Hacking horror stories, new and more devious scams and fake, well, everything, have all been given a boost during the pandemic. The question is whether they will subside once it passes or whether this is the new normal.
The answer is they almost certainly won’t subside.
Hacking has now reached levels where the events we used to read stories about and worry about now result in a resigned shrug. Credit cards, password information and login details, once seen as valuable to hacking groups, are now available on the dark web for next to nothing.
Hacking has changed shape.
The value is no longer in the ‘product’ but in the access.
The now-famous SolarWinds attack would have looked very different just a few years ago. Then it would have been a ‘smash and grab’ hacking operation, and the information gleaned would have been sold to the highest bidder. This time, the process was slow and sophisticated. Once the perpetrators were inside the systems, they remained undetected for months, slowly siphoning out data and burrowing further into connected systems. The mess will take years to sort out.
Even more recently, a hacking group called DarkSide attacked the Colonial pipeline that delivers almost half of the gas requirements of the East Coast of America. It did what many observers have believed possible, and many Governments have ignored it because it is too scary. They brought down critical infrastructure.
It also brought into sharp focus another major issue. Do you pay the ransomware perps? The truth is that if the attack hits someone else, your answer is ‘no, it only makes things worse,’ if the attack is against you, the answer is ‘yes, I need to get back to normal asap.’ Colonial paid around $5 million.
The problem with that is that in this new era, the hit probably stole the data before locking you out, and the hacking hordes demand another ransom, or they will publish your secret data.
Every day, news breaks about another scam or hacking variant. Yesterday, the story was from security firm Sophos, which has uncovered no less than 167 crypto trading apps that are not what they seem.
Against this grim backdrop is data suggesting that many companies, mainly SMEs, are unprepared and do not have the budget to create a hacking defence strategy. Most SMEs in Singapore are not prepared, according to QBE.
There is, of course, the other end of the scam and hacking spectrum where phishing attempts by text from a fake delivery company telling you to click a link to track a package that you plainly haven’t ordered are also on the rise. The spelling in the texts is so diabolical that very few would be fooled.
Creating fake and false value for brands is also on the rise. It is not exactly hacking, but it is pretty clever (if you think that hacking and manipulating people is clever).
A security research group recently uncovered a scam where Amazon merchants can buy five-star ratings. A company buys something from a merchant and gives it a five-star rating, using many different people across its network to amplify the recommendation. Meanwhile, the merchant refunds the company via PayPal. Similar recommendation scams happen on other platforms such as Trustpilot and TripAdvisor, but the Amazon one has the ring of professionalism about it. The other two generally rely on friends to post glowing reviews.
It is getting out of control.
The only good news that might be found among these hacking stories is that, finally, people might pay heed and feel that the threat is real and about to happen to them. And that, with help from the various technology industries involved, might make everyone conscious of the problem and more secure in their digital lives.