International cooperation is needed to combat cybercrime, especially state-sponsored cyberattacks, according to Mary Jo Schrade, Assistant-General Counsel, Regional Lead, Microsoft Digital Crimes Unit Asia.
In an interview to BusinessLine, Schrade detailed the efforts of Microsoft’s Digital Crimes Unit (DCU) in mitigating various cyberthreats, along with emerging trends in the overall cybersecurity landscape. Excerpts:
What are your thoughts on state-sponsored cyberattacks, especially on critical health infrastructure? What can be done from a stakeholders' perspective to prevent such attacks?
Early on during the Covid outbreak, we saw attacks on hospitals and other first responders.
One of the types of state-sponsored attacks is attacks on the research companies working on a Covid vaccine. These attacks are intended to either steal information or stop them from progressing to benefit some other company.
Governments need to hold other governments accountable for these attacks. And number one is attribution, which is calling them out publicly, when they are engaged in an attack, to say which country is behind it once that has been determined.
Having the governments collaborate and share information on cybercrime is also really important.
An international legal framework could help as well. What's needed is international cooperation, so that there's no place for cybercriminals to hide. No one country can do it for itself. It requires cooperation, coordination, and a high volume of countries participating in it.
Covid-19 themed cybercrimes are on the rise. Do you think Covid-related scams and fraud are likely to continue into the next year and continue to increase?
I think that cybercriminals will shift their tactics but continue their activity. They will shift to different lures. Once we all get vaccinated, and there's not the same fear about Covid or the same questions that people have about what the government is doing about Covid, they will shift to the next news cycle and leverage that. They will leverage whatever people are worried about or concerned about, to try to get them to click on links or to open attachments in order to spread cybercrime.
What is an emerging trend in cybercrime that is going to be significant moving forward?
One of the things that we've seen more of is the use of ransomware. And we see it happening in phases. What we see happening is cybercriminals starting out with a broad rush of just infecting as many computers as possible, then going back and looking more closely at which ones are businesses, and among those, which ones appear to be the most vulnerable, or most likely to need to pay ransomware in order to keep going.
When they (cybercriminals) go into something like ransomware, what they really want is you to pay. The purpose behind that is that a business doesn't want to seem as though its platform is not secure, its website is not secure. They don't want the public to know that they've had an event or incident if they're not required legally to disclose that. So they might be more likely to pay a cybercriminal a lot of money to stop the cybercriminal from releasing the data on their customers so that their customers don't feel a loss of trust in them.
What are the cyber threats that are likely to impact cybersecurity next year in India?
Any country that has a lower uptake in terms of people patching their systems and using multi-factor authentication is going to be more vulnerable. India is more vulnerable to malware. And then once you're infected with malware, you become more vulnerable to ransomware. We also see India being more vulnerable to cryptocurrency mining, but that's again, just malware. It's just the differences. The primary reason for that vulnerability to the malware is not patching and updating.
Are you seeing an increase in cyber awareness across the globe?
It's hard to say if the message is getting through, because we still see a lot of victims, and we still see a lot of infected computers. Sometimes, we see that people's computers stay infected for years, which means they're not patching or updating. We don't see a decrease overall in the level of cybercrime. There's still the need for education because not enough people have become protected.
How can businesses streamline cybersecurity?
The same steps in connection with the cybersecurity of individuals are also applicable to businesses. Using multi-factor authentication, requiring your employees to use up-to-date versions of software, and making sure that patching happens on your servers and on the computers that your employees are using, that will be critical for a small business. Everyone should be educating employees about email hygiene and doing phishing training as well. For small businesses, they may not be able to invest a lot of time and money into these things. But there are some simple things that don't require a lot of time and money that can go a long way in protecting them.
What is the role of Microsoft DCU in mitigating cyber threats?
DCU is a group of lawyers, investigators, analysts and data scientists. Our job is basically to fight cybercrime, protect Microsoft's customers and to protect vulnerable populations that can't protect themselves. We do a number of things with our team that's based around the world, including in India. We fight tech support fraud. We also do work to protect children in connection with the distribution of child sexual abuse material. We refer those cases to law enforcement when we become aware of them. There are a number of other things that we do which includes the business email compromised cases our teams investigate.
Can you share more details about your collaboration with the Central Bureau of Investigation in India?
A few years ago, we started realising that call centre scams were affecting our customers. We set up a reporting tool online where customers can report to us if they've been the victim of this kind of call centre fraud. Over the years, we've received more than 600,000 reports from customers who were impacted.
Our investigators spent years building cases that showed what was happening and then referred the cases that were more sophisticated operations that were spread across India to CBI. They conducted a series of raids all on the same night in all these different places, against all of the companies involved, and now those cases are being pursued by the CBI. The CBI was working very closely with the United States Department of Justice on targets.