David Barnett's Brand Protection Articles: The Internet as an ecosystem for cybercrime

The recent opening of the National Cyber Security Centre in London, primarily intended to guard against the threats to national security presented by hackers, is part of a programme highlighting the scale of criminal activity operating across the Internet and the importance of guarding against the associated risks. The wider National Cyber Security Strategy initiative, intended 'to make the UK the safest place to live and do business online' runs in conjunction with a number of other associated plans, including the introduction of cyber security education for school students^[1–5].

Online crime comes in a variety of forms. Much of the illegal activity is perpetrated with the aim of making financial gain, whether this is achieved via phishing activity (intended to steal users' log-in details for financial or other monetised services), the spreading of malicious software ('malware'), or the distribution of spam e-mails or other content (or a combination of all of the above). A review of cybercrime was recently published by the BBC, looking at how the trends have evolved over the last 20 years^[6]. The article notes how traditional ways of illegally making money on the Internet, such as trading stolen credit-card details and other data in online forums and areas of the 'Dark Web' such as the Tor network, have more recently been augmented by the use of types of malware (known as 'ransomware') which encourage (or force) individuals to make payments to the fraudsters. This can be achieved either via claims that the software can remove viruses which have purportedly been detected on the user's system, through a statement that illegal content (such as child-abuse imagery) has been detected on the machine and will be reported to law enforcement, or by encrypting ('locking') a user's computer files and rendering them inaccessible until a payment has been made. The rise in the use of 'virtual currencies' such as Bitcoin, with which payments are almost untraceable, has greatly assisted in the growth of these types of criminal activity.

Another major source of concern for websites and other providers of online services is the rise of the distributed denial-of-service (DDoS) attack. In this type of attack, a range of compromised computers or other devices, typically located across a wide geographical area, are used by criminals to send large numbers of coordinated web-requests to a particular website or machine, causing it to exhaust its connectivity resources and thereby rendering it inaccessible by other users. The growth in this type of attack has been particularly assisted by the recent rapid increase in the number of Internet-connected objects and devices (the 'Internet of Things'). A number of recent studies have shown that DDoS attacks continue to increase in both size (with average peak size showing a 63% increase between 2015 and 2016)^[7] and duration (with a single attack lasting in excess of 12 days having been detected in the fourth quarter of 2016)^[8,9].

Whilst some of the responsibility for the protection against online threats sits with individual Internet users, though education and awareness of good practice (e.g. use of firewalls and anti-virus solutions, knowledge against opening attachments in unsolicited e-mails, looking for the presence of https URLs and valid security certificates on websites, etc.), there are also a number of steps which should be taken by brand owners and other organisations. These might include some or all of:

Use of security software and vulnerability scans to protect their internal networks and customer-facing areas (e.g. websites)

A comprehensive programme of management of their official domain portfolio, including:

defensive registration of domain names which could otherwise be purchased and used by criminals
monitoring for the appearance of (and, if appropriate, enforcement against) new domains which may have been registered with fraudulent intent
use of SSL certificates on official websites, to encrypt web communications and provide reassurance to users that websites are 'trusted'
use of technical solutions to protect against unauthorised changes to domain DNS settings which may result in users being misdirected to third-party content rather than to official websites^[10]

Monitoring for the online appearance of the brand name in conjunction with malicious or fraudulent content, or for the appearance of confidential or security-sensitive content (such as credit-card details)

Some of these steps can be undertaken by the organisations themselves; in many cases, however, it may be appropriate to partner with one or more dedicated brand-protection or other security service providers, to help mitigate threats.

References

[1] http://uk.businessinsider.com/queen-ncsc-cybersecurity-centre-2017-2

[2] http://www.itv.com/news/2017-02-14/national-cyber-security-centre-opened-by-the-queen-as-business-warned-it-is-unprepared-for-attacks/

[3] http://royallifemagazine.co.uk/queen-opens-national-cyber-security-centre/

[4] https://www.gov.uk/government/uploads/system/uploads/attachment_data/file/567242/national_cyber_security_strategy_2016.pdf

[5] http://www.bbc.co.uk/newsround/38943276

[6] http://www.bbc.co.uk/news/technology-38755584

[7] http://www.verisign.com/assets/infographic-ddos-trends-Q42016.pdf

[8] https://securelist.com/analysis/quarterly-malware-reports/77412/ddos-attacks-in-q4-2016/

[9] https://www.scmagazine.com/ddos-attacks-target-more-countries-grow-stronger-q4-report/article/635844/

[10] https://www.cscdigitalbrand.services/blog/peaks-with-no-valleys-cyber-crime-is-only-increasing/

This article was first published on 29 March 2017 at: