May 26th, 3:55 PM Building on the work undertaken by consortium members to develop an economic model for measuring the impact of cyber crime on non-ICT sectors, the University of Lausanne has been identifying inter-sector and common cyber security solutions. These identify opportunities for deterring and managing cyber crime range from technological solutions through to regulatory, co-operation, risk management, and awareness and trust initiatives. These possible solutions are being discussed and validated during a workshop in Lausanne. Following on from this, Warwick University will be leading the final work package to enhance sector-specific methods, tools and risk-management frameworks for managing cyber crime risk bespoke to specific business sectors.
February 8th, 5:50 PM The ECRIME consortium, led by the team at the University of Delft, have developed an economic model for measuring the economic impact of cyber crime on non-ICT sectors. This model, focuses on the opportunity costs associated with cyber crime – i.e. it measures the cost of any choice for a company/sector in terms of the next best alternative foregone. Under this approach, understanding the long term economic impact of cyber crime requires the identification of any irreversible waste of resources induced by cyber crime, as well as understanding the effect of cyber crime on the behaviour of individual economic agents and how this leads to economic inefficiencies.
April 27th, 4:00 PM Members of the E-CRIME consortium, led by the team at Tallinn University of Technology, have produced a generic script (or ‘journey’) outlining and combining the various sets of actions which a cyber attacker will pass though and choose from when developing and conducting their attacks on their targeted victims’ computer systems. Having developed this generic journey a number, a range of specific attack-journeys were mapped out covering attacks including amongst others; ‘click fraud’, installing malware, and building illegal botnets for crypto-currency mining. From the perspective of the law enforcement officials, the value of producing these journeys is that by providing a visual representation of the required actions for a crime, ‘pinch-points’ can be identified. These are certain steps in the journey which if obstructed will prevent or reduce the probability of the crime being successfully completed. By identifying these points law enforcement officials know where to best deploy their resources so as to maximise positive outputs. For the detailed break-down of these journeys please see Deliverable 2.3.
Jan 19th, 12:00 PM During today’s E-CRIME Validation Workshop in Rome, hosted by GCSEC at Poste Italiane, we networked and exchanged ideas with researchers and industry representatives on the following projects and organisations: Cyber security and innovation in Poste Italiane – ECOSSIAN, CyberROAD, FIDES and Mobile Shield; The European Electronic Crime Task Force – private/public partnership for information sharing and networking; Italian National CERT and the ACDC project; Cyber-physical threats to Critical Infrastructures – the FACIES project; Roadmapping the cyber crime – the CAMINO project; CYSPA – The European CYber Security Protection Alliance; Dealing with a cyber security teaching and research issue by an interdisciplinary approach – University of Lausanne; Modelling cyber-threats in the Airport domain – a case study from the SECONOMICS project; An electrical grid and its SCADA under cyber attacks, within the CockpitCI EU project; Supporting Intelligence Analysts – SICH Project – Semantic Illegal Content Hunter; Temporal and semantic analysis of large open sources – the SNAPSHOT.
Oct 22nd, 2:35 PM In a recently released report by Get Safe Online, 51% of Britons have experienced online crime. Additionally, figures produced by the National Fraud Intelligence Bureau (NFIB) estimate that over £670 million were lost across the UK to the top 10 internet-enabled frauds between September 2013 and August 2014.This figure, however, is considered conservative as it is based on reported frauds and a significant number of such crimes still go unreported. Two additional pieces of news came out of this report. Firstly nearly half of victims do not know who to report online crimes to. Secondly, many victims are making behavioural changes in response to their crimes, including adopting stronger passwords and being extra vigilant when shopping online.
Sep 29th, 7:45 AM “Certification schemes for cloud computing”. This report by Monica Lagazio, David Barnard-Wills, and Rowena Rodrigues of the ECRIME consortium partner Trilateral Research & Consultancy examines existing certification schemes relevant to cloud computing, focusing on benefits and challenges of such schemes as well as the identification of possible supporting actions and next steps recommendations as regards the implementation of the key action on certification of the European Cloud Computing Strategy. The report is based on research of the state of the art in cloud certification, how cloud certification schemes could enhance trust and transparency in the cloud; which elements of cloud computing could be considered for certification; challenges still affecting existing cloud certification schemes; and the role of public sector. The key findings from the research have been used to develop seven recommendations detailing possible intervention by the European Union with regards to cloud certification.
Sep 17th, 1:21 PM A recent report published by McAfee and the Center for Strategic and International Studies places the combined direct and indirect cost from cybercrime to the global economy at more than $400 billion; though estimates range from $375 – $575 billion. In doing so they highlight the reluctance of companies to come forward and admit they have been hacked; a consequence of which is the lack of data available for determining accurately the true cost of cybercrime. Additionally they acknowledge the regional variations on loss, with higher-income countries suffering higher than average losses (as a percent of GDP), and the variations in national responses. These known issues are some of those that underpin the E-CRIME project and serve to highlight its importance. For a complete copy of this report go to: http://www.mcafee.com/us/resources/reports/rp-economic-impact-cybercrime2.pdf
Sep 8th, 4:25 PM The consortium has set up the E-CRIME Stakeholder Forum (ESF) comprising 24 representatives from key non-ICT sectors, ISPs and communication networks, law enforcement agencies, cyber security, legal, civil, and insurance companies, and governmental organisations from the Member States. The ESF acts as an advisory body for the consortium.
Jul 30th, 3:36 PM Malware Market. Trustwave has followed Symantec in providing some type of guarantee for one of its malware products. If the anti-malware product is determined to have been missed malware, the customer receives a free month taken off the subscription and doesn’t pay for the forensic investigation. This is an interesting development in the cyber security software market.