Bad Guys Want Your Computer. It Will Take Less Than 3 Seconds
Tech that matters.
Kudos to the U.S Department of Justice and other international agencies for this week’s arrest of Yunhe Wang, a Chinese national, who allegedly operated a massive cybercrime enterprise that netted him millions in profit. Wang set himself up as a criminal broker in cyberspace, selling access to a zombie network of unsuspecting residential computers—19 million Windows users worldwide with 613,000 in the United States. Cybercriminals used this zombie network to steal $5.9 billion, primarily from relief agencies which are typically underfunded when it comes to cybersecurity.
But here’s the worrying part. Wang operated for nearly a decade before the law caught up with him. Wang is just the tip of the cybercriminal iceberg.
Last week I attended the Barcelona Cybersecurity Congress and the takeaway is glum: the bad guys are winning. There’s a long list of reasons. One is the sheer number of cyberattacks like ransomware aimed at companies or institutions, attacks that translate into higher prices and loss of services for the average person—the latter life-threatening when it comes to hospitals, for example. According to a Checkpoint report, we’re talking about 1,380 attacks per week! A cybersecurity company called Crowdstrike said it has a list of active adversaries numbering 235.
Here’s some other numbers that knocked me out of my seat.
2.7 seconds: the fastest breach recorded last year. No cybersecurity outfit is ready for an attack under two seconds but it seems likely.
62 minutes: That’s how long cybercriminals typically spend combing for vulnerabilities.
204 days: How long before cyber defenders realize they have been breached.
“This is a big problem,” a Crowdstrike speaker said. “We need to bridge the numbers gap.”
No kidding. The bad guys are becoming increasingly sophisticated with the top tier criminal gangs launching attacks from the “cloud,” modifying services and apps to their own needs. Artificial intelligence allows cyber villains to hyper-personalize an attack that targets you by name. One techniques is an everything-all-at-once attack that uses voce calls, texts, email, deepfakes and voice cloning simultaneously. And while most hackers are in it for the money, there also is new breed of “hackactivists” operating in support of political goals.
Meanwhile, the good guys are hampered by a lack of trained staff and resources, a high burnout rate and a fragmented cybersecurity industry. Basically, they’re playing catch-up. A deep dive into this subject can be found in my article for Techstrong.ai (techstrong.ai/articles/barcelona-cybersecurity-congress-the-bad-guys-are-winning)
Steps you can take. Strong and unique passwords and two-step authentication are high on the list. Antivirus and malware software protection are highly recommended. Another option is to create a VPN to disguise your web traffic. Using Google’s “Private” mode for web cruising is a step in the right direction.
For a look at people working the right side of innovation, read my book MADE IN NEW YORK. It’s inspiring! (Talking to you Scattered Spider!)
And yes, I went to the FC Barcelona match as well. And I highly recommend a visit to the Art Museum of Catalonia for the views both inside and outside.