Neil Stephenson imagined a meta-verse in his 1992 novel, Snow Crash. A vision of an interactive computer-generated reality or virtual world. A fully immersive persistent experience that we are all plugged into. Maybe we’re not there yet, but we are far closer today than we were pre-pandemic, and it’s a scary peak into the future power that cyber villains may wield.
We are accessing work and play, friends and information, media and experiences, in the digital realm like never before. In fact, in many forums some may argue that since the pandemic, the digital experience has become the default and primary reality, ahead of the physical (IRL) one. Who’s to say how long that will persist?
My team are well and truly embedded in online tools. Be it Microsoft Teams, Zoom, FaceTime, Houseparty, or even worldwide gaming phenom, Fortnite, which has amassed over 350 million global players. Online experiences from work to leisure and everything in between are blending. The platform may change depending on your mood, where you are and what you’re into, but that digital reality is becoming more ingrained every day.
Societal change is accelerating this shift forward towards a digital existence at an increasing rate. Film, gaming and military applications are maturing and transitioning into mainstream norms from communications to transport, entertainment, IoT and commerce.
But as technology advances, and as our habits blend into virtual ones, it never hurts to remind ourselves that the risk of cybercrime facing all of us, our customers included, is amplified. Graphic design, voice simulation, deep fake visualisations, big data, AI, AR, VR, and global interconnectivity, plus more, mean that we can virtually manifest an identity, at anytime, anywhere on the planet. And it can be near impossible to tell who is truly on the other side.
Caveat emptor / Buyer beware: Keep your hands inside the carriage!
If life were a theme park, the guides would be advising us to ‘take caution past this point’. Sophisticated cyber networks are at play, and they’re targeting the weakest link, us
Who they are is the subject for another discussion: Private criminal networks, powerful individuals, random bedroom bound hackers, or advanced, well-resourced cyber rings sponsored by nation-states? The more important message is that businesses are at risk.
We’re all familiar with the debate about political intervention in the United States, but it’s happening everywhere. In June, Australian Prime Minister, Scott Morrison, ‘warned that Australia was facing an unprecedented wave of cyber attacks on all levels of government, industry and critical infrastructure.’
As we fast forward to a life immersed in a new digital reality, we should continue reminding our customers to have their eyes wide open. Throughout this year as the adoption of online video calls and meetings became commonplace, replacing business conferences and get-togethers for family and friends, we were warned of the security flaws in platforms like Zoom. Squatters that were joining meetings and listening in to private conversations. Data that was being shared across platforms without the consent or knowledge of users. We learned from that, and the platforms implemented changes, and so we move forward. But in the gaps is where the true perils lie. In the technologies that are perhaps not so widely adopted.
Consider deep fakes. We rely on our own two eyes – “Seeing is believing” has been widely accepted as a universal truth for millennia. It’s an ancient fall back for proof of what is real and true. But how easily that instinct and trust can be conned. We’ve all witnessed the incredibly impressive deep fakes that are emerging. It’s powerful technology which, in the wrong hands, can be used for deception and identity fraud, and it’s at the fingertips of bedroom warriors. Check out these examples from CreativeBloq. It’s scary when you think that we’re just at the beginning for this new and emerging tech. How easily might someone assume your identity, or that of someone you trust. And if you’re not the target, who else in your network might be?
This month there has been much fanfare and celebration of the attempted takedown of the global TrickBot botnet. Regarded as one of the top 3 malware-as-a-service (MaaS) networks, it uses email-based campaigns to infect hosts with ransomware, to steal data, access bank accounts and for wire transfer fraud. The takedown attempt by a coalition of tech companies, including Microsoft, was short-lived and while it disrupted operations, the botnet has since recovered. But if you consider this attempt a window into the future, what will it look like, if or when, these cybercrime networks turn our tactics back on us. We saw the global loss and disruption from WannaCry, but what might a larger more coordinated attack look like? One of the best examples we have is the attack on Ukraine, which most accept was executed by Russia in 2017, targeting major infrastructure, banks, government, media and the energy sector. A cyber war waged with code, data and critical infrastructure. One of the tactics employed is to feed a network bad data, to make it difficult to decipher the real information from fake, but what if that technique were turned around on civilian populations?
Many are aghast at the recent documentary, A Social Dilemma, at the power wielded behind the scenes, turning our own data upon us for manipulation. Frankly, I find it more concerning that so many are surprised. They demonstrate the vulnerability of a society that is beholden to the information that it is being fed, and it highlights the weaknesses of many of our systems, and the potential for nefarious actors to use those tools for malicious reasons, and to advance their own financial interests.
And the very infrastructure itself can also be compromised, evidenced by the global debate about the roll out of 5G networks and the role of Huawei and the Chinese government.
Or on a lower level, with individual devices. WSJ suggests that “experts expect cyberattacks to increase in frequency and severity in the coming years as more consumer goods are sold with internet connectivity embedded by default, WSJ’s Future of Everything reports. Vulnerabilities abound in schools, homes, cars, airlines, cities and other venues.”
The human element – potential for good and evil
While these massive advances in technology and their widespread adoption bring risk, as humans, we do however already recognise some of the limitations. There are for example admirable efforts happening throughout the world to address AI biases. After all, these are ultimately just machines that are making decisions based on data and algorithmic models. They too can be fooled and manipulated, and we as humans understand that fact and can intervene.
Ultimately, the most powerful, nimble and acute super-computer on the planet is the human brain. We must trust it to learn and adapt. To understand the deception and new possibilities in this new world of profound and invasive technology. With education, we can teach our customers, to spot outliers, frauds and fakes. To share and alert others when danger is proximate.
Despite all of the technology, and we are just at the beginning, businesses must remain eyes wide open to the risks and recognise that ultimately, they are still just new tools that are being employed by cybercriminals to deceive them.
In 1962 Arthur C. Clarke wrote in his book “Profile of the Future: An inquiry into the limits of the possible”, that “Any sufficiently advanced technology is indistinguishable from magic”. With the advancements of technology that we’re seeing today, that sentiment feels more relevant than ever.
We are all – busy, distracted, stressed, and flawed, with our own preconceptions, biases and prejudices – making us easily manipulated and susceptible to a slight of hand, the kind we have fallen for, for centuries. The pick pocket in a hawker’s market, the fortune teller with a crystal ball, or the quick-witted con artist. Today, is not so different. We just have to know they’re there, and that they have malicious intentions. We need to keep alerting our customers to be awake to their tools & techniques, to make it easier to spot them.
Most of us chuckle when we hear stories of the tarot reader, the fortune teller or the con artist with their implausible stories, but still there are those among us that are desperate to believe. The same is true with technology. Most hear theories from groups like QAnon, or other end of the world conspiracy theories online, and laugh. Most think they are too far-fetched to be true, but there are others that are convinced in their truth. It becomes their reality, and technology can amplify that experience, playing back messages and views from others far and wide that reaffirms their beliefs.
The point here is that cybercriminals are like the lions and hyenas prowling on the perimeter of the herd. They won’t come for everyone. Instead, they lay in wait looking for the vulnerable ones on the fringe. Because they know that if they can get a single victim, then that may be their gateway to seize the credentials they need to access the kingdom.
The metaphor demonstrates how sinister and pervasive cybercrime is and reminds us that there is far more to defending our customers, their data and reputations, than just technology. We must keep thinking about the education that every professional is receiving, and not just crack Infosec SWAT teams who are well versed in the workings of technology, but also the front line workers, and those in less technical roles like cleaners and contractors who may just be that point of least resistance. That was the case with the massive Target breach which one Gartner analyst estimated might cost the firm $420 million. It was perpetrated by gaining access to the credentials of a third-party HVAC contractor.
The moral of the story
Every day my team is defending businesses against sophisticated, socially engineered, targeted email attacks. They do much the same as what we’ve been pondering. They try to impersonate and trick the user with words and pictures. Using information about the recipient to tailor the email and make it seem more familiar and plausible. They add links to legitimate company websites, make authentic appearing copies of webpages, and add logo’s and legal disclaimers to make users think they’re real. The good ones can be almost impossible to spot. But we need to continue motivating our customers to try. It’s the human element, assisted by technology, that is best placed to defend a business.
Technology plays a major role, and it must be leveraged at every opportunity, but let’s not rely on it solely and believe that the job is done, and the risk has abated. We know threats get through even the most robust defences. In fact, nine out of 10 businesses are being impacted by phishing, even when most have an email security solution in place. This is a reminder that if our customers are alert to this reality, with teams educated and ready to think before they click, assisted by the latest technology and processes, then they are in the best position to prevail and prosper.
As the technology landscape accelerates and these fraudulent attempts become even more deceptive, let’s keep encouraging our customers to stay alert, to learn and adapt their approaches, and to share their stories, so that they can stay ahead of the adversary.
Talk to us
MailGuard's partner blog is a forum to share information and we want it to be a dialogue. Reach out to us and tell us how we can serve you better. You can connect with us on social media or call us and speak to one of our consultants.
Australian partners, please call us on 1300 30 65 10
US partners call 1888 848 2822
UK partners call 0 800 404 8993