The numbers coming from IT security researchers, governments and vendors donโt look good: Online crime is increasing every month, and so is the dollar value of losses.
However, a leader of the Anti-Phishing Working Group, which is holding its annual conference in Toronto this week, says he is very optimistic that things will turn around โ in a decade.
โDefenders โ siloed though they mostly are โ can win the day,โ says Peter Cassidy, secretary-general and co-founder of the APWG, but they canโt conclusively vanquish the adversary.โ
But, he insisted on things being kept in perspective. One hundred years ago the world came together to attack what was called Spanish Flu, figuring out how to trade data, examine data and create vaccines. โPeople find a way, and thatโs whatโs happening now.โ
The same effort going on now with cyber crime, he said. He described himself as โvery hopeful. This oneโs easy. The flu? My mother watched her siblings die. She watched her classmates die. Cyber crime is pretty bad, but you donโt have to attend a funeral.โ
Change is taking place now, he said. โThe APWG in March moved 15.8 billion cyber crime event records to anti-virus companies, responders, researchers, ISPs, ESPs, registrars, security companies to use to programmatically respond to crime. .. Increasingly weโre coming up with protocols to respond in an automated way. The Internet is learning to defend itself slowly.โ
Skeptics may wonder. The APWGโs report for Q1 of this year noted 20 million new malware samples were captured in the three month period. The number of phishing websites observed by APWG increased 250 per cent from the last quarter of 2015 through the first quarter of this year.
Meanwhile ransomware, while still low relative to other malware, is rapidly increasing.
When will the battle turn for defenders? โWe should see it (a shift) in terms of common crimes within 10 years โ which is fast compared to how long it took to manage the flu.โ
But he also said infosec pros and governments need to better define winning. โCyber crime is so damaging and happens so fast the energy society puts into it is all about stopping the crime right now. That takes a lot of energy away from defining the conclusive vanquishing cyber crime โฆ We defining winning as denying the attacker purchase (in a victimโs system) or (ruining) the return on investment. You canโt do that by arresting them all. You canโt that by stopping the flow of bits. What you can do by reporting and notifying in real time you can reduce their return on investment to the point where its not worth it any moreโฆ The attacker will remain on the field as long as theyโre making money from it.โ
While the name implies the APWG specializes in phishing, Cassidy said it has broadened out over the years to examine all types of malware and fraud spread.
Speakers at this yearโs conference will talk on cyber crime trends in Russia, Brazil, South Asia and Latin America, niches in major global criminal undergrounds and ransomware.
Related Download
Sponsor: F5
The present and future of application protection
This white paper looks at how security measures must be enhanced to ensure apps are secured everywhere, the investments organizations must make, and why security needs to be more focused at the application level.
Register Now