T2 09a Cyber-extortion against companies - Germanos Georgios, Papathanasiou Anastasios

advanced cases of cyber extortion against companies types investigation obstacles and suggestions the information systems the internet and the services developed through it are now integral part of the operation of the majority of enterprises worldwide this automatically greatly expands the cybercriminal scope were able to adapt their weapons and business in the new digital environment even though the level of awareness of cyber threats has increased and law enforcement act globally to combat them illegal profits have reached amazing figures the impact to society has become unsustainable considering the global economic crisis cyber security is often framed as a matter of keeping up with the rapid evolution of online attacks patching software vulnerabilities and identifying new model programs but cyber criminals

most crucial adaptation in recent years has not only to do with their technical tools or their business model they have started selling stolen data back to its original owners to keep cybercrime profitable criminals needed to find a new cohort of potential buyers and they did it they found all of us at the heart of this new business model for cybercrime is a fact that individuals and businesses are the ones footing the bill for data breaches the types of online extortion that we are dealing with are considerably more complicated than the traditional black male in the real world extortion has a reputation of being an organized crime but with the advent of cyber extortion the game is no

longer just for the Mafia such attacks could be perpetrated by as few as one person which makes it all the more threatening in particular there are two major trends of the time on the cyber blackmail on one side will classify cases of malicious software such as ransomware or crypto well as the name suggests ransomware is a type of malware propagated via the traditional means phishing emails website drives by or malbert izing once the victims device is infected the rancher begins to include private files and then pops apps a message demanding a ransom work in exchange for the encryption key the devastating case of ransomware was cryptolocker where the attackers demanded payment of three hundred dollars in bitcoins within three days to

not only decrypt the files but to prevent them from being destroyed forever today lakia ransomware seems to be on the top of a threat list within a company if our computer on a network becomes infected map network drive could also become infected on the other side we classify cases where cybercriminals require three males large sums of money from the recipient firms in case of non-compliance the company is threatened to the dos attack to its extrovert information systems which could have a significant economic damage depending of all solid and intensity and frequency of the attack it's unlikely that the use of the dose for extortion is going to come to an end any time soon the tools needed

to attack company's site are cheap and easy to use that attack that the company is being asked asked to spend let's say five thousand euros to stop probably only costs the attacker 40 euros an hour to launch meaning every time a business pays its funding 150 hours of attacks on other targets paying attackers fuels their capabilities and makes it more likely they'll continue to attack business globally

there are two factors that have been vital in driving this rise in cyber extortion firstly there is more opportunity than ever for criminals to use cyber tools and techniques for extortion as an ever increasing volume of business is done online the impact of a successful denial of service attack can have a much more significant business impact for a company moreover many more business critical systems are now connected to internet across all industries from corporate data centers to industrial control systems any systems with internet connectivity is potentially vulnerable to a denial of service attack so the potential attack surface has a great increased massively at the same time around summer has become more sophisticated it is almost

impossible to recover files encrypted with modern ransom or without the decryption key and recent resume over ions have been designed to cause as much damage as possible to potential victims by spreading internally within corporate networks our opportunity to conduct cyber extortion has increased the capability to manch as attacks has proliferated the capabilities of top-end cyber criminals are now on a par with some nation states but further down the marker the tools and expertise needed to plan mount and monetize an exclusive cyber attack are freely available on underground criminal forums allowing less technically stitute cyber criminals to learn new skills or buy-in expertise the criminal marketplace has now developed to such a degree that crime well as a service enables non

technically capable criminals to contact contracts out ransomware and de dos attacks with hacker for hire services also widely available probably there are two additional factors that are likely to have some level of impact on existing cyber criminals diversification in the extortion firstly the market for stolen personal and card data is reaching saturation point with individual sets of compromised credit card credentials available for as little as one dollar per card secondly exertion is a much leaner business model much of the effort in traditional ballad data theft is not expanded stealing the data itself but monetizing that data in this scenario criminal as user data to commit fraud themselves requiring additional resource and effort or sell it on to

other criminals potentially increasing the risk of law enforcement attention conversely extractive attacks generate direct criminal profit to enter ransom payment which is usually made in a cryptocurrency Internet interestingly there are even indicators that cyber criminals are looking to maximize return on investment for extorted cyber crime by moving away from high volume and low value attacks such as ransom or attacks against individual user systems to low volume and at the same time high volume attacks such as sorry low volume and high value attacks such as major denial of service attacks attacks involving large data theft or answer attacks targeted at corporate neural networks in terms of punishing the perpetrators they must first be identified and then

arrested and brought before the judicial and prosecutorial authorities however cyber criminals exploit all those possibilities and opportunities offered by the Internet to carry out their illegal act to remain anonymous and the volume avoid any retribution first of all digital currencies Bitcoin and sibling seas are anonymous and decide realize digital currencies that were designed to escape financial regulation it's a concept that seems creating a theory but one major drawback to non-existent financial regulation the difficulty of tracing and preventing financial crime but there's another layer layer to it digital currencies have no barrier to entry anyone can set up a free Bitcoin wallet address without having to deal with bankers proof of identity or evidence of residence in

many cases this convenience is desirable however in this particular case it means that engine can jump in on the cyber resume game and cast hard without much interference all that being said digital currencies themselves are not to blame they can be used in legitimate ways for legitimate reasons however it cannot be denied denied that digital currencies design do make it much easier to carry out cyber crimes with far less risk than traditional tactics will entail then cloud computing legitimate organizations across the globe have been migrating to the cloud in record numbers to take advantage of the cost savings flexibility and massive banks of computing power cybercriminals gained the same advantages they get something more anonymity by operating out of the

cloud they can avoid detection while gaining the advantages of global computing systems from which they can control operations mount attacks and store stolen data the cloud offer criminals the platform they need to launch the type of large-scale coordinated efforts that the internet makes possible providing the perfect venue for infiltrating other such venues much more dark web the dark web lets users access the internet with complete anonymity volunteers around the world maintain a network of servers that route traffic while providing preventing IP addresses from being tracked the server's hide user information and resist attempts at monitoring through the dark web individuals communicate online without bidding being connected to their offline identities the above-mentioned factors when combined with the non-territorial

limitation of cybercrime the national borders of law enforcement agencies and the infrastructure and data controlled by the private sector can provide an explanation why it is so difficult to identify and arrest cybercriminals one more issue that needs to be discussed has to do with legislation each country has its own laws regarding cyber criminality personal data protection confidentiality of communications and data retention when legislation is different then cooperation between states is based on bilateral or multilateral agreements of course cyber criminals are always far ahead from legal texts technology evolves much faster than legislation even the Budapest convention of 2001 which was an innovative text at the time was formulated and has been signed by several countries from Europe and the

rest of the world has not yet been been ratified by all parties Greece is now ready now in the process of ratifying the convention but how effective can it be after 15 years after so many changes in the technological field so what can companies and enterprises do to prepare for this threat even the best defended organization still get breached so being ready to respond rapidly and decisively to an explosive attack is vitally important in responding effectively the key elements of this approach our first of all understand the evolving cyber threat your organization faces at a granular level who is likely to target you what would the attack and what is their capability to do so have systems

in place that allow you to take the tax even if you cannot stop them this allows you to get on the front foot in terms of risk then ensure your critical data is irregularly and securely backed up so you can restore from recent backups if heat with a ransom or attack ensure corporate response plans are fit for purpose for likely extortion scenarios ensure these plans are tested and exercised so they operate smoothly in crisis do not deal with an extorted cyber attack are simply an IT incident ensure you manage the business crisis 2 and then ensure that you are able to call on specialist extort of crisis response expertise in the event of a serious extortion another key

consideration is whether you should pay a ransom automatic gate an exhaustive incident this is no hard there is no hard and fast rule here and it will depend on a large number of factors including business criticality of the incident ability to mitigate legislation in the actual case many individuals and organizations have paid run small groups for decryption keys and have successfully gained access to their files but other groups has have taken the money and run likewise in a scenario where a group is offering to not attack your systems how do you know a single payment will end the threat many organizations have paid ransoms only to find out that the criminals have returned with further rounds from

demands to stop denial of service attacks moreover some cyber criminals claim to have advanced capabilities such as the ability to launch crippling de dos attacks against organization organizations which of course they do not actually have so so before paying the ransom taking the consideration all the factors

finally the issue that we need faster response from the part of those who legislate up-to-date legislation to include digital currencies and effective cooperation between law enforcement authorities of various states by giving extra powers to joint investigation teams are equally critical issues it is worth mentioning at this stage the effectiveness of the joint cyber crime action task force of the European cybercrime Center ec3 of Europe own it was lunch on September 2014 as a response to further strengthen the fight against cybercrime in the European Union and beyond the jacquard is composed of cyber liaison officers from committed and closely involved EU member states such as Austria France Germany Italy Spain the Netherlands and the UK non-eu

law enforcement partners such as Colombia Australia Canada and the US and European cybercrime Center all of them are located in one single office to ensure that it can communicate with each other in the most effective way how does it work in practice in order to actively fight cybercrime the jcat choses and prioritizes the case to pursue for that purpose the different country liaison officers submit proposals all hot could be investigated the task force members then select the most relevant ones and proceed to share collect and enrich data then they develop an action plan which is led by the country who submitted the chosen proposal finally the J card goes through all the necessary steps to make

the case ready for action which includes involving judicial actors identifying the required resources and allocating responsibilities on the screen you see a list of successful operations that took place since the beginning the establishment of this J cut Action Task Force cyber extortion is rapidly becoming a permanent feature of the cybercrime landscape and one that has the potential to affect any organization although all organizations are potentially vulnerable vulnerable to cyber extortion attacks those that work on the basis that they are likely to be targeted at some point and adapt their mitigation techniques accordingly are much less likely to suffer significantly as a result of cyber attacks thank you for your attention