The term ‘cybercrime’ has gone from something that once sounded like the stuff of science fiction to a very real everyday risk that we face.
As an increasing portion of our lives is now spent online, criminals have more incentive – and more opportunities – than ever to exploit our data for their own profit. Banking details, IDs, medical information, personal documents: all of these things are fair game for individuals who are more than happy to steal, sabotage, ransom and blackmail their way into significant amounts of money.
To help us all stay up-to-date, let’s take a look at some of the most common ways that cybercriminals operate today.
SUPPLY CHAIN ATTACKS
Believe it or not, some cybercriminals have used the COVID-19 pandemic to further their activities. Perhaps we shouldn’t be surprised that some people will take advantage of a tragic situation for their own gain. One of the main areas we have seen a rise in cybercrime is in supply chains, which have become more important than ever to businesses during this time.
Supply chain attacks work in a similar way to ‘ransomware’ attacks. Cybercriminals try to infect an organization’s computers with malware that either steal information or blocks the organization from completing certain functions or tasks. They then contact the organization and demand money in return for removing the malware or returning the information. During the past year, vaccination and medical supply chains have come under an increased number of attacks from would-be ransomware criminals.
MOBILE DEVICE ATTACKS
The increased reliance on the use of mobile devices in the workplace has led to an increase in cyberattacks. In 2021, 46% of organizations reported having had at least one employee download a malicious mobile application. The move to remote working during the pandemic saw a 97% rise in mobile threats within organizations.
Individuals are, unfortunately, just as much at risk. As people increasingly use their phones to pay for things, cybercriminals are adapting their techniques to hack personal devices. From credit cards and bank accounts to cryptocurrencies and Amazon accounts, the more our money is managed online, the more cybercriminals stand to profit from gaining access to our phones.
Deepfake technology is the hyper-realistic manipulation of a video image in which a person is digitally altered so that they appear to look and sound like someone else. This might at first seem like harmless fun, for example with people creating YouTube videos of politicians appearing to sing pop songs. However, deepfakes can also be used for malicious and criminal purposes.
This technology can be used to create convincing content with the aim of spreading misinformation in order to manipulate public opinion, affect stock prices or worse. They are considered a form of ‘social engineering’ attack, and can be used for phishing, large-scale fraud and even advanced espionage. A convincing deepfake can grant cybercriminals access to accounts and systems with highly confidential data. For instance, hackers used AI voice cloning to trick a bank manager in the United Arab Emirates into transferring $35 million into their account.
There are two main problems for law enforcement when it comes to combating cybercrime. The first is that many organizations are unaware that a crime has occurred and, when they are aware, they often choose not to report it. However, it’s estimated that cybercrime amounted to $6 trillion in damages globally in 2021, also making it the fastest-growing form of crime in the US.
Secondly, cybercrime is borderless. US companies aren’t just at risk from hackers within the country; they can be targeted from anywhere in the world. For this reason, the FBI and U.S. Department of Justice are increasing their collaboration with international agencies such as INTERPOL and EUROPOL in order to fight cyber attacks originating from countries around the world.
A GROWING PROBLEM
While cybercrime isn’t currently the biggest type of crime in the U.S., it is the fastest growing. While it’s currently mainly a concern for federal agencies, it seems inevitable that tackling lower-level cybercrimes will eventually become part of the responsibilities of more local law enforcement departments.