RC: How would you summarise today’s cyber-crime environment? What new risks have emerged in the past 12-18 months?

Ollmann: I would summarise the cyber crime environment as a rapidly developing criminal ecosystem. While much attention is focused upon the numbers of botnet victims or the number of credit cards stolen from a big-name breach, these are only the secondary effects of a sophisticated money-making ecosystem that increasingly blurs the black vs. white boundaries of legal or moral definitions. As the ecosystem evolves, new methods of making money through the theft, transport and laundering of personal information are invented every day. The real risks lie in the delta between what technology the user thinks is useful to them, and the ways in which others can exploit that functionality for financial gain. For example, personal photos can be taken via a smartphone, are automatically copied and stored in the cloud, yet once deleted from the smartphone continue to exist in a ‘recycling bin’ state in the cloud, allowing anyone to undelete them should they gain access to the victim’s cloud login credentials.

Kaspersky: To be blunt, things are pretty bad today. The number of unique samples of malware is still growing rapidly. In fact, we detect hundreds of thousands of them every day. We held a B2B survey and almost all – 94 percent – of the respondents in 27 countries around the world said they’d suffered some sort of a data breach incident over the last year. There are more and more targeted attacks against businesses and governments. I don’t think we’ve seen any conceptually new risks emerging in the last couple of years, but there are several worrying trends. First, mobile malware is expanding and new kinds of attacks are being developed, like the mobile cryptors we recently saw for the first time. Second, traditional organised crime is increasingly moving in to cyberspace. And there’s a growing risk to computerised industrial systems, including those controlling our critical infrastructure.

Jan-Mar 2015 Issue

NCC Group Domain Services

Kaspersky Lab

KPMG Forensic