This document discusses cyber crime in the context of new technologies like mobile devices and social media. It begins with an overview of common cyber attack methods and definitions of cyber security and cyber crime. It then examines how new technologies like cloud, mobile, big data/analytics and social media create new opportunities for cyber criminals while also making systems harder to defend. Specific challenges of mobile devices, bring your own devices, and social media are outlined. The document advocates a risk management approach to counter cyber crime that balances technical and people mitigations and calls for building security into new technologies from the start. It concludes by assessing preparedness and calling for a risk-aware culture to ensure fitness for purpose with emerging threats.
Traditionally, the attackers came from the Internet. They usually used some standard or generic malware, hacking technique or ddos tool, attacked critical infrastructure and tested what they could get their hands on. With that scenario, protecting the infrastructure was usually sufficient.
With APT, this scenario has changed. Attackers are looking for specific data or infrastructure to target and they are very persistent in getting there. They are still using some kind of malware or exploit to get there, but they are usually very advanced, zero day versions, and often employ multiple exploits at once. And the number of possible entry points has increased greatly – there are still servers to be attacked, but also desktop PCs, mobile devices such as laptops and mobile phones (often vulnerable and with closed systems, e.g. iPhone) and entry points such as social networks, which are all connected in some way these days. And the attack might not come from the Internet alone anymore – malware inserted through USB sticks is an emerging threat.