Original article (in Croatian) was published on 23/02/2022
Damage worth 4,799,195 HRK was recorded in 2019, 40,125,656 HRK in 2020, and 77,816,990 HRK last year.
At the beginning of February, one company from the Slavonski Brod area lost several hundred thousand kunas. They were victims of the so-called BEC (Business E-mail Compromise) scams – an unknown person intercepted their electronic communication with a business partner, a company from Turkey, which ultimately cost them several hundred thousand kunas. We could also read about the hacker attack on A1, when a minor hacker asked that teleoperator to pay him half a million US dollars or he would sell the compromised user data on the dark web.
Given the frequent news about various scams, the importance of security on the Internet, and cybercrime becoming an increasing problem, we sent an inquiry to the Ministry of Interior. We were interested to know how much material damage was caused by these types of crimes and how much increase has been recorded in the past few years.
The data on the damage we received from the Ministry of Interior testify to the level of the problem. Material damages for all criminal offenses from the Chapter of Criminal Offenses against Computer Systems, Programs and Data of the Criminal Code recorded a large increase – damages worth 7,350,262.00 HRK were recorded in 2018, 4,799,195, 00 HRK in 2019, 40,125,656.00 HRK in 2020, and as much as 77,816,990.00 HRK last year.
In 2021, according to preliminary data from the Ministry of Interior, a total of 1,563 cybercrime offenses were recorded.
65 percent of cases resolved
According to the Ministry of Interior’s publication Covid and crime in 2020, 1,188 cybercrime crimes were reported in 2020, which is a decrease of 59.5% compared to 2019, when 2,930 such crimes were reported. However, this is not about crime rates falling down, but as the Ministry of Interior explains in the publication, in 2020, the statistical presentation of cybercrime offenses was harmonized with the provision of the Criminal Code on Prolonged Criminal Offenses. Namely, the said provision stipulates that the perpetrator’s conduct, although it consists of several separate acts, is not treated statistically as several offenses but as one extended offense, because it is the commission of the same criminal offenses. 65 percent of cases were resolved, and one perpetrator committed an average of 5.5 acts.
In 2020, all three main forms of cyberattacks (cryptolocker ransomware, DDoS and Internet fraud) were recorded and remain the dominant threats.
Covid-19 crisis exacerbated the problem
In addition to the health crisis, the Covid-19 also brought problems in the cyber field – it has led to an increased number of security incidents and attacks.
Kresimir Filla, a security expert from Combis, confirms for Faktograf that cybercrime has been on the rise for years. The main motive is money, says Filla, and he expects further growth of this type of crime.
He also explains why: “One of the main reasons for the increase is the drastically changed way of working in companies where, with the possibility of working from home, the area for attacking them has been expanded. In order to allow uninterrupted work for the remote workforce, many companies have relaxed security measures so that business can continue uninterrupted, thus further increasing vulnerability to attacks. In addition, last year was marked by a large number of critical vulnerabilities in the software products of the world’s largest companies, which criminals also capitalized on. In addition, due to the accelerated digitalization, the complexity of IT systems is growing rapidly, which is difficult to follow from a security perspective”.
Filla adds that there is a shortage of cybersecurity experts globally, and another issue that contributes to the problem is when companies (private and public) do not have adequate budgets to recruit and retain security professionals, which makes it “much easier to compromise these companies so criminal groups are definitely taking advantage”.
Vlatko Kosturjak, CTO in Divert, says he does not see that the trend of increasing cybercrime will decrease in the future.
“More and more people are being digitized, including criminals. Simply, everyone follows trends, and crime is no exception. Due to a lack of knowledge and experience, newcomers to the digital world are easy targets and criminals simply take advantage of what is offered. Sometimes it is difficult for us professionals to recognize a fraud or a more sophisticated attack at first sight. On the other hand, the digital space and the population that uses that digital space is on the rise, so it is difficult to expect a decline in this type of crime”, he says.
From the national CERT, CARNET’s bodies, whose task is to process computer security incidents in the Republic of Croatia, state that the number of computer security incidents they process “varies from month to month, and it is not possible to unambiguously determine whether the trend is rising or falling. For example, in December 2021, 75 incidents were processed, compared to the previous month when 126 incidents were processed, which can be attributed to the holidays, i.e., a smaller number of incident reports at that time”.
The largest increase in incidents at the beginning of the pandemic
Although the transformation of the business to remote and online work has greatly affected the growth of cybercrime, Filla notes that investing in security products makes it easier for companies to detect attacks, resulting in perceptions of an increase in this type of attack. “Unfortunately, a good portion of attacks are still detected when it’s too late, because purchasing security products is not the only thing that needs to be done to protect companies, and individuals, from cyberattacks”, adds Filla.
CERT’s officials state a similar thing. They recorded an increase in computer security incidents during the pandemic and those related to Covid-19 topics, such as phishing campaigns that lead users to disclose sensitive data using topics such as the latest statistics. “The largest increase in such incidents was recorded at the very beginning of the pandemic, i.e., in March and April 2020, to which users were warned in a timely manner. In 2020, more incidents were processed than in 2021, which we can certainly link to a pandemic. In addition to the already mentioned phishing campaigns, the risk of computer security incidents due to working from home has increased”, CERT told Faktograf.
According to the CERT report for 2020, a total of 1,710 reports were received and processed during the same year, which can be classified as computer security incidents under the jurisdiction of the National CERT. The leading types of incidents are phishing URLs, phishing and password guessing.
“The pandemic has increased vulnerability to computer security incidents mostly due to working from home. Organizations were forced to act quickly and organize remote work. Unfortunately, most of them were not ready for this and did not have enough time to strengthen the system. The attackers focused on exploiting vulnerabilities and VPN systems, as was the case with more serious attacks such as attacks on SolarWinds and Microsoft Exchange. It is important to note that in addition to technical protections, users’ awareness of threats coming from the Internet is also important”, added CERT.
Kosturjak says that Covid-19 caused accelerated digitalization, where “services and applications that were until recently behind closed doors, i.e., firewalls, were exposed literally overnight. Without additional security checks and security controls, such systems simply allure attackers”. Kosturnjak believes that now is the “high time to check or test such systems and to move to a systematic approach to the exposure of services and applications. This includes active security oversight even after implementation”.
Filla points out that awareness is growing about the problems of cyber security and cybercrime problems, but “not for a reason it should be and not at the pace it should be”. The main triggers are usually cases of compromise and attacks on companies.
What awaits us?
This problem, which was strengthened by the Covid-19 crisis, will not disappear after the crisis ends, the Ministry of Interior warns.
Filla expects the trend of attacks on companies with extortion techniques to continue, primarily attacks with extortion code (ransomware) and threats of publishing stolen data in the event of non-payment of ransom. He also expects intrusions through the supply chain and compromising the insufficiently protected cloud environments, which is one of the most relevant methods of attacking companies. In addition, attacks on Internet of Things (IoT) devices will be more popular.
Cybercrime will also be used in geopolitical conflicts, so Filla says that one can expect “an increase in attacks on critical infrastructure and an increased number of attacks on state institutions”.
“Lack of manpower in the field of cyber security will be one of the main problems that companies will continue to face, and with the increased adoption of cryptocurrencies, I expect an increase in attacks on individuals, and normally, the trend of identity theft”, he claims.
Filla describes the level of cyber security in Croatia as ‘mediocre’. The overall rate is made higher by the financial sector, which has recognized the importance of security solutions.
“With the increase in cybercrime and as a result of increased awareness of cyberattacks in the past, companies in all verticals are showing increasing interest in the implementation of security systems in their business processes, but they are also facing a lack of manpower and expertise to establish and maintain security at the level necessary to prevent and detect cyberattacks in time and to respond to them adequately”, points out the security expert from Combis.
In practice, Kosturjak sees a big difference between regulated and unregulated industries. “Simply put, the areas and industries that are regulated show a certain maturity, while the correct approach or commitment to this topic with unregulated ones is more of an exception. The same goes for the investment. Those who have to, invest more because they are regulated”, he says, adding that security is perceived more as a cost and less as an investment.
He also points out that there are more and more serious security incidents in our country, but there are even more incidents, and they are more serious, in our neighborhood. Therefore, one can expect this trend to appear here as well. He believes that we should work on prevention but also be prepared for more severe incidents. “In short, a lot has been done on the regulatory and technical part, but there is still a lot of room for improvement. What both regulated and unregulated industries lack is an active approach to defense and information security. The sooner we start, the smaller the gap will be, because security is a continuous process and needs to be worked on and improved on a daily basis. That means continuously educating people, improving technology and processes, because we can very quickly become archaic, that is, useless”, concludes Kosturjak.