predicts that cyber criminals could take down an entire railway by hacking the information display boards.
“No one knows where to go for their train, the station atrium would fill up causing a physical or terrorist risk for that space,” says Mr Thomson. “We are becoming so reliant on technology that it could potentially be used to pool people in a particular place.”
Hackers could decrypt sensitive information on the internet with enormous repercussions
Future-gazing would not be complete, though, without mention of quantum computers. “In about a decade we may reach a tipping point in the world of cryptography, as a practical quantum computer will become a reality,” says Michael Scott, chief cryptographer at MIRACL.
This means that most current methods of cryptography would be rendered useless overnight. “It’s not unfeasible that hackers could decrypt all the sensitive information we currently store on the internet – banking details, tax records, identities, corporate and legal data – with enormous repercussions,” says Mr Scott.
We will leave the final word to ex-FBI counter-terrorism operative and current national security strategist at Carbon Black, Eric O’Neill, who doesn’t think this necessarily means an unhappy ending as far as the victimisation of business is concerned.
“In the near future, predators will become the prey,” Mr O’Neill predicts, as security teams increasingly become proactive in hunting for threats. “As the good guys become more active in remediating threats before hackers launch their attacks, espionage and digital fraud will become far less economically beneficial for the bad guys, giving us a far better chance of keeping them out.”