Recently announced cyber crimes reveal strong threat landscape that could bring unanticipated consequences to government entities, enterprises and individuals and pose challenges to cyber security vendors.
In its global economic crime survey 2016, PricewaterhouseCoopers says cyber crime among the survey respondents is sharply higher this year, with approximately 50 organisations saying they had suffered losses over $5 million.
The professional consultancy firm also notes that cyber crime was the only economic crime to have registered an increase, while all other types of offences were showing a down trend.
FortiGuard Labs researchers predict that IoT attacks and new evasion techniques will characterize as emerging threats in 2016.
In view of an expected rise in the cyber threats, IT research firm MarketsandMarkets forecasts the global cyber security market to grow from $106.32 billion in 2015 to $170.21 billion by 2020.
Most recently, a report from online security firm FireEye showed that Indian military is facing new cyber attacks from Pakistan.
FireEye said the Pakistan-based APT group is conducting suspected intelligence collection operations against South Asian political and military targets.
“It’s critical for Indian organizations to bring together the technology, expertise and threat intelligence necessary to quickly detect and respond to these attacks,” said Bryce Boland, chief technology officer for Asia Pacific at FireEye.
In May, there were news about India’s IRCTC’s website being hacked and personal data of customers is feared to be stolen. But, IRCTC denied the incident.
Commenting on the news, Sudeep Das, SE manager – India and SAARC, RSA, said, “The hackers use business logic abuse mechanisms to hide within legitimate traffic but in a manner unintended by the site owner.”
“The traditional Web Application Firewall technologies need to be augmented with Behavioral Intelligence to hunt these attacks in real time and respond to them quickly.”
IRCTC is one of the largest e-commerce firm in the country with three crore active registered users. The IRCTC website contains vital information related with passengers who book train tickets and avail other services through it.
“Need of the hour is to detect quickly and respond even quicker before there is a major damage to business,” Sudeep Das says.
On June 3, The Jakarta Post reported that Indonesia is in a cyber attack emergency. According to the nation’s Legal and Security Affairs Minister Luhut B Pandjaitan, cyber attacks in Indonesia rose 33 percent in 2015 from the previous year.
Bank Indonesia also recorded an increase in cybercrimes, in the form of network misuse, with a rise of 66.7 percent in 2015.
“The network misuse in financial transaction crimes were aimed at stealing financial data as well as passwords for logins,” said National cyberspace desk head Agus Barnas.
To address the cyber-related issues, the Indonesian government is setting up a National Cyber Agency, which is also a part of its national policy on information technology defense.
In February, the Bangladesh Bank faced the biggest ever cyber heist of $101 million, of which $20 million went to a Sri Lankan bank account and $80 million to four accounts of a Philippine bank.
The amount credited in the Sri Lankan bank account has been reversed, but those to the Philippine accounts remain missing.
The computer-literate criminals robbed money from Bangladesh Bank’s account at the US Federal Reserve.
Most recently, SWIFT, the global inter-bank messaging system, has warned to expect more hacks.
In light of the SWIFT warning and a series of security breaches in central banks’ security systems, the Philippine central bank also heightened its security surveillance.
Celebrities being targeted
Apart from private and public entities, celebrities have also become attackers’ prey. According to a report by security firm Symantec, nearly 2,500 Celebrity Twitter accounts, have been compromised and tweets with links to adult websites were sent out as spam from them.
Account belonging to the band Chromeo, an international journalist from The Telegraph, comedian Azeem Banatwala, and the late New York Times reporter David Carr are examples of accounts that were compromised.
According to the report by Symantec, the culprit would change the profile photo, biography, and full name of the account to promote adult sites. The attacker who may be responsible for these earns $4 for each person who signs up for the adult dating site.
Security a top priority
Networking giant Cisco says global enterprises cite cybersecurity as a top concern impeding growth and innovation. The company offers Cisco Firepower Next-Generation Firewall, which will help organizations better manage and minimize risk.
The current business landscape is dominated by connected devices and mobile users. Kaspersky Lab warns that the growing use of mobile devices for corporate banking could be putting company funds at risk.
The Security service provider also notes that mobile threats have become much more widespread in recent years and are just as dangerous to users as computer-based threats.
Among the potential mobile threats, F-Secure Labs predicts malicious online payment apps will become more prevalent in 2016.
“If you’re shopping on a familiar website and there is suddenly a change from the usual checkout process, it’s a red flag that something is amiss,” warns F-Secure Senior Analyst Zimry Ong.
FortiGuard Labs, the threat research division of Fortinet cyber security solutions, find that IoT and cloud technologies bear risk factors.
The use of connected things is set to accelerate in the years to come. Gartner forecasts that 6.4 billion connected things will be in use worldwide in 2016, up 30 percent from 2015, and will reach 11.4 billion by 2018.
The research agency also said worldwide spending on IoT security will reach $348 million in 2016, a 23.7 percent increase from 2015 spending of $281.5 million. Spending on IoT security is expected to reach $547 million in 2018.