The attacks were recorded after the Australian Government established an online reporting system for cyber crime in an attempt to improve law enforcement efforts.
The report, covering the period 2013 and 2014, singles out particularly damaging email security attacks in Australia, so far costing the county around $15 million in just one year.
The global security report jointly published by the US-based CSIS — the leading cyber security think-tank in the US capital — with security firm McAfee, the FBI and the Department of Homeland Security, reports that Telstra in 2016, found that almost 60% of businesses were detecting security incidents on at least a monthly basis.
The incidents included almost one-quarter of businesses that had suffered from a ransomware incident.
“One local council was defrauded out of $340,000 when a cyber criminal sent a series of fake invoices to city councillors over the course of a month,” the report says.
“The Australian Government has been active in trying to confront this threat, announcing that it would allocate more $170 million in 2016 toward supporting its new National Cyber Security Strategy and proposing legislation that expands the country’s anti-money laundering rules to domestic cryptocurrency exchanges.
“Cyber crime is relentless, undiminished, and unlikely to stop. It is just too easy and too rewarding, and the chances of being caught and punished are perceived as being too low,” the report notes in its overview of global cyber security.
According to the report, cyber criminals at the high end are as technologically sophisticated as the most advanced information technology companies, and, like them, have moved quickly to adopt cloud computing, artificial intelligence, software-as-a-service, and encryption.
“Cyber crime remains far too easy, since many technology users fail to take the most basic protective measures, and many technology products lack adequate defences, while cybercriminals use both simple and advanced technology to identify targets, automate software creation and delivery, and monetisation of what they steal,” the report warns.
The report also notes:
“Where cyber crime is the undisputed leader, however, is in its ability to make hundreds of millions of people victims.
"A good estimate is that two-thirds of the people online — more than two billion individuals — have had their personal information stolen or compromised. One survey found that 64% of Americans had been victims of fraudulent charges or loss of personal information. Cyber crime is front-page news because it touches everyone.
“Cyber crime also leads in the risk-to-payoff ratio. It is a low-risk crime that provides high payoffs. A smart cyber criminal can make hundreds of thousands, even millions of dollars with almost no chance of arrest or jail.
“When you think of big cyber crimes, from Target to SWIFT to Equifax, none of the perpetrators have been prosecuted to date. Law enforcement agencies can be aggressive and skillful in pursuing cyber criminals, but many operate outside their reach. This is one reason why the cost of cyber crime continues to grow.”
The report says that in 2014, CSIS estimated that cybercrime costs the world’s economy almost $500 billion, or about 0.7% of global income, noting that is more than the income of all but a handful of countries, making cyber crime a very lucrative occupation. “Our current estimate is that cyber crime may now cost the world almost $600 billion, or 0.8% of global GDP.”
The report says the reasons for this growth are:
- Quick adoption of new technologies by cyber criminals;
- The increased number of new users online (these tend to be from low-income countries with weak cyber security);
- The increased ease of committing cyber crime, with the growth of cyber crime-as-a-service;
- An expanding number of cyber crime “centres” that now include Brazil, India, North Korea, and Vietnam; and
- A growing financial sophistication among top-tier cyber criminals that, among other things, makes monetisation easier.
According to the report, monetisation of stolen data, “which has always been a problem for cyber criminals”, seems to have become less difficult because of improvements in cyber crime black markets and the use of digital currencies.
“Stolen credit card numbers and personally identifiable information (PII) are offered for sale in quantity on the dark web using a complex set of transactions involving brokers and other intermediaries in black markets. Financial theft is transferred to the criminals’ own bank accounts through a series of transfers intended to disguise and confuse.
“Intellectual property is either used by the acquirers or sold. Digital currency makes ransomware payments easier and less traceable. The increased ease of monetisation is another reason why cyber crime has increased.
“Cyber crime operates at scale. The amount of malicious activity on the Internet is staggering. One major internet service provider reports that it sees 80 billion malicious scans a day, the result of automated efforts by cyber criminals to identify vulnerable targets. Many researchers track the quantity of new malware released, with estimates ranging from 300,000 to a million viruses and other malicious software products created everyday.
“Most of these are automated scripts that search the Web for vulnerable devices and networks. Phishing remains the most popular and easiest way to commit cyber crime, with the Anti-Phishing Working Group Monetisation of stolen data, which has always been a problem for cyber criminals, seems to have become less difficult because of improvements in cyber crime black markets and the use of digital currencies.”