April 25, 2022

Cybersecurity Threats that Society Needs to Watch Out For in 2022

mgonzalez

Cybersecurity Threats that Society Needs to Watch Out For in 2022

Technology advancements have significantly changed our world, positively and negatively. Instant communication, entertainment, education, and e-commerce have certainly improved our daily lives. Conversely, technology has also created a range of threats to our personal and national security. For example, criminal offenders have learned to use this technology to facilitate illegal endeavors such as Intellectual Property Theft and Digital Piracy, Email-Based Scams and Other Online Frauds, Malicious Software, Cyberterror and Cyberwarfare, and Cyberbullying. These issues will continue to rise in 2022. It is necessary to identify these threats and provide solutions, such as proactive education and protection, and prevent us from becoming targets throughout the coming year.

Intellectual Property Theft and Digital Piracy

Individuals have a natural tendency to be creative. Whether it be ideas of creating music, painting a masterpiece, or the next technological breakthrough, these are all innovative creations of the mind with the rights of these creations belonging to the owner. Seeing a value in these thoughts, owners put these ideas into a physical format, such as being composed into music or painted onto canvas. This action is where intellectual property theft comes into play. A business competitor or other artist may also see the value in your idea and decide to try and steal it. According to the Federal Bureau of Investigation, “Intellectual property theft involves robbing people of their ideas, inventions, and creative expressions can include everything from trade secrets and proprietary products and parts to movies, music, and software” (2016).

In connection with intellectual property, theft is digital piracy, “A form of cybercrime encompassing the illegal copying of digital media such as computer software, digital sound recordings, and digital video recordings without the explicit permission of the copyright holder” (Holt et al., 2017). Piracy is a crime; unfortunately, society perceives it as a victimless crime. Downloading a song doesn’t hurt anyone. I can listen to the same music on the radio for free. The cost of software is outrageous. If one illegally shares or downloads digital content, they are stealing income from hardworking individuals.

In a 2019 article, Quick Take: Your Primer on Digital Piracy and Its Impact on the US Economy, the US Chamber of Commerce reports that “Digital video piracy deprives the US economy of a minimum of $29.2 billion in reduced revenue each year” (US Chamber of Commerce, 2021). In the same year, the Global Innovation Policy Center reports that “Digital video piracy not only causes lost revenues to the US content production sector, it also results in losses to the US economy of between 230,000 and 560,000 jobs” (The Global Innovation Policy Center, 2019).

Criminal offenders discover ways to use computers and the Internet to victimize individuals aside from intellectual property theft and digital piracy. Email-based scams and online fraud are how these offenders are tricking you into giving up your personal information.

Email-Based Scams and Online Fraud

            Despite the advantages that technological advancements offer, our personal information is, more than ever, easily compromised by hackers through the use of deception and cheating, otherwise known as computer fraud.

One of the most common ways criminal offenders deceit and cheat individuals is through social engineering attacks like email scams. “Email fraud (or email scam) is intentional deception for either personal gain or to damage another individual by means of email” (Wikipedia contributors, 2021). There are several variations to these advanced fee schemes; however, they all typically involve claiming that they are a wealthy heir to a deceased person or are experiencing financial and legal issues and need help moving funds out of the country. The offender asks the victim to help pay fees to get the funds out of a holding process; in return, the offender promises to give the victim a hefty percentage of the funds.

Loss of sensitive, personally identifiable information, leading to identity theft, presents a significant threat in addition to economic losses from fraud. Within the US, identity theft “…refers to the unlawful use or possession of a means of identification of another person with the intent to commit, aid, or abet illegal activity” (Holt et al., 2017). In addition to using these stolen details to obtain money and credit cards, criminals use them when ordering goods and services.

Scamwatch is a website that provides live data to consumers and small businesses about scams in Australia. The website reported 3,523 reports of email scams (as of March 1, 2022), with a total loss of $6,384,861 (Australian Competition and Consumer Commission, 2016). The number of identity theft complaints made to the FTC pales compared to the USA’s estimates of identity theft victimization. Javelin (2017) estimated that identity fraud affected 15.4 million US citizens and cost them $16 billion (Holt et al., 2017).

Through technology, whether a computer system or a mobile device, criminal offenders use these devices for personal financial gain and create malicious software for destructive measures.

Malicious Software

Malicious software, or malware, is a broad range of programs or files used by criminal offenders to harm a computer, network, or server intentionally. This software has been used for many destructive reasons, and the effects are far-reaching but are typically used to exploit devices and access personal and sensitive information.

One example of malware is a virus, a piece of malicious computer code capable of copying itself and spreading from device to device. This coding does not initiate automatically and does require some form of interaction from the intended target, perhaps by clicking on a malicious link. Once running, the virus can overite the information of the intended file, rendering the original file unusable. In 1999, The Melissa Virus spread through the Internet and emails, attacking Microsoft Word programs and email systems. The intended goal of the Melissa virus was not to steal money but instead to disrupt email servers. In the end, more than 300 corporations were disrupted, including Microsoft, and the disruption of approximately one million email accounts (Federal Bureau of Investigation, 2019).

Another example of malware is ransomware, a type of computer code that encrypts data files and prevents users from accessing their computer system. The criminal offenders then demand payment for the release of your computer system and files. In May 2021, the City of Tulsa was the intended target of a ransomware attack. This attack resulted in multiple systems being shut down, including the city utilities’ online bill payments system. The City of Tulsa did not pay the ransom, but the effects of that attack damaged about 40% of the city’s 471 servers and about 20% of the city’s 5,000 desktop and laptop computers (Canfield, 2022).

In addition to paid ransoms, cost estimations of malicious software attacks also include things like destruction of data, lost productivity, forensic investigation, and reputational harm. The Melissa Virus attack in 1999 had “an estimated $80 million for the cleanup and repair of affected computer systems” (Federal Bureau of Investigation, 2019). The ransomware attack on the City of Tulsa has cost $2 million to get everything back up and running (Canfield, 2022). While these are single events, the global statistics are staggering, with damages totaling $6 trillion with expected costs reaching $10.5 trillion by 2025 (Freeze, 2021).

Not all criminal offenders are individuals looking to make financial gains by stealing your personal information and gaining access to your finances; some groups also work for nations with the goal of systematic attacks against government and infrastructural entities.

Cyberterror and Cyberwarefare

Alfred P. Murrah Federal Building in 1995, World Trade Center in 2001, Madrid Train Bombing in 2004. It is evident that there needs to be a significant focus on real-world terror attacks due to the tremendous potential for substantial losses in civilian casualties and property damage, but what about the prospective threat of attacks using technology and the Internet? This type of attack is the idea behind Cyberterror and Cyberwarfare, a term used to describe cyber-attacks supporting conflict between nation-states (Holt et al., 2017).

A growing concern is the emergence of military entities engaging in systematic attacks against corporations and government networks. Such attacks could compromise US infrastructures such as electrical power plants, water treatment plants, and pipelines for oil and gas. One example of cyberwarfare is the discovery of the 2010 Stuxnet computer worm. While neither country has openly taken responsibility, there is suspicion that the development of the Stuxnet Worm was a collaborative effort between the US National Security Agency (NSA), the Central Intelligence Agency (CIA), and the Israel intelligence agency. The intention seems to be to destroy numerous centrifuges in Irans’ Natanz Uranium Enrichment Facility (McAfee, n.d.).

Another example happened on May 7, 2021, when Russian cybercriminals attacked the Colonial Pipeline network, forcing the company to shut down the grid that supplies half of the East Coast’s fuel supply (Wikipedia contributors, 2022).         Statistical data on cyberterror and cyber warfare attacks against infrastructure have the potential to be astronomical. In the Stuxnet attack against the Iranian nuclear power program, reports suggest that Stuxnet compromised more than 30,000 computers and cost the Iranian government $1 million. In an infrastructure attack like the Colonial Pipeline attack, cost impacts are more than the ransom of 75 bitcoin ($5 million). Due to the pipeline shutdown, fuel shortages began to occur at Charlotte Douglas International Airport, resulting in a temporary shutdown of airline flights. Fuel shortages also appeared in Alabama, Florida, Georgia, North Carolina, and South Carolina gas stations. 71% of gas stations in Charolette and 87% in Washington DC, two areas hit the hardest by this attack, were running low on fuel (Wikipedia contributors, 2022).

The cyber threats that we have seen to this point involve stealing personal intellectual property, defrauding individuals of their finances, and even interrupting infrastructure services we all rely upon. The cyber threats that we have discussed to this point involve the theft of personal intellectual property, defrauding individuals of their finances, and even interrupting infrastructure services. The threat of cyberbullying has physical and psychological effects and increases the risk of self-harm and teen suicide.

Cyberbullying

Bullying amongst each other, especially in adolescents, has been an issue for society and school systems for decades. With the prominence of technology, these actions of sending threatening, mean, and hurtful messages are now performed via social media sites, text messages, online forums, emails, and gaming communities, called cyberbullying. Cybercrime and Digital Forensics: An Introduction (2nd Edition) defines cyberbullying as “any intentional, aggressive behavior performed through electronic means to cause harm to another person” (Holt et al., 2017). Technology has allowed us to communicate and record all facets of our lives, including our first driver’s license, relationship status, and even personal information such as sexual status or physical disorders. Information like this disclosed on social media out of hatred by an offender would make a victim feel ashamed or frightened, leading to their possible suicidal death.

An example of this occurred in 2006 with the suicide of a young girl named Megan Meier. Megan had struggled to lose weight from an early age and suffered from Attention Deficit Disorder (ADD) and bouts of clinical depression. Things seemed to improve for Megan at a new school where she developed a new crush and communicated on social media with Josh Evans. That was until he began to send mean and hateful messages and told her that “Everybody in O’Fallon knows how you are. You are a bad person, and everybody hates you. Have a shitty rest of your life. The world would be a better place without you” (Megan Meier Foundation, n.d.). Later that day, Megan’s parents discovered that Megan had hanged herself in her closet and that Josh Evans did not exist. Megan had a falling out with a former friend. A police investigation showed that Megan communicated with Lori Drew, this former friend’s mother, who wanted to embarrass Megan.

In a 2018 Pew Research Center report featuring 1058 parents and 743 teens, A Majority of Teens Have Experienced Some Form of Cyberbullying, 59% of teens in the US state they have experienced bullying and harassing behavior online. 32% also stated that someone had spread false rumors about them over the Internet (Anderson, 2020). Cyberbullying exposes students to nearly two times more suicide attempts than those who do not, with attempts doubling since 2008, making suicide the second leading cause of death for teens between the ages of 10-34 (Megan Meier Foundation, n.d.-b).

Conclusion

Advances in technology have undoubtedly contributed significantly to improving our lives, making our lives easier, faster, better, and more enjoyable. However, human fallibility in judging right or wrong will continue to create cyber threats that society will face in 2022. Each of us has a stake in reducing these cyber threats. While there is no absolute defense against cyber threats, we can begin by encouraging and implementing best practices at work, at home, and in our communities, implementing secure passwords and multi-factor authentication.

Administrators can ensure companies have safe and secure wifi connections, data backups, and secure physical devices and environments. Installing anti-virus software and providing updates and system patches are ways of ensuring that system resources are not vulnerable. When we can implement these best practices, we will secure our continued enjoyment of technology for years to come.

 

References

Anderson, M. (2020, August 14). A Majority of Teens Have Experienced Some Form of Cyberbullying. Pew Research Center: Internet, Science & Tech. https://www.pewresearch.org/internet/2018/09/27/a-majority-of-teens-have-experienced-some-form-of-cyberbullying/

Australian Competition and Consumer Commission. (2016, May 20). Scam statistics. Retrieved March 2, 2022, from https://www.scamwatch.gov.au/scam-statistics?scamid=all&date=2022

Canfield, K. (2022, January 26). City has spent $2 million recovering from ransomware attack, city officials say. Tulsa World. Retrieved March 2, 2022, from https://tulsaworld.com/news/local/govt-and-politics/city-has-spent-2-million-recovering-from-ransomware-attack-city-officials-say/article_5ee68f46-5d08-11ec-8d83-8743a5eaba47.html

Federal Bureau of Investigation. (2016, November 15). Intellectual Property Theft/Piracy. https://www.fbi.gov/investigate/white-collar-crime/piracy-ip-theft

Federal Bureau of Investigation. (2019, March 25). The Melissa Virus. https://www.fbi.gov/news/stories/melissa-virus-20th-anniversary-032519

Freeze, D. (2021, April 27). Cybercrime To Cost The World $10.5 Trillion Annually By 2025. Cybercrime Magazine. Retrieved March 2, 2022, from https://cybersecurityventures.com/cybercrime-damages-6-trillion-by-2021/#:%7E:text=The%20latest%20forecast%20is%20for,every%2040%20seconds%20in%202016.

Holt, T., Bossler, A., & Seigfried-Spellar, K. (2017). Cybercrime and Digital Forensics: An Introduction (2nd ed.). Routledge.

McAfee. (n.d.). What Is Stuxnet? Retrieved March 3, 2022, from https://www.mcafee.com/enterprise/en-us/security-awareness/ransomware/what-is-stuxnet.html#:%7E:text=Stuxnet%20is%20a%20computer%20worm,used%20to%20automate%20machine%20processes.

Megan Meier Foundation. (n.d.-a). Megan’s Story. https://www.meganmeierfoundation.org/megans-story

Megan Meier Foundation. (n.d.-b). Statistics. https://www.meganmeierfoundation.org/statistics

The Global Innovation Policy Center. (2019, June). Digital Video Piracy. https://www.theglobalipcenter.com/report/digital-video-piracy/

US Chamber of Commerce. (2021, October 21). Quick Take: Your Primer on Digital Piracy and Its Impact on the U.S. Economy. https://www.uschamber.com/intellectual-property/quick-take-your-primer-digital-piracy-and-its-impact-the-us-economy

Wikipedia contributors. (2021, October 24). Email fraud. Wikipedia. https://en.wikipedia.org/wiki/Email_fraud

Wikipedia contributors. (2022, March 1). Colonial Pipeline ransomware attack. Wikipedia. https://en.wikipedia.org/wiki/Colonial_Pipeline_ransomware_attack