By Chris Otaigbe
At a time when Hushpuppy and Invictus, among many more Internet-based Fraudsters, have become Nigeria’s signpost on the cybercrime planet, it will be interesting to note that Nigeria’s name is, surprisingly, not on the list of world’s top 20 countries notorious for cybercrime.
Compiled and ranked by a security research firm, Symantec discovered specific factors that determine why a certain country is plagued with cybercrime more so or less than another which allowed them to come up with a ranking for each.
In compiling a list of the 20 countries that face, or cause, the most cybercrime, the firm was able to quantify software code that interferes with a computer’s normal functions, rank zombie systems, and observe the number of websites that host phishing sites, which are designed to trick computer users into disclosing personal data or banking account information.
Symantec was also able to obtain data including the number of bot-infected systems which are those controlled by cybercriminals, rank countries where cyber-attacks initiated, while factoring in, a higher rate of cybercrime in countries that have more access to broadband connections.
The highest rate of cybercrime was found to be in the United States (US), which may mainly contribute to the broad range of available broadband connections, which are those that allow uninterrupted internet connectivity.
Sitting comfortably at the first spot, the US share of malicious computer activity is 23%, while China comes a distant second at 9%, as Germany follows cautiously at the third position with 6%.
In a reverse twist, Germany leads the trio in malicious code rank with 12. China occupies a far distant second with two, while the US has just one. However, China leads the pack on the spam zombies rank with four, closely followed by the US with three and Germany occupying a third with just two.
On phishing web site hosts, the security firm ranks China highest with six, Germany second with two and US, third with just one host. Meanwhile, Germany tops the list of the trio on the Bot rank with four, while US follows with two as China makes do with one.
Fourth on the list is Britain, whose share of malicious computer activity is 5%, 1% higher than Brazil and Spain whose share is 4% each.
While Britain ranks the lowest of the second trio, in malicious code with four, she comes a distant second to Spain which has 10, as Brazil leads the group with 16. The Latin American country also heads these three countries as the nation with the highest number of phishing web site hosts, with 16, followed by Spain with 13 and Britain coming third with five.
On the spam zombies rank platform, Britain has 10, Brazil is lucky to have one, while Spain is weakened with eight.
Occupying the third spot of the second trio, on the phishing web site hosts area, is Britain, which has five, while Brazil has 16, as Spain uncomfortably holds the second spot with 13. Out of the second top three countries, the nation with highest number of attack origin is Spain with 13, Brazil with nine and Britain with three. But Britain tops this trio with nine, Brazil has five and Spain with three. However, Spain is second at the top of the spam zombies with eight behind Britain, which has ten, while Brazil is with just one.
Italy is the seventh most attacked country, in terms of cybercrime, followed by France, Turkey, Poland, India, Russia, Canada, South Korea, Taiwan, Japan, Mexico, Argentina, Australia, and Israel.
Australia, although second to the last on the top 20 nations affected by cybercrime, at the 19th position, has the highest spam zombies rank with 37, followed by Japan, with 29.
While Israel has the highest number of attack origins of the 20 countries, Mexico tops the phishing web site hosts with 31, followed by India with 22 and Argentina, 20. Meanwhile, Argentina is top of the list of countries with the highest number of malicious codes with 44, followed by Israel with 40. On the other hand, occupying the 13th spot is Canada, which has the greatest number of spam zombies, with 40.
According to the annual Evil Internet Minute report from RiskIQ, $2.9 million is lost to cybercrime, every one minute on the internet.
After analysing proprietary research and data derived from the volume of malicious activity on the internet, the report found that the global economy lost $2.9 million every minute last year, making a total of $1.5 trillion, to cyber-criminals.
Major companies are paying $25 per internet minute because of security breaches, while hacks on cryptocurrency exchanges cost $1,930. Criminals are leveraging multiple tactics, from malvertising to phishing and supply chain attacks. The loss from phishing attacks alone is $17,700 per minute. Global ransomware events in 2019 are projected to total $22,184 by the minute.
RiskIQ Chief Executive, Lou Manousos, said as the scale of the internet continues to proliferate, so does the threat landscape. “By compiling the vast numbers associated with cybercrime in the past year, we made the research more accessible by framing it in the context of an ‘internet minute.’ We are entering our third year defining the sheer scale of attacks that take place across the internet using the latest third-party research and our own global threat intelligence so that businesses can better understand what they’re up against on the open web,” said Lou Manousos.
On e-commerce with Magecart hacks, Cyber-criminals have also increased their targets, which grew by 20% over the last year. The study found that 0.21 Magecart attacks were detected every minute, while data also revealed that in each internet minute, 8,100 identifier records are compromised, seven malicious redirectors occur and 0.32 apps are blacklisted. Additionally, 2.4 phish traverse the internet per minute, according to the research.
Manousos said without greater awareness and an increased effort to implement necessary security controls, more attacks will occur, using an ever-expanding range of technologies and strategies.
“With the recent explosion of web and browser-based threats, organizations should look to what can happen in a matter of minutes and evaluate their current security strategy. Businesses must realize that they are vulnerable beyond the firewall, all the way across the open internet,” he said.
A report from cybersecurity firm, McAfee, and the Center for Strategic and International Studies (CSIS), reveals that Global businesses are losing the equivalent of nearly 1% of global GDP (Gross Domestic Product) yearly to cybercrime, and it is impacting job creation, innovation and economic growth.
Up from a 2014 study, which put the figure at $445bn, cybercrime costs the global economy $600 billion-$1.5 trillion a year in today’s world, which amounts to 0.8% of global GDP, with the over $155bn jump since 2014 attributed to the speed with which new technology is adopted by cybercriminals and an increase in the number of internet users in parts of the world with weak cybersecurity.
It is important to note that cybercrime-as-a-service is allowing low-level hackers to easily make money from targets, while sophisticated cyber-espionage and hacking operations are able to divert significant amounts of intellectual property and funds from lucrative targets without being spotted.
What is worse is the fact that although the vast amount of money being lost to cybercriminals represents a problem itself, it also has a spiral consequence on businesses and the economy as a whole.
Chief Scientist and Fellow at McAfee, Raj Samani, said the fundamental question is about the economic impact of cybercrime, adding that there is a need to focus efforts on how these things have a detrimental impact on economic growth, impact new jobs and revenue.
According to him, last year’s NotPetya attack provided clear examples of how falling victim to cybercriminals can cost businesses dearly, with Reckitt Benckiser, FedEx and Maersk among those facing losses of hundreds of millions due to the impact of system downtime.
For example, Maersk had to reinstall 4,000 servers, 45,000 PCs, and 2,500 applications, with the need to do so impacting on the shipping firm’s ability to do business, which Møller-Maersk Chairman, Jim Hagemann Snabe, described as a “very significant wake-up call for his firm.
“The time, money and resources to reinstall all of those systems had to come from somewhere, so what did Maersk sacrifice in order to restore its business? If this is the amount of money you haven’t made because of a computer worm, then what is the detrimental impact on you as a business? What didn’t you do as a business?” Samani asked.
In the UK, telecommunications provider, TalkTalk, suffered a high profile data breach after falling victim to hackers in 2015, which cost the company about £60 million and over 100,000 customers as a direct result of the incident, with the drop in customers reducing TalkTalk’s revenue in the long term.
The cost of falling victim to cybercrime, Samani said, is likely to have been detrimental elsewhere.
“Maybe that money was earmarked for hiring more people, maybe it was earmarked for investment. But those are jobs in the United Kingdom that weren’t filled because of cybercrime,” said Samani.
In order to confront the cost of cybercrime, McAfee/CSIS report makes some simple recommendations, such as regularly patching systems and software in order to prevent cybercriminals exploiting known vulnerabilities to conduct attacks.
Along with a requirement for additional resources for investigation to expand agency resources, and cybercrime capacity building in developing nations, the report also recommends increased international cooperation in the fight against cybercrime.
Perhaps, this uncontrolled mass of cyber-attacks on businesses and nation’s economies may snowball into full-blown cyberwarfare among nations since these attacks originate from certain countries against businesses in and economies of others.
Recognizing this ugly scenario, United Nations (UN) chief, Antonio Guterres, is seeking international rules for cyberwarfare, scared that cyberattacks will be among the first weapons launched in wars, but no international rules are in place to protect countries.
Certain that future wars will begin with massive cyberattacks, the UN’s secretary general said international regulations must be established to minimize the impact of cyberwarfare on countries as threat levels continue to soar.
In his speech he gave at the University of Lisbon in Portugal, a while back, Gutterres said it is high time the world had a serious discussion about an international legal framework for cyberwarfare.
He went further to express his conviction that the next war will begin with a “massive cyberattack to destroy military capacity and paralyze basic infrastructure such as electric networks.”
Raising concerns about rising threat levels with little or no international response, the UN Chief offered the UN as a platform to facilitate the process of building better protections.
Cyberwarfare and cybersecurity remain in the spotlight following massive attacks in recent years such as the Equifax hack and the WannaCry and NotPetya attacks, as well as Russian tampering in the 2016 US presidential election, which led to the indictment of 13 Russian nationals and three Russian companies.
Fallout from alleged government-backed cyberattacks has been calamitous, as more than 200,000 companies across the world could not access computers locked by the WannaCry ransomware.
While hundreds more were affected just a month later by another strain of malware called NotPetya. The US has suggested the ransomware attacks are state-sponsored attacks by North Korea and Russia, respectively.
In the spirit of seeking lasting solution to the phenomenon, Guterres assured that the UN could bring together stakeholders, including governments, academics and research groups, allowing them to establish rules that guarantee a more humane character for cyber-based conflict while ensuring the internet remains an instrument in the service of good.
From the ranking, it is obvious that with all the noise and publicity of Nigeria’s internet fraudsters and big-time barons of cybercrimes in the country, Nigeria is thankfully, not on the list of top 20 countries engaged or hit with cybercrimes.
In other words, where Nigerians are made to believe, their country is the worst nation on earth, producing the Hushpuppies, Invictuses, Yahoo boys, etc., there are bigger Hushpuppies, worse Invictuses and a wider sea of yahoo men, not ‘boys’ fishing in the endless ocean of cybercrimes in those top twenty countries.
