Cyber criminals steal a march on the dark web

Organised crime, leveraging the dark web, is becoming far more effective in collaboration and sharing data about how to attack digital facilities and assets than those tasked with countering such threats, Sibos delegates were told yesterday, writes Roland Tellzen.

By Jon Watkins

Chief executive officer of Russian cybersecurity organisation BI.Zone, Dmitry Samartsev, said the capacity of organised cybercriminals leveraging the dark web is doubling every year. This is especially true in the current climate of geopolitical turbulence, he said.

“All this geopolitical turbulence leads cybercrime gangs to attack more, and a lot more of these attacks are successful,” he said. Samartsev estimated cybercrime cost the global economy around $1 trillion in 2017.

Earlier in the session, independent security consultant, Troy Hunt, posited three main scenarios for a potential ‘cyber 9/11’: a pervasive and widespread outage of digital services from the internet through to messaging platforms; an attack on professional services including businesses and the banking and financial systems; and attacks on critical infrastructure including power plants and nuclear facilities.

“Basically, when things go wrong by natural purposes, it is indistinguishable from cyber attacks. But cyber events can take these events and really amplify them.”

While a majority of the audience and other panel members nominated nation states as the main instigators of a cyber event, Samartsev said organised crime was still the bigger risk.

“The worst-case scenario is when cyber criminals make several attacks at once, say, starting with a DDOS and then following that up with attacks on social networks,” he postulated. “It would enable the domino effect of citizens then all simultaneously going to their accounts to take their money out and put it under the mattress.

“That then starts trouble with liquidity and central banks, and then you have the problem of cooperating across borders to fight against it.”

He said the advantage enjoyed by cyber criminals on the dark web is their ability and willingness to collaborate. “We need to do the same, but the criminals are head of us,” he said. He lamented that police and security agencies such as Interpol were not collaborating enough to fight cyber threats. Geopolitical tensions were exacerbating this lack of action.

The head of cybersecurity for major Australian telco Telstra, Ms Jacqueline McNamara, agreed. “I think the issue we have is there is a lot of financial incentive for cyber criminals to collaborate and get on with it,” she said.

“But for us, when we are told that we need to collaborate to fight against it, we can see it as a distraction and taking us away from our day-to-day jobs. We need to be more preventative.”

On the plus side, Samartsev said private businesses and banks were taking up the slack and collaborating more and more to combat cyber risks. Companies and banks are best able to make the cost of cyber crime so prohibitive that it becomes less worthwhile for criminals to contemplate. “If we make the proposition of attack very expensive, there is no margin in it for them,” he said.

Earlier in the day, addressing a Sibos Discovery session, the head of business development for Dutch cyber security company Belleron, Sebastian Kuntz, spoke of the difficulty of protecting banks and financial systems from cyber fraud and terrorism.

“How do you deal with financial crime in a fast and innovative world like banking? Financial crime and financial terrorism are already daily in the news. Scenarios are already there from attacks we already know. But how do you protect from those we don’t know about yet? Building systems that are fully secure is impossible. Basically, assume you are compromised, and if you read the analysts’ reports the average bank is compromised 100 days already before an attack. What you need to pay attention to then is managing the risk.”

He referred in particular to the attack on British retail chain Tesco in late 2016, in which GBP2.5 million was stolen through cyber fraud.

“Attacks always happen when you are most vulnerable – Friday nights when everyone in the bank is at the pub, or at Christmas,” he said.

He noted the attack on Tesco began at 9:30pm on a Friday; 52 hours passed before the retail chain shut down all its payment systems for a full three days. It would have been better to manage the attack with minimal impact to the other functions of the company, he said.

“You should close down only the part of your banks that is under attack. We would have only stopped payments from Spanish and Brazilian florists,” he said. “You manage the risk and stop the attack before it gets massive.”