McAfee, CSIS Study Finds Ease of Cybercrime Growing as Actors Leverage Black Markets, Digital Currencies
GLOBAL HIGHLIGHTS
- New report from McAfee, CSIS finds theft of intellectual property accounts for at least 25% of cost of cybercrime and threatens national security when it involves military technology.
- Ransomware is the fastest growing cybercrime tool, with more than 6,000 online criminal marketplaces and ransomware-as-a-service gaining in popularity.
- Cybercrime-as-a-service has become more sophisticated, with flourishing markets offering a broad diversity of tools and services such as exploit kits, custom malware and botnet rentals.
- The anonymity of cryptocurrencies such as Tor and Bitcoin protects actors from easy identification.
- Greater standardisation of threat data and better coordination of cybersecurity requirements would improve security, particularly in key sectors like finance.
AUSTRALIAN HIGHLIGHTS
- Since 2014, when the Australian government established an online reporting system for cybercrime in an attempt to improve law enforcement efforts, the service recorded more than 114,000 instances of cybercrime. Almost 24,000 of these occurred in the first half of 2017, alone
- Australian telecom operator Telstra found that in 2016, almost 60% of businesses were detecting security incidents on at least a monthly basis. This includes the almost one-quarter of businesses that had suffered from a ransomware incident
- One particularly damaging segment of cybercrime for Australia is business email compromise, with the Australian government estimating associated losses of more than $19 million AUD over the course of 2016 to 2017
- Brisbane council was defrauded out of $450,000 AUD when a cybercriminal sent a series of fake invoices to city councillors over the course of a month
McAfee, in partnership with the Center for Strategic and International Studies (CSIS), has released “Economic Impact of Cybercrime – No Slowing Down,” a global report that focuses on the significant impact that cybercrime has on economies worldwide. The report concludes that cybercrime costs businesses close to $600 billion USD, or 0.8 percent of global GDP, which is up from a 2014 study that put global losses at about $445 billion USD.
The report attributes the growth over three years to cybercriminals quickly adopting new technologies, the ease of engaging in cybercrime – including an expanding number of cybercrime centers – and the growing financial sophistication of top-tier cybercriminals.
“The digital world has transformed almost every aspect of our lives, including risk and crime, so that crime is more efficient, less risky, more profitable and has never been easier to execute,” said Steve Grobman, Chief Technology Officer for McAfee. “Consider the use of ransomware, where criminals can outsource much of their work to skilled contractors. Ransomware-as-a-service cloud providers efficiently scale attacks to target millions of systems, and attacks are automated to require minimal human involvement. Add to these factors cryptocurrencies that ease rapid monetisation, while minimising the risk of arrest, and you must sadly conclude that the $600 billion USD cybercrime figure reflects the extent to which our technological accomplishments have transformed the criminal economy as dramatically as they have every other portion of our economy.”
Banks remain the favorite target of cybercriminals, and nation states are the most dangerous source of cybercrime, the report finds. Russia, North Korea and Iran are the most active in hacking financial institutions, while China is the most active in cyber espionage.
“Our research bore out the fact that Russia is the leader in cybercrime, reflecting the skill of its hacker community and its disdain for western law enforcement, said James Lewis, senior vice president at CSIS. “North Korea is second in line, as the nation uses cryptocurrency theft to help fund its regime, and we’re now seeing an expanding number of cybercrime centers, including not only North Korea but also Brazil, India and Vietnam.”
The report measures cybercrime in North America, Europe and Central Asia, East Asia and the Pacific, South Asia, Latin America and the Caribbean, Sub-Saharan Africa, and the Middle East and North Africa. Not surprisingly, cybercrime losses are greater in richer countries. However, the countries with the greatest losses (as a percentage of national income) are mid-tier nations that are digitised but not yet fully capable in cybersecurity.
Methodology
The report did not attempt to measure the cost of all malicious activity on the internet, focusing instead on criminals gaining illicit access to a victim’s computer or network. The elements of cybercrime the authors identify include:
- The loss of IP and business-confidential information
- Online fraud and financial crimes, often the result of stolen personally identifiable information
- Financial manipulation directed toward publicly-traded companies
- Opportunity costs, including disruption in production or services and reduced trust in online activities
- The cost of securing networks, purchasing cyber insurance and paying for recovery from cyber-attacks
- Reputational damage and liability risk for the affected company and its brand
To help scope the cost of malicious cyber-activity, the authors looked at other types of crime for which there are estimates, including maritime piracy, pilferage and transnational crime. They note that data on cybercrime remains poor because of underreporting and a laxness in most governments around the world to collect data on cybercrime.
Click here to read full report.
Recommendations
The report also includes some recommendations on how to deal with cybercrime, including:
- Uniform implementation of basic security measures and investment in defensive technologies
- Increased cooperation among international law enforcement agencies
- Improved collection of data by national authorities
- Greater standardisation and coordination of cybersecurity requirements
- Progress on the Budapest Convention, a formal treaty on cybercrime
- International pressure on state sanctuaries for cybercrime
About McAfee
McAfee is one of the world’s leading independent cybersecurity companies. Inspired by the power of working together, McAfee creates business and consumer solutions that make the world a safer place. Learn more at http://www.mcafee.com/.
McAfee technologies’ features and benefits depend on system configuration and may require enabled hardware, software, or service activation. No computer system can be absolutely secure. McAfee® and the McAfee logo are trademarks of McAfee, LLC or its subsidiaries in the United States and other countries. Other marks and brands may be claimed as the property of others.
About CSIS
Established in Washington, D.C., over 50 years ago, the Center for Strategic and International Studies (CSIS) is a bipartisan, nonprofit policy research organisation dedicated to providing strategic insights and policy solutions to help decision makers chart a course toward a better world.
