Ask yourself the question: ‘what does a hacker look like?’
For many of us, the question will take us back to a pre-red pill Keanu Reeves in The Matrix or a young Hugh Jackman being roped into a bank robbery in Swordfish. For others, it might make us think of hoodie-wearing desk warriors from the likes of Mr. Robot or even an underground network of cyber-anarchists, as portrayed in computer game Watch Dogs.
This is a question that has been asked for years, but it’s never felt more pertinent – or complicated – than in 2020. The truth is that the breadth of cybercrime that has affected everyone from governments to an ordinary person like you or me since the start of the year suggests an equally broad profile of attackers – from state-sponsored entities and cyberterrorists through to cybercriminals carrying out online fraud.
The issue with stereotyping attackers into either ‘shady organisation’ or ‘bedroom hacker’ – as those bad nineties films taught us– badly reflects the ease with which many fraud attacks can take place. This sort of thinking can also make a lot of people feel like they are safe from being targeted – simply because they aren’t a large business with lots of money or a government.
In this post, we explore the nature of cyberattacks in 2020, the changing face of ‘everyday’ cybercrime carried out against consumers and ultimately what’s behind this evolution.
Cybercrime in 2020 so far
It’s hard to know where to start with the current state of cybercrime, such is the scale and variety of hacks, data breaches and cyberattacks since the start of the year. Victims of these crimes have ranged from national and regional governments to international organisations – like the World Health Organisation – through to pharmaceutical companies and their employees.
As well as these high-aiming ideological, political and disruptive attacks we’ve seen an increasing background hum of cybercrime targeted at citizens, employees and SMEs. This includes a steep uptick in the use of misinformation – often aimed at exploiting fears and changing habits during the pandemic – to deprive individuals and businesses of their money. A report from August estimated that at this rate, cybercrime could have a per-minute cost of $11.4m by 2021.
Low barriers to entry for cybercrime
But what’s driving this worrying universality in cybercrime? The key difference between the cinematic golden age of high-stake hacking and now is that there’s now a much lower barrier to carrying out online fraud – effectively meaning you don’t have to be a technological genius or as rich as Croesus to carry out attacks.
While that big screen trope of having to write thousands of lines of code surely does exist when it comes to breaking into high security domains and busting through government grade firewalls, the majority of ‘everyday’ cybercrime is carried out using much simpler equipment. That’s due to the fact that tools used to commit all manner of fraud can bought for very little on the Dark Web – even email templates copying authentic businesses that can be used for phishing attacks or readymade web outlines designed to replicate bank accounts, for example.
Online lives creating a bigger target
What’s more, as a society we’re increasingly online. From transferring money to ordering food and shopping, we are spending more time than ever online – and especially so during the lockdowns of 2020. Whereas ‘analogue’ criminals would have to wait for opportunities to pick a pocket or rob a bank, a fraudster can now attempt to crack into your online bank account from the other side of the world; or send you an innocuous looking email asking you to click a link to verify some details. This sort of nefarious activity can be done remotely at scale, all from the comfort of their living room a thousand miles away.
Consumers are also accustomed to hopping online at practically all parts of the day, whether using mobile internet or WiFi. This has inured people to the dangers of using unencrypted public hotspots, meaning they are more likely to fall victim to the likes of man-in-the middle attacks.
This combination of ease-of-access for cybercriminals and consumer inattention has made online fraud a much more attractive prospect.
Rather than asking what a hacker looks like, it’s perhaps better to assume a posture of wary skepticism about every sensitive online interaction we have. At Thales, we encourage businesses to adopt the principle of security-by-design to ensure that protection protocols are hard wired into everything – from IoT components to software programmes.
By extension, businesses and consumers would do well to approach each digital scenario with the ethos of cybersecurity-by-design. This isn’t just a principle that speaks to how we should be designing things, but also a state of mind that assumes the cyberthreat – and those perpetrating it – are feasibly everywhere or everyone.