Cyber criminals have upped their game in the past two years to take advantage of a world distracted in its battles with a global pandemic. Cybercrime is growing continually. The number of cybercrime incidents rose by more than 60% in 2020 with costs associated with those crimes in the billions of dollars. The two most prevalent categories of cybercrime are identity theft and ransomware.
Identity theft is causing personal nightmares, with a majority of identify fraud incidents in the United States reported by victims over 60 years old [IC3 Report]. These attacks involve false insurance claims, illegal Payment Protection Program claims taken on behalf of small businesses, stealing social security funds, and initiating bank account transfers, all using stolen identities.
While Identity fraud impacts individuals, a more severe class of cybercrimes is ransomware against businesses. According to the 2020 FBI Internet Crime Report, there were 2474 ransomware incidents reported 2020, with adjusted losses of $29.1 million. This is grossly understated as most incidents and payments go unreported. Cybersecurity Ventures predicts it will be closer to $20B in losses in 2021.
According to Sophos Research State of Ransomware Report 2021, respondents reported that "the average cost to rectify the impacts of the most recent ransomware attack (considering downtime, people time, device cost, network cost, lost opportunity, ransom paid etc.) was US$1.85 million, more than double the US$761,106 cost reported last year." These attacks involve attackers invading a system, encrypting data to make it unusable, and holding businesses data hostage until a ransom is paid. Businesses are put in the untenable position of making the choice of paying ransom in order to protect their business and customers, or losing their data.
How Adversaries and Attackers Work
Attackers are heavily invested in sophisticated research to help them understand known software vulnerabilities, allowing them to take advantage of those vulnerabilities to exploit victims in automated ways. What is common between identity theft and ransomware is they are mostly caused via email phishing schemes or the attachment of malicious files which unleash malware into the victim's environment.
The latest pervasive attacks on Microsoft's Cosmo DBs and Exchange servers during the past few weeks are examples that show the intensity of the situation. The latest attack on Microsoft Cosmo DBB allowed hackers the ability to modify/delete customer data. Flaws seemed to be related to default settings enabled in a third-party visualization tool. The attackers acquire knowledge of these existing loopholes and wait for an opportunity to exploit them. Attacks on Exchange servers were a result of exploiting remote access loopholes to get a backdoor entry to all customer emails on the server.
In order to combat these threats, education and the implementation of secure engineering techniques are a must. It is possible to transform DevOps to DevSecOps by continuously building security into software as an integrated part of the engineering process. This transformation will manifest itself in a more centralized and improved collaboration across businesses units.
We often hear "security needs to be built-in and not bolted-on". It is imperative to act on those words. Secure engineering techniques and standards must be adopted throughout the development and engineering lifecycle in order to build secure software.