The numbers coming from IT security researchers, governments and vendors don’t look good: Online crime is increasing every month, and so is the dollar value of losses.
However, a leader of the Anti-Phishing Working Group, which is holding its annual conference in Toronto this week, says he is very optimistic that things will turn around – in a decade.
“Defenders – siloed though they mostly are — can win the day,” says Peter Cassidy, secretary-general and co-founder of the APWG, but they can’t conclusively vanquish the adversary.”
But, he insisted on things being kept in perspective. One hundred years ago the world came together to attack what was called Spanish Flu, figuring out how to trade data, examine data and create vaccines. “People find a way, and that’s what’s happening now.”
The same effort going on now with cyber crime, he said. He described himself as ”very hopeful. This one’s easy. The flu? My mother watched her siblings die. She watched her classmates die. Cyber crime is pretty bad, but you don’t have to attend a funeral.”
Change is taking place now, he said. “The APWG in March moved 15.8 billion cyber crime event records to anti-virus companies, responders, researchers, ISPs, ESPs, registrars, security companies to use to programmatically respond to crime. .. Increasingly we’re coming up with protocols to respond in an automated way. The Internet is learning to defend itself slowly.”
Skeptics may wonder. The APWG’s report for Q1 of this year noted 20 million new malware samples were captured in the three month period. The number of phishing websites observed by APWG increased 250 per cent from the last quarter of 2015 through the first quarter of this year.
Meanwhile ransomware, while still low relative to other malware, is rapidly increasing.
When will the battle turn for defenders? “We should see it (a shift) in terms of common crimes within 10 years – which is fast compared to how long it took to manage the flu.”
But he also said infosec pros and governments need to better define winning. “Cyber crime is so damaging and happens so fast the energy society puts into it is all about stopping the crime right now. That takes a lot of energy away from defining the conclusive vanquishing cyber crime … We defining winning as denying the attacker purchase (in a victim’s system) or (ruining) the return on investment. You can’t do that by arresting them all. You can’t that by stopping the flow of bits. What you can do by reporting and notifying in real time you can reduce their return on investment to the point where its not worth it any more… The attacker will remain on the field as long as they’re making money from it.”
While the name implies the APWG specializes in phishing, Cassidy said it has broadened out over the years to examine all types of malware and fraud spread.
Speakers at this year’s conference will talk on cyber crime trends in Russia, Brazil, South Asia and Latin America, niches in major global criminal undergrounds and ransomware.