SINGAPORE – Cybercrime and fraud are expected to be more rampant than in previous years, said two senior figures from cyber-security company Palo Alto Networks.
Among the threats, business e-mail compromise (BEC) and ransomware attacks remain high on the global watch list.
BEC, a sophisticated scam that targets both businesses and individuals performing legitimate transfer-of-funds requests, remains the most common and most costly threat facing organisations globally, said Ms Wendi Whitmore, Palo Alto Network’s Unit 42 senior vice-president.
Unit 42 is a team within Palo Alto which identifies new threats, analyses them and looks for correlations based on the data it receives.
Ms Whitmore said: “We see (criminal) organisations where you’ve got a member in Nigeria that’s closely communicating (on the Dark Web) with someone in Eastern Europe and maybe communicating closely with someone in Asia.
“I think that as the economy continues to have more challenges, we’re going to see even more of that level of interconnectivity.”
BEC continues to hold the top spot for the sixth year running on the 2021 FBI Internet Crime Complaint Centre (IC3) report. Global losses have skyrocketed from $360 million in 2016 to $2.3 billion in 2021.
In Singapore, 93 victims lost about $56.2 million to BEC scams in the first three months of 2022, the police said in July.
Mr Vicky Ray, a principal researcher at Unit 42, studies data and telemetry behind such global attacks. He acknowledged that the Dark Web has become a breeding ground for cybercrime.
Unlike the Internet, where the general public can openly search for information or participate on forums, the Dark Web requires a special browser and known URL to gain entry. Some Dark Web forums require a new member to be vouched by a known party.
According to Palo Alto, the proliferation of Darknet markets in Asia has allowed cyber criminals to operate without much concern of getting caught due to the anonymity provided by the platform.
Mr Ray told ST: “It’s hard, but at the end of the day, it is our job to connect these dots together to really answer… the hard question of who may be behind it (a cyber attack) or what the motivation is.”