Cyber attacks expected to increase in 'number and severity'
By Honor Mahony
As we carry out more and more activities online, quickly latch on to new technologies and maintain active profiles on social networking sites, cyber criminals are easily keeping apace.
Reports show social network site Facebook, connecting over 550 million people worldwide, is the new major frontier for cyber crime. Those infamous Nigerian emails promising great riches if only you would hand over all your bank details are almost a quaint thing of the past.
Join EUobserver today
Get the EU news that really matters
Instant access to all articles — and 20 years of archives. 14-day free trial.
Choose your plan
... or subscribe as a group
Already a member?
Nowadays when potential thieves want to get into your bank account, they leave a message on facebook.
"While classical phishing still exists, cyber crime has moved to social networking attacks to enter a picture as a trusted link between friends, either to deliver malware or to phish for confidential and financial information," says a report by Blue Coat, an internet security firm.
Popular tricks include a message saying something along the lines of "LOL. Look at the video I found of you!" Clicking on the link leads a message saying that your software has to be upgraded to see the clip. Agree to the upgrade and what you receive instead is malware installed on your computer, allowing crooks to see all your sign-in and password information.
The report, an annual exercise examining internet security threats, notes that because people often use the same password for many websites to cut down on trying to remember lots of different access passwords. This leads crooks to try and obtain your password for other sites in the hope that it will give them access to financial accounts.
The other biggest trends of 2010 include criminals taking the time to hack into trusted websites to launch their attacks while online storage, such as cloud computing, saw the largest increase in malware in 2010.
Cyber security is a major issue as the EU tries digitise its economy by 2020, with EU stats showing that people are reluctant to shop online due to payment security concerns.
Digital agenda commissioner Neelie Kroes warns against thinking of cyber attacks as something "abstract."
"When your money is quietly stolen from your bank account or your country is shut down - as happened to Estonia in 2007 - the threat suddenly becomes very real," she says.
Onlining banking
Indeed, the banking sector, under constant threat of a cyber security breach, is a litmus test for building up online confidence. When things go awry, it makes headlines round the world. Barclays bank was handed some unwelcome publicity last year for being subject to a phishing attack.
Yet the numbers of those practising internet banking continue to increase. Between 2000 and 2009, the numbers of customers using home banking grew by 2,600 percent in Belgium alone. In Estonia, meanwhile, the phrase ‘going to the bank' has been wiped from daily language as internet banking prevails. Estonians log on instead.
To keep ahead of the criminals, some banks actively surveil the internet, including social networking sites, to make sure that nothing is being planned against them. Meanwhile information used in transactions is encoded; access to accounts are denied if there are too many false log-in attempts and the signing in process is often designed to thwart viruses meant to copy keystrokes.
Patrick Wynant, of Febelin, an umbrella group for the Belgian financial sector, notes that cybercrime is becoming "more and more sophisticated" but says that biggest problem is consumers downloading malware "without even knowing it." The software can then search a person's computer for bank details.
Protecting companies
While individuals are at risk of attacks by cybercriminals, companies are of even greater interest to internet thieves for the potential rewards a corporate account can bring.
"If I were an [SME], I would be more concerned about what I call mass-market malware," Chris Larsen, head of Blue Coat Security's research lab, told InformationWeek recently. "Those are the sort of attacks that are launched fairly indiscriminately by the bad guys just trying to infect whoever they can, and then they will sift through the list of computers they've infected and try to sort out higher value targets."
Small and medium-sized businesses often lack the resources to cope with sophisticated cybercrime.
At the very least, companies have to keep up with the latest patches as well as update themselves on current security threats. However, their future may involve following South Korea's lead, suggests the European Network and Information Society Agency (Enisa). The Asian country was hit by a huge distributed denial-of-service attack in 2009, prompting the setting up of DDoS bunkers (a new IP address) or "bomb shelters" to protect exposed firms.
Effective EU-wide security meanwhile remains hampered by offline concerns such as national borders, different legal traditions, legal uncertainty (those attempting to fight botnets fear they will face legal consequences, for example), and a reluctance to share information.
The bloc's emphasis on growing its digital economy, reducing the barriers to online trade and services, as well as highly publicised political cyber attacks involving nations, has prompted some action however.
A cybercrime unit is to be set up by 2013 and a network of Computer Emergency Response Teams by next year. Legislation criminalising the creation of botnets and obliging member states to punish cyber criminals is in the pipeline.
But all the while the technological landscape is changing. And at a much faster pace than EU authorities are currently able to react.
The advent of smart phones and tablet computers brings a whole new scope to criminal activity, not least because the uptake of mobile devices is three to four times that of personal computer adoption. One attack last year saw SMS messages verifying financial transaction intercepted in an attempt to get access to financial accounts.
Noting that the first botnets for smartphones are already available, Enisa warned in a recent report that with "new kinds of botnets evolving and manifold motivations for attacks, it has to be expected that the number and severity of attacks will increase in the next few years."