News & Trends

Title: Why developed countries are more vulnerable to cybercrime



Author: Lance Whitney


Date: 27.05.2020



Any person, organization, or country can be a victim of cybercrime, but some people and places are more susceptible than others. Released on Wednesday, NordVPN's Cyber Risk Index explains why certain countries and regions are higher-risk targets for cybercriminals.


Looking at 50 different countries across the world, NordVPN found that people in developed nations are more likely to become victims of cybercrime. In its research, the company cited four reasons why: 

  1. Higher-income economies
  2. More advanced technological infrastructure
  3. Greater urbanization
  4. Greater digitalization 

Plus, greater mobility combined with a higher overall crime rate increases the cyber risk.

However, the report also ranked countries on specific factors, such as urban population, average wage, internet penetration, smartphone penetration, public Wi-Fi availability, Facebook penetration, and Instagram penetration.

Among the countries at the greatest risk, Iceland was at the top, followed by Sweden, the United Arab Emirates, Norway, and the United States. Sweden took top place because it was highest among all analyzed countries in internet, smartphone, and Instagram penetration. It also came in second on Facebook penetration, third in urban population, and second in highest average month wage.

"Cybercriminals don't look for victims, they look for opportunities--much like pickpockets in crowded places," Daniel Markuson, a digital privacy expert at NordVPN, said in a press release. "Spend enough time in a packed bus, and a pickpocket will 'accidentally' bump into you. Same story online. Your cyber risk increases with every extra hour online."

Comparing two countries, namely the United States and the United Kingdom, found that both were in the top ten for cyber risk. But the US was fifth, while the UK was tenth. Both nations share certain risk factors, such as urbanization level, percentage of people using Facebook or Instagram, and crime index. But, the US is at a greater risk for cybercrime due to a higher monthly average wage, higher density of public Wi-Fi, and greater use of smartphones.

Looking at the data by continent, Northern Europe was ranked as the most dangerous region for cybercrime, with North America a close second. In both regions, more than 9 out of 10 people use the internet, 8 out of 10 shop online, and 7 out of 10 use Facebook--all factors that lead to higher exposure to cyberthreats.

Among the countries at the lowest risk, India was considered the safest, followed by Nigeria, Iraq, Indonesia, and South Africa. India grabbed its spot because only one in three people there use the internet, fewer than one in four use smartphones, only around 6% use Instagram, and only 34% of the population live in urban areas.

NordVPN developed its Cyber Risk Index with business data provider Statista in three separate stages. First, Statista collected socio-economic, digital, cyber, and crime data from 50 selected countries.

Second, NordVPN analyzed the data's positive and negative impact on cyber risk and calculated the correlation between the first three data sets (socio-economic, digital, cyber) and the fourth (crime).

Third, NordVPN trimmed the data down to the 14 most significant factors, specifically urban population, monthly average wage, tourism, internet penetration, smartphone penetration, time spent on the internet, e-commerce penetration, online games penetration, video-on-demand penetration, public Wi-Fi availability, Facebook penetration, Instagram penetration, crime index, and global cybersecurity index. The company used those factors to create the index and then ranked the 50 countries according to their cyber risk.



Title: FBI flooded with pandemic cybercrime complaints

Author: Politico

Date: 17.04.2020


RISING TIDE OF CYBER SCAMS — The coronavirus pandemic has sparked a massive increase in the number of cybercrime complaints flowing into the FBI these days, a bureau official said Thursday. The agency’s Internet Crime Complaint Center, which typically received 1,000 complaints per day before the pandemic, is now receiving 3,000 to 4,000 per day, according to Tonya Ugoretz, a deputy assistant director of the FBI’s Cyber Division. “Not all of those are COVID-related,” she said during an Aspen Institute webinar, “but a good number of those are.”

Coronavirus-related schemes “really run the gamut,” said Ugoretz, who cited domain names spoofing personal protective equipment vendors and phishing emails promising government checks or private loans. The FBI has also “seen people set up fraudulent COVID charities” or “promise delivery of masks and other equipment and then not deliver,” she said. When the pandemic first began, she added, “there was this brief shining moment” when officials thought that exploiting the crisis “might be beyond the pale” for criminals. “Sadly, that has not been the case.” Ugoretz also discussed how nation-states have been hacking U.S. health care organizations involved in virus research.

The webinar also included a presentation by Marc Rogers, co-founder of the COVID-19 Cyber Threat Intelligence League, a volunteer coalition of cyber experts who fight back against hackers. The group’s roughly 1,400 members have taken down nearly 3,000 malicious virus-related domains as of April 14, said Rogers, including sites impersonating the World Health Organization, the United Nations and the CDC. The group has also used open-source platforms like Shodan to find more than 2,000 vulnerabilities in “high risk” health care organizations, including 22 remote code execution flaws.

Rogers’ cybersecurity group has been careful not to recruit volunteers from countries under U.S. sanctions, a choice that he said provoked “a very heated discussion.” “We see this as a humanitarian project, but in order for us to have the deep collaboration we have with government and law enforcement, we have to … be careful about how we walk that line,” he said. “Trust and the ability to share information is critical to the success of this project.” The group’s apolitical defensive activities will still end up helping innocent people in blacklisted countries, he noted. “By doing that, I think we can protect the whole world.”

CMMC & COVID-19 — The coronavirus pandemic is unlikely to disrupt the rollout of the Pentagon’s new digital security standards, a senior official said Thursday. “I don’t think it’s going to be impactful to the schedule” for implementing the Cybersecurity Maturity Model Certification, Katie Arrington, the CISO to the undersecretary for acquisition and sustainment, said during a Bloomberg webinar Thursday. “Maybe we’ll have a two-, three-week slip on actually doing the first audits, the pathfinders, but nothing that’s significant,” she added. Arrington said she is working with the nonprofit board that oversees training of third-party auditors, as some of that education “has to be done in person.”

DoD will begin putting the CMMC level requirements as language in select contracts this year, with the goal of implementing the cyber standards throughout the entire acquisition community by 2025. “The model and all of that is on track,” according to Arrington. “We really haven’t slowed down because a lot … was able to be done from teleworking capability. We’re waiting to see what happens.”

TECH GROUPS SUGGEST CYBER COVID-19 SPENDING — The next coronavirus legislative package should include funding to boost cybersecurity for the remote workforce, such as money for training IT executives and upgrades for VPNs, a coalition of tech groups said in a list of principles released Thursday. The groups — the Information Technology Industry Council, Alliance for Digital Innovation, the Computing Technology Industry Association, the Center for Procurement Advocacy, Internet Association and the Cybersecurity Coalition — sent their ideas to congressional leaders and the Office of Management and Budget.

The last package “did not specifically address the potential cybersecurity needs of a remote workforce,” the groups wrote. Other recommendations include additional dollars for the Technology Modernization Fund to upgrade aging and insecure federal agency IT, the General Services Administration’s Federal Risk and Authorization Management Program that certifies software for federal agency use and the Trusted Internet Connections 3.0 policy that ensures agencies secure data and networks through protected connections.

GONNA GO AHEAD AND CALL THAT ‘A LOT’ — Google said that it saw 18 million daily malware and phishing emails related to Covid-19 last week. It also said in the same blog post on Thursday that it saw 240 million daily spam emails related to the virus. The company boasted that it is blocking 99.9 percent of spam, phishing and malware from its users. “We have put proactive monitoring in place for COVID-19-related malware and phishing across our systems and workflows,” company officials wrote. “In many cases, these threats are not new — rather, they’re existing malware campaigns that have simply been updated to exploit the heightened attention on COVID-19.”

THIRD TIME’S THE CHARM — CISA re-upped an alert on Thursday about attacks on Pulse VPN servers and offered new detection methods, including a tool the agency created. “CISA has conducted multiple incident response engagements at U.S. Government and commercial entities where malicious cyber threat actors have exploited” the vulnerability “to gain access to victim networks,” the latest of three alerts on the subject reads. Despite a patch issued last April, “CISA has observed incidents where compromised Active Directory credentials were used months after the victim organization patched their VPN appliance.”

WILL THE U.S. BE NO. 1? — The Harvard Kennedy School Belfer Center for Science and International Affairs this summer will release an index of 30 prominent countries that matches the nations’ objectives with their capabilities. “The Belfer Cyber Power Index reconceptualizes the notion of ‘cyber power’ at the country-level to reflect the different objective(s) that each country is pursuing — demonstrated through national strategies, rhetoric and action — and their ability to achieve these objectives,”


Title: Cyber crime gang targets victims in ‘sextortion’ scam


Author: The Scotsman


Date: 15.04.2020




The public are being warned against a new ‘sextortion’ scam that already has almost 100 victims.

A con email claims footage will be posted online of the victim watching pornography unless they pay a ransom using bitcoin.

There were 16 extortion reports made to Police Scotland overnight on April, with the number rising to 96 by Tuesday.

Detective Inspector Michael McCullagh, of cybercrime investigations, said: “These type of scams aren’t unusual, however, this particular suspect or group has used a similar method and wording in every email and in greater numbers than we normally see.

"The emails show current or legacy passwords belonging to the victim, making the threat seem credible. This is a tactic used by criminals to alarm potential victims"

Title: Report: Majority of New Zealanders exposed to cyber crime


Author: IT Brief New Zealand


Date: 05.04.2020




More than a third of Kiwis have experienced a cyber crime incident in the past 12 months, according to new research. 

The NortonLifeLock Cyber Safety Insights Report found 1.2 million New Zealanders (36%) are estimated to have experienced cyber crime in 2019. On top of that, almost 5.4 million hours or an average of 4.3 hours per victim were spent resolving issues created by the crime.

Close to a third of New Zealand cyber crime victims (30%) were impacted financially with an estimated loss of NZ$108 million in the past year, the report found.

According to the research, one in six New Zealand adults have experienced identity theft. More than 605,000 New Zealand adults (17%) experienced identity theft, with 5% impacted in 2019. ore than half of Kiwis (56%), whether they have experienced identity theft or not, said they very worried that their identity will be stolen.

Fifty percent of respondents to the research said they felt they are well-protected against ID theft occurring, however two thirds (67%) said they would have no idea what to do if their identity were stolen, while and 85% wish they had more information on what to do if their identity were stolen.

"What we are seeing is New Zealanders who have historically taken a 'she'll be right attitude' are increasingly aware of the chance of identity theft, but don't know what to do if it does happen, and they're desperate for more information," comments Mark Gorrie, territory manager and cyber security expert, APJ, NortonLifeLock. 

The report found that distrust among New Zealand consumers towards social media providers outpaced the global average (54% do not trust at all vs. 43% global average). However, compared to those in other markets, more New Zealand respondents trust healthcare providers (94% trust a lot/a little vs. 89% global average) and the government (84% trust a lot/a little vs. 72% global average) when it comes to managing and protecting personal information.  

 Less than half of New Zealand consumers give credit to companies (40%) or the government (46%) for doing enough when it comes to data privacy and protection, the report says. And, almost half (46%) believe that New Zealand is behind most other countries when it comes to data privacy laws.

"Once the Privacy Bill comes into force, New Zealanders may begin to feel differently," says Gorrie.

"Once enacted, the Privacy Bill should put the onus on businesses to ensure they're keeping personal information safe and secure".

 Under the proposed new regulations, New Zealand businesses must report serious data breaches to the Office of the Privacy Commissioner. Businesses also must provide the personal information held on an individual back to that individual if they ask for it. 

"An important part of the bill requires overseas service providers, like social media or cloud software companies, to also comply with the new laws," Gorrie adds.

 The report found New Zealanders are split on who should be held most responsible for ensuring personal information and data privacy are protected. Nearly 4 in 10 (38%) believe the government should be held most responsible, while one-third (33%) put the burden on companies, followed closely by individual consumers (29%)  who should be protecting their own data privacy by reading the policies and ensuring their personal information is shared only with companies they trust.  

 The majority of New Zealand adults (86%) believe consumers should always read companies privacy policies in full but a mere 2% report always doing so themselves, the report shows. Only 9% say they do it often. In fact, New Zealanders are among the most likely to rarely/never read privacy policies (56% vs. 47% global average).

According to the research, most of the New Zealanders who do not always read privacy policies in full say its because they are too confusing (80% vs. 735 global average), and they feel they have no choice but to accept the policies in order to use the app or service (86% vs. 78% global average). And 9 out of 10 (89%) say that they would be more willing to read privacy policies if they were given choices about how their personal information could or couldn't be used; this is even more persuasive for adults in New Zealand than many other markets (82% global average).

 As security measures in public spaces increase, facial recognition technology is becoming more common place, according to the report. New Zealand consumers are among the most familiar with facial recognition (64% vs. 52% global average), second only to India (70%) and on par with the United States (64%). 

Despite familiarity with the technology, skepticism remains. The majority of New Zealand consumers (66%) believe facial recognition will be abused or misused in the next year above the global average of 62%. 

The report suggests New Zealanders overwhelmingly believe businesses (93%) and the government (92%) should be required to inform and report where or when they are using facial recognition well above the global averages (87 and 86% respectively). Specifically, the top concern among New Zealand consumers when it comes to facial recognition is the ability for cyber criminals to access and/or manipulate their facial recognition data and steal their identity (41%). 

"The NortonLifeLock Cyber Safety Insights Report brings to light the trends we've been seeing in New Zealand over the past year," Gorrie says. 

"People are becoming more aware of their presence online and the value of their personal data. It's not enough to simply have anti-virus software installed on a laptop anymore. It's critical that any cyber security plan designed to protect you and your family is comprehensive," he says.