07 Feb 2019

Three cybercrimes that could happen tomorrow

Stuart Thomas

Technology journalist

It used to affect only the few; now cybercrime can affect billions of people worldwide. But with technology evolving all the time, how will this type of crime manifest in future? 

By now, most of us know that cybercrime is a lot less exciting than the movies have shown us. There are no suspiciously good-looking people typing furiously away at keyboards while techno music plays in the background, no one shouting: "I've bypassed the mainframe", and certainly no one donning a set of virtual reality goggles and rummaging through a virtual filing cabinet.

 

While things are a lot more mundane in real life, they're also potentially more serious than the movies make them out to be.

 

As more and more devices connect to the internet, the types of cybercrime we are bound to see in the near future will change drastically. While corporate and personal online identities (especially the kind that can unlock bank accounts) will always be a lucrative revenue stream for cybercriminals, they now have a much wider set of targets. Everything, from the infrastructure that runs our cities and workplaces to our cars and homes, is at risk.

 

Did you know, for instance, that the Dark Web is used to illegally fix sporting contests as well as for insider trading? 

These aren't some far-off visions. Crimes that may seem incredibly futuristic to the average person are already possible. Take the Dark Web, for instance – a collection of websites that exist on a hidden network and can only be accessed using special software. Did you know, for instance, that the Dark Web is used to illegally fix sporting contests as well as for insider trading? Or, that hackers can gain access to cryptocurrency wallets, stealing billions of dollars worth of Bitcoin, Ethereum and other currencies? 

 

Hackers also constantly push the boundaries of what's possible, showing us what some of the common cybercrimes of the future may look like. 

 

READ MORE: Cybersecurity in the spotlight: what to look out for in 2019

Three cybercrimes of the no-so-far-off future
AI-driven cybercrime

 

Cybercrime has always relied fairly heavily on automation, with code scripts running in the background attacking websites and networks. Advances in artificial intelligence (AI), however, could see automation in cybercrime taken to the next level.

 

Let's take something as simple as spam phishing emails, for example. With access to an email database (readily available on the Dark Web), a malicious hacker could put together an algorithm that determines which spam emails are most likely to be opened.

 

It could then start sending out its own mails. With in-built learning capabilities, it could further refine the process until it's capable of sending emails that fool even the most sophisticated spam filters and savvy email users.

 

As Matt Marx, dean of future crimes and security at xTech.Institute, pointed out at the CA(SA) of the Future Conference, sponsored by Investec, this is all possible right now. 

WATCH VIDEO: Cybercrimes of the future

But it could go a step further. Let's say an AI bot gains access to a breached social network (such as LinkedIn). Let's also say that it has access to a database from an adultery site (such as Ashley Madison, which was hacked in 2015 and had all its user data stolen).

 

As Marx pointed out, it wouldn't take that long before the AI worked out how to take things a step further and get its hands on something really valuable.

 

He predicts it won't be that long before people start getting emails that look something like this:

 

"Hi, 

I'm actually an artificial intelligence bot, and I've recently discovered that you were a member of Ashley Madison. Using your email address and your name and other details, I have mapped out your social network, so I know who your line manager is and I know who the directors of your company are; I’ve also mapped out your personal networks, so I know who your wife i and, I know who your brothers, sisters, mum and dad are; here’s a list of them for proof. Now, I will email all of them with this information, unless you pay one bitcoin as ransom."

 

Part of that ransom, of course, would go into the back pocket of the algorithm's creator, but the algorithm could also use it for further improvements, making itself ever more dangerous.

Crashing IOT networks

 

The days of computers being the only things connected to the internet are long past. Today, billions of devices are equipped with internet-connected sensors. This so-called Internet of Things (IOT) has grown exponentially over the past few years, and will continue to do so in the coming decade.

 

Networks of IOT-connected objects, therefore, represent an increasingly tempting target for cybercriminals.

 

A few years ago, headlines focused on how something as simple as a smart light bulb could be hacked, allowing cybercriminals to switch them on and off at will.

 

While that would undoubtedly be scary for anyone living in the house, things have become a lot more sophisticated since then, with hackers able to use those same light bulbs (and various other devices) to take down entire networks.

 

If a mine's IOT network were deliberately taken out, lives would be at risk. The same is true for the networks that run hospitals, factories and even smart cities.  

That's bad enough when it's someone's home, but the real danger could be when hackers target specific IOT networks.

 

Mines, for instance, increasingly rely on network-connected devices to keep workers safe. Connected sensors are, for instance, used to monitor air and seismic conditions, gathering data to anticipate and react to potential safety threats.

 

If a mine's IOT network were deliberately taken out, lives would be at risk. The same is true for the networks that run hospitals, factories and even smart cities.  

Connected car attacks
 

There are a number of advantages to cars having internet connectivity. Beyond navigation and being able to listen to your favourite playlist, a connected car could instantly alert emergency services if you're in an accident. Updates to cars' software can even improve their performance.

 

But, as with other connected objects, connected cars open themselves up to being hacked. It's already possible to remotely kill the safety features and even the engine of a moving car. A coordinated attack on a relatively small number of cars could bring a city to its knees, opening up the opportunity for both physical crime and the extortion of individuals and authorities.

 

Imagine what a city might pay to alleviate a traffic jam it can do nothing about. 

How to stay safe

Knowing that these crimes are possible, what can individuals and organisations do to mitigate their threat?

Well, for starters, it's important to remember that the cybersecurity space is asymmetrical. The people looking to defend against cybercrimes have to identify thousands of points of vulnerability, whereas cybercriminals just have to find the one they've missed, or can't protect.

Organisations, therefore, have a responsibility to educate their staff on the best security practices. They need to know what kind of email and online scams to look out for, what kinds of attachments not to open, and links not to click on.

As individuals, we can also change all our passwords regularly. A good password manager will help to generate strong, random passwords and prevent you from having to memorise them.

It may not be possible to prevent every instance of cybercrime, but with the right practices in place, many can be stopped. And even when they do occur, the damage can be severely limited. 

 

READ MORE: Data security: do you have weak locks on your digital assets?

 

Receive Focus insights straight to your inbox

Sending...

Please complete all required fields before sending.

Thank you

We look forward to sharing out of the ordinary insights with you

Sorry there seems to be a technical issue