Risks and challenges
in cybersecurity
Internet is an opportunity to improve the quality of life of people.
However, cybersecurity is a pending challenge in Peru.
Each day, at least four peruvians are victims of a cyber attack. The Police's High Technology Crime Investigation Division (Divindat) revealed 30 and 35 attacks are reported every week.
In 2019, cyber crime will cost businesses over $2 trillion, according to Juniper Research. And Ginni Rometty, CEO of IBM, said that cyber crime is the greatest threat to every company in the world. Cyber attacks figure as high as $500 billion and more, according to BSA | The Software Alliance.
In Peru, this digit is not insignificant: $4 billion are lost each year, said Digiware. According to Peruvian police, each week between 30 to 35 cyber attacks are reported. So Police register 120 cyber crime cases each month. Of those, more than 50% of cases are for electronic fraud, 20% for child pornography and 10% for phishing.
On May 17th, the World celebrated Internet Day. In that context, What are the opportunities and challenges facing cybercrime?
IADB study alerted that Peru has made outstanding efforts but still presents "the absence of a strategy and a clear chain of command continues to impede the strengthening of cybersecurity".
Quick actions are needed: only in May, Peru was victim of two worldwide cyber attacks. First case was detected in early month. Peruvian companies were infected with ransomware. On May 12th, Kaspersky Lab registered 45,000 attacks in 74 countries. In just three days, the amount growed to 200,000. In Latin America, Mexico, Brazil, Ecuador, Colombia and Chile were the most affected.
Wanna Cry is the new ISIS, said Dmitry Bestuzhev, Director of Kaspersky Lab's Global Research and Analysis Team in Latin America. He said to Andina news agency that "dozens of Peruvian companies" were victims. "This will serve as a precedent for changing the international fight against cybercrime. Whether governments agree or not between them, these cyber attacks of global scope will cause team work, " he warned. The worst thing is that users and companies paid to secure their information. In three days, cybercriminals collected $62,000 in 230 transactions. The picture is still dangerous: two updates of ransomware are online.
Nadie se percató d q antes del #WannaCry , una semana atrás el #doublepulsar fue usado en LatAm para lanzar el #Cryptoff y fue en Perú
— Dmitry Bestuzhev (@dimitribest) 13 de mayo de 2017
Peru plans to create an ICT vice-ministry in the Ministry of Transport and Communications's portafolio to integrate technology initiatives. One priority will be cybersecurity.
Vice-Minister of Communications, Carlos Valdez, assured in an interview with Andina news agency that ICT vice-ministry will execute technology projects in Education and Health. "(Cybersecurity) is an issue that is on the agenda and is related to ICT," he said.
ITC vice-ministry will link technology projects for citizens. Nowadays, this legal inniciative is in evaluation. The objective will be to improve the quality of life of citizens with online services and promote digital culture and digital literacy.
Another goal is to promote Internet access. The gap is still high: only 7% of households have fixed Internet access nationwide. The target for 2020 is to reach 14%.
“"We must be aware that it is not just about bringing connectivity, there is a challenge of content that we must face. That is why digital literacy must be one of the strategic pillars of our ICT development," says Victor Jauregui, Commercial Director of Optical Networks.
Digital literacy will follow the promotion of creating content in Spanish because most visited pages on the Internet are written in English.
"It also requires that state enterprises establish a reasonable schedule for migration to a new Internet protocol in the country," he said. Nowadays, Peru used IPV4. Next step is IPv6 in order to follow trends such as Internet of Things (IoT).
How are we going to tackle the problems created in the age of technology? The answer, paradoxically, is usually "with more technology".
In the near future, as computer systems become more sophisticated (thanks to artificial intelligence), social engineering attacks will also become increasingly automated and equally sophisticated. In 2017, Roman V. Yampolskiy, research professor at the University of Louisville, estimated that cyber attacks will increase and create an explosion of network penetration, theft of personal data and the spread of smart computer viruses at the epidemic level.
Experts say cloud and ICT help fight cybercrime. But for this strategy, competitiveness in connectivity is the first step.
Peru's mobile internet is the fastest (10 Mbps) in Latin America, according to Open Signal. Below are Mexico, Uruguay, Chile, Brazil and Colombia. However Uruguay, Argentina, Chile, Brazil and Costa Rica have a higher level of penetration of the 4G network (LTE Internet connection) than Peru, according to 5G Americas.
On the other hand, the internet is also an opportunity for national competitiveness. The Peruvian technology industry closed in 2016 at US $ 3.87 billion, according to Apesoft. In 2017, the guild expects a growth of 5.3%. According to the Optical Network, cybersecurity boosts corporate productivity and transactions by 30%.
The objective for the Bicentennial of the Republic (in 2021) is that the fiber optic network be extended at national level with connection ramifications. "The goal is that 1,519 districts of the country's 1,873 districts have high-speed internet connections. We are accelerating the schedule by 2020," Valdez said
Al respecto, Iván Chumo, especialista en Telecomunicaciones y Gerente General de Optical Networks, declaró a la Agencia Andina que el viceministerio TIC pondrá al país en vanguardia regional con un plan a mediano y largo plazo, y el despliegue de la red de fibra óptica.
What are the most frequent cyber crimes in the world? The advertising trojan was the most widespread in 2016, according to the Kaspersky Lab study. Of the top 20 malware, 16 were of this type. These Trojans can even purchase apps in the Google Play store. More than 305,000 users in 164 countries were attacked by Trojans in order to conduct illegal mobile banking transactions. Russia, Australia and Ukraine were the three main countries affected compared to the total number of users affected by mobile malware.
Do you know what Trojans, ransomware, computer viruses and other malicious code are? In this interactive, you will find out:
In Peru, Eset points out that malware infection, phishing cases, and the lack of availability of critical services are the most frequent computer crimes in companies.
Meanwhile, according to Kaspersky Lab, 42% of Peruvian users suffered an attempted malware attack. The view is disturbing: Peru ranks second in Latin America below Brazil. Infections increased by 74% in the last half of 2015.
According to EY Peru, theft of confidential information adds to malware attacks.
The Peruvian police registers between 30 and 35 reports of cyber crimes. 120 cases per month. Of the total, more than 50% of cases are of electronic fraud; 20% for child pornography and 10% for phishing.
“Divindat carries out a research work on cyber crimes. But the citizens do not denounce. Reporting is not part of their digital culture, "said Dividant agent Manuel Guerrero to Andina news agency.
Elder Cama, EY Perú consultant, said that the best way to fight againt cyber crime is anticipating their attacks. "The first step in protecting a company from a cyber attack is to know what it is that you want to protect. The critical assets here are: intellectual property, personal information, financial data along with strategies, performance and transactions, "he adds.
He also says that the company must make a balance between cost, risk and value to analyze the best way to be protected against cyber risk.
The truth is that cybercriminals used to make public and massive attacks and now make silent and targeted threats for economic purposes. “The use of malware and social engineering is increasing, meanwhile cases in mobiles and social media are the new targets of cyber crime," said Oscar Aviles, CEO of Secure Soft.
According to Microsoft, malware affects more common users than companies because they do not have security managers. However, Aviles said that when the victims are selected by the cybercriminals. This is called targeted attacks.
Cybercriminals handle various modalities in accordance with the advancement of technology, said Camilo Gutiérrez Amaya, head of the Research Laboratory of Eset Latin America. “Cyber criminals use simple e-mail campaigns supplanting the identity of a company , taking advantage of different techniques of social engineering or malicious code that compromise the security of the device ", explains Gutiérrez .
Botnets are threats that perform automated tasks over the Internet, usually simple functions that require some repetition. Cybercriminals in Peru use botnets to distribute spam or download malware.
In addition, 82% of malware seeks data theft, according to Kaspersky Lab. "The remaining percentage belongs to Adware applications that are installed on toolbars, and shows unwanted advertising. Dmitry Bestuzhev, Director of Kaspersky Lab's Global Research and Analysis Team in Latin America, said this type of malicious code usually is not blocked by Antivirus softwares.
Cyber criminals uses emails in order to send Banking trojan (57%) and ransomware (27%), that blocks access to the mobile or computer. Then, cyber criminal asks for money ($ 300 or more) to restore access to all files.
There is also a strong connection between cybera ttacks and illegal software. According to Business Software Alliance, the average piracy in Latin America is 55%, reaching $ 5.78 billion.
According to The Global Economic Crime Survey, in 2016, cybercrime became the second economic crime most reported in the world.
Electronic fraud in Peru comes from Peruvian cybercriminals. Police have recognized a clear profile: young men with high technological knowledge. 30% are women. In recent months it has been detected that cybercriminals residing in Lima act in complicity with provincial citizens, mainly from Loreto.
"We have detected cybercriminals with registered address in Iquitos (Loreto). But they live in Lima. They have not changed their addresses to delay the investigation and their capture, " said Divindat agent Manuel Guerrero..
Worldwide, 50% cyber criminals works in six-people groups. 76% are guys, from 14-year-old(8%) a to 50-year-old(11%). The average is 35-year-old (43%).
According to Digiware, 50% of cybercriminals are spreading cyber attacks six months ago, and 25% has more time in this illegal world. Most of their activity is registered in North America and South America, with 19% of the total attacks generated worldwide.
Another form of cyber crime in growth is ransomware, used to extort victims. There are at least two types, explains Gutiérrez: the screen locking ransomware that prevents access to the equipment; And cryptographic ransomware, which encrypts the hosted information. Cybercriminal demands money to restore access to data. In most cases, the attack affects only certain files: office documents such as texts, spreadsheets, slides, images and emails.
In the last three months, the Peruvian police records one to three cases of ransomware every 30 days.. In 2016, 153,258 uniques users of 167 countries were victims of ransomware, 1.6 times more than in 2015, according to Kaspersky Lab. And mobile attacks continue to grow (260,000 detections).
Cybercriminals seize information in order to request an economic bailout. "In many cases they ask for three bitcoins (a virtual currency) that are difficult to trace because they use bank accounts abroad," explains Peruvian police agent Manuel Guerrero. Each bitcoin has an estimated commercial value of almost 6,000 PEN (more than $ 2,500).
Guerrero said the victims are both users and businesses. In all cases, the ransomware attack is from abroad. In China, these cases were identified for the first time in 2014, according to Eset. Most attackers reside in China, Europe or Russia.
Kaspersky Lab warned that one in five SMEs who paid the rescue for the information failed to recover their data. Experts agree that you should not pay to cyber criminals. Peruvian police agent Manuel Guerrero recomends to backup your information.
In the first days of May, cyber criminals attacks worldwide. More then ten Peruvian companies were affected. At least 75 countries registered victims. Dmitry Bestuzhev of Kaspersky Lab said to Andina news agency that one Peruvian bank is in the list of victims.
The first problem in cyber security is the lack of digital culture. Companies, users do not prevent. 71% of companies admit to being victims of a cyber attack. Losses in cyber crime reach US $ 400 billion per year worldwide, according to BSA | The Software Alliance.
Deloitte said that 61% of businessman identifies cybersecurity as important for business success but only 10% of CIOs report IT risk management as the top item on their to-do list.
Also: the regulations could improve. The IDB and OAS report reveals that "the absence of a clear strategy and chain of command continues to impede the strengthening of cybersecurity" in Peru./p>
Alejandro Morales, lawyer from Torres y Torres Lara Abogados, said that Peruvian legislation remains weak. In Peru, there are standards to safeguard personal data and sensitive information found in automated systems. But it is not enough.
"Many of the successful cases that exist abroad are born of legislation that empowers the police to combat cybercrime, and establish a national cybersecurity strategy," Morales said.
Manuel Guerrero, Divindat agent, said that law could be better. For example, Peruvian police should not need a judicial document to check IP Adress from victims and cyber criminals. Investigation is extended because Judge needs to analyze the case.
Another problem and limitation is lack of international agreements to request information. Peru has not joined the Budapest Convention, which is an international cooperation treaty on cybercrime.
Carmen Zegarra, lawyer at Microsoft's Digital Crimes Unit in Peru, told Andina news agency that this agreement "will help harmonize laws and promote better cross-border cooperation. Such international co-ordination and cooperation will help to eliminate the shelters of cybercriminals and minimize risks.
In 2016, Peru sent 55 data requests about 131 Facebook users. Just over 50% were attended by Facebook. There were also two emergencies cases between July and December that were not answered, according to Facebook's transparency report. Peruvian gov do not request information about Twitter users.
"The ransomware cases have origin abroad. We must request information from international domain operators to continue the investigation and many times the response is delayed, " said Peruvian agent Manuel Guerrero.
Also he said that ransomware investigations are solved in six months, but with this problem, the delay could be higher.
"Specialized prosecutors are also needed. These offices already exist in Argentina, Spain, Italy and other countries, "he said.
In this sense, Microsoft lawyer said that goverments could exchange information with companies and Police offices.
For last, Peruvian police needs to deal with lack of software or software license for investigation.
"Peru not only needs laws, also technological resources to be able to fight efficiently against highly sophisticated crimes," added laywer Alejandro Morales.
The ICT vice-minister will change this scenario by placing cybersecurity on the Peruvian agenda. The bill will be presented soon to the Peruvian congress.
Published: May 15th, 2017 (Last update: 13/08/2017 10:25 a.m.)