Cybercrime as a Global threat to the World Economy
←
→
Page content transcription
If your browser does not render page correctly, please read the page content below
Monographic Section
DOI: 10.25115/eea.v39i9.5739
Volume 39-9, September 2021 // ISSN: 1133-3197
Cybercrime as a Global threat to the World Economy
OLEKSIY S. OMELYAN1, DMYTRO S. MELNYK2, YEVHEN V. YUDENKO3,
VALENTINA M. FORNOLIAK4, OLEKSANDR YU. KOSHEL5
1
Department of Postgraduate and Doctoral Studies, NATIONAL ACADEMY OF THE SECURITY SERVICE OF
UKRAINE, UKRAINE. E-mail: omelyan33@sci-univ.com
2
Research and Organization Centre, NATIONAL ACADEMY OF THE SECURITY SERVICE OF UKRAINE, UKRAINE
3
Cycle Comission of Economics and Management, KREMENCHUK FLIGHT COLLEGE OF KHARKIV NATIONAL
UNIVERSITY OF INTERNAL AFFAIRS, UKRAINE
4
Department of Fight Against Terrorism and Protection of Participants in Criminal Proceedings, NATIONAL
ACADEMY OF THE SECURITY SERVICE OF UKRAINE, UKRAINE
5
UKRAINIAN SCIENTIFIC AND RESEARCH INSTITUTE OF SPECIAL EQUIPMENT AND FORENSIC EXPERTISE OF THE
SECURITY SERVICE OF UKRAINE, UKRAINE
ABSTRACT
The purpose of the article is to consider the phenomenon of cybercrime, which causes significant economic
losses worldwide, to explore the problems of calculating losses through cybercrime, to identify opportunities to
improve the system of combating cybercrime. The paper concluded that the growing number of cybercrimes in
enterprises, the constant improvement of information technology and, as a consequence, new opportunities to
"improve" the tools of their implementation pose global threats to the world economy.
Keywords: Cyberattack; Economic security; Data protection; Cyber threats to business; Cyber incidents.
JEL Classification: O33, O34
Received: June 06, 2021
Accepted: August 21, 2021Sección Monográfica
DOI: 10.25115/eea.v39i9.5739
Volumen 39-9, Septiembre 2021 // ISSN: 1133-3197
El Ciberdelito como Amenaza Global para la Economía
Mundial
OLEKSIY S. OMELYAN1, DMYTRO S. MELNYK2, YEVHEN V. YUDENKO3,
VALENTINA M. FORNOLIAK4, OLEKSANDR YU. KOSHEL5
1
Department of Postgraduate and Doctoral Studies, NATIONAL ACADEMY OF THE SECURITY SERVICE OF
UKRAINE, UKRAINE. E-mail: omelyan33@sci-univ.com
2
Research and Organization Centre, NATIONAL ACADEMY OF THE SECURITY SERVICE OF UKRAINE, UKRAINE
3
Cycle Comission of Economics and Management, KREMENCHUK FLIGHT COLLEGE OF KHARKIV NATIONAL
UNIVERSITY OF INTERNAL AFFAIRS, UKRAINE
4
Department of Fight Against Terrorism and Protection of Participants in Criminal Proceedings, NATIONAL
ACADEMY OF THE SECURITY SERVICE OF UKRAINE, UKRAINE
5
UKRAINIAN SCIENTIFIC AND RESEARCH INSTITUTE OF SPECIAL EQUIPMENT AND FORENSIC EXPERTISE OF THE
SECURITY SERVICE OF UKRAINE, UKRAINE
RESUMEN
El propósito del artículo es considerar el fenómeno de la ciberdelincuencia, que causa importantes pérdidas
económicas a nivel mundial, explorar los problemas de cálculo de pérdidas por ciberdelincuencia, identificar
oportunidades para mejorar el sistema de lucha contra la ciberdelincuencia. El documento concluyó que el
creciente número de delitos cibernéticos en las empresas, la mejora constante de la tecnología de la información
y, como consecuencia, las nuevas oportunidades para "mejorar" las herramientas de su implementación
plantean amenazas globales para la economía mundial.
Palabras clave: Ciberataque; Seguridad economica; Protección de Datos; Amenazas cibernéticas a las empresas;
Incidentes cibernéticos.
Clasificación JEL: O33, O34
Recibido: 06 de Junio de 2021
Aceptado: 21 de Agosto de 2021Oleksiy S. Omelyan, Dmytro S. Melnyk, Yevhen V. Yudenko, Valentina M. Fornoliak, Oleksandr Yu. Koshel
1. Introduction
Cybercrime in recent years has become one of the most dangerous problems facing humanity,
negatively affecting both the economic potential of individual states and the stable development of
the world economy. Modern information technologies and technical solutions continue to occupy all
new areas in public life. New information technologies that appear on the market are immediately
integrated with existing ones and implemented into use. On the one hand, such progress increases the
productivity of human labor and opens up new ways of leisure and recreation. On the other hand, all
this significantly expands the scope of cybercriminals' activity and creates conditions for increasing the
effectiveness of hacker attacks. Therefore, cybercrime is growing faster than all other types of
economic crime combined (Cherniavskyi et al., 2019). According to Cybersecurity Ventures, over the
next five years, global cybercrime spending will grow 15 percent a year, reaching $ 10.5 trillion a year
in 2025, compared to $ 3 trillion in 2015. This dangerous phenomenon exponentially exceeds the
damage caused by natural disasters to mankind in a year and will be more profitable than world trade
in all major illicit drugs combined (Morgan & Calif, 2020; Kozlovskyi et al., 2019).
The active introduction and use of digital technologies and global computer networks in all spheres
of life, including international financial and banking activities, create the preconditions for the use of
these technologies for illegal purposes, thus facilitating the commission of criminal acts in cyberspace,
which mostly go unpunished. Today it is quite problematic to detect and prevent existing cybercrimes,
due to their extreme latency and complexity (Nizovtsev et al., 2021). It is necessary to note the
appearance of the third factor - scale. In particular, in recent years, experts have identified dozens of
types of cybercrimes, both against individuals and their rights, and against the state, including: hacker
attacks, development and distribution of computer viruses, cyberterrorism and cybersabotage, fraud
with plastic payment cards, theft of funds from bank accounts and etc.
Today, almost all information technology professionals, law enforcement officials around the
world, and the international organization Interpol acknowledge that the cybercrime situation in the
world is deteriorating day by day (Interpol, 2017). Organized crime groups and lone criminals are
increasingly using the global network for illegal purposes. A typical example is the Darknet (a hidden
part of the Internet that only a limited number of people have access to), through which attackers have
effectively created an illegal market for weapons, drugs, sex services, stolen goods, and so on. Thanks
to technologies that provide network anonymity (BitBlinde, I2P, TOR, VPN and others), this part of the
Internet remains almost uncontrolled, and therefore safe and conducive to any type of criminal
activity. However, the growth of the world economy also directly depends on the spread and
integration of information and communication technologies (ICT) in the production process,
transformation of existing and creation of new sectors of the economy through digitalization of
industry and trade, development of the Internet of Things (IoT) (Korolova et al., 2020; Novikovas et al.,
2017).
Research methods was selected with consideration of the goals and objectives of the scientific
article. Methods of analysis and synthesis have been used to study the types and methods of
committing cybercrimes. With the help of classification and systematization methods, modern
scientific literature on the problems of studying the mechanisms of the impact of cybersecurity on the
development of the world economy was analyzed. The economic and statistical method was applied
to study the economic component of cybercrime, to identify trends in the spread of this antisocial
phenomenon and to substantiate the patterns of its development. It also made it possible to establish
the quantitative influence of individual factors on the object of research, to identify the main factors
that caused changes in the course of economic processes in the illegal cybersphere sector and to
determine direct and indirect losses for businesses from cybercrime.
Using the abstract-logical method, the logical relationship between the dynamics of cybercrime
growth and information-technological progress is revealed. Thanks to the use of the method, the main
drawback in predicting the quantitative characteristics of committed cybercrimes is revealed and this
is an underestimation of the actual level of cybersecurity due to the victim's unwillingness to contact
3Cybercrime as a global threat to the world economy
with law enforcement agencies or due to the impossibility of quickly identifying the signs and
consequences of the crime due to its latency. Also, the abstract-logical method was applied in the
study of the causes of the large-scale cyberattacks appearance, which are currently observed both in
Ukraine and other countries of the world. The publication analyzes a number of international legal acts
regulating cooperation between states in the field of combating cybercrime, including preventing their
economic consequences. Empirical sources of the study were the scientific works of domestic and
foreign scientists, as well as analytical studies of leading IT companies. Through the use of the above-
mentioned methods and materials, the problems of the influence of cybercrime on the legal economic
activity of both the private and public sectors of the world economy were comprehensively analyzed.
It should be noted that during the study of analytical and prognostic materials, it was concluded
that cybercrime has finished being something local and disorganized. It has penetrated into all spheres
of the economy and is quickly turning into a full-fledged industry. One of the most interesting aspects
of the economic component of cybercrime is how it is stratified. The preparation and implementation
of large-scale cyber incidents is carried out almost according to the scenario of business plans of
multinational corporations, and smaller - as small businesses. Large-scale cyber operations can bring
in profits totaling more than $ 1 billion dollars per year, while the smaller ones are 30-50 thousand
dollars.
2. General characteristics of cybercrime in the economic sphere
Cybercrime is defined in the recommendations of UN experts as any crime that may be committed
through a computer system or network, in a frame of a computer system or network, or against a
computer system or network (United Nations Congress, 2000). According to the Convention on
Cybercrime of the Council of Europe, adopted on November 21, 2001 in Budapest and the Additional
Protocol (Council of Europe, 2003), cybercrime is divided into the following categories:
1) offenses against the confidentiality, integrity and availability of computer data and systems (so-
called «CIA crimes»), including:
• illegal access, for example, by hacking, deception and other means;
• illegal interception of computer data;
• interference with data, including deliberate damage, destruction, deterioration, alteration or
concealment of computer information without the right to do so;
• Interference with the system, including deliberately creating serious obstacles to the functioning
of the computer system, for example, through distributed attacks on critical information
infrastructure;
• misuse of devices, that is, the manufacture, sale, purchase for use, distribution of devices,
computer programs, computer passwords or access codes in order to carry out «CIA-crimes»;
2) computer-related offenses, including counterfeiting and fraud, committed using computers;
3) information-related offenses, including child pornography, racism and xenophobia;
4) offenses related to violation of copyright and related rights, for example, illegal reproduction and
use of computer programs, audio / video and other types of digital products, as well as databases and
literature (Council of Europe, 2001).
Crimes committed using the global information network Internet have no borders, that is, they are
transnational in nature. In particular, as the scientists note: «within the framework of one committed
crime, the location of equipment (server), location of data, location of the person who committed the
crime, and location of the consequences may relate to completely different states» (Nizovtsev et al.,
2021). Such offenses may be committed without leaving the office or apartment, from a computer
located in the territory of one state in relation to the subjects of another state, and the data contained
in computer systems are usually short-lived, which means may be promptly destroyed, which will allow
criminals to escape punishment.
4Oleksiy S. Omelyan, Dmytro S. Melnyk, Yevhen V. Yudenko, Valentina M. Fornoliak, Oleksandr Yu. Koshel
Forms of cybercrime are changing and extending to all new achievements of scientific and
technological progress. Given the total introduction of computer systems in all spheres of life, including
trade, finance, banking and manufacturing, insurance and real estate, illicit enrichment through
cyberattacks is quite attractive to criminals. At the same time, various variants of illegal actions are
used, both simple in nature and complex, which are a combination of different methods and
technologies. For example, by gaining control of an accountant's computer, attackers transfer funds
from the company's accounts to their own accounts. However, in order to avoid detecting a shortage,
attackers can transfer money in small amounts regularly for a long time. Although they can withdraw
the maximum possible amount at once. An alternative option for committing a crime is to steal the
accountant's credentials for the client-bank system and then connect to the specified system from the
cybercriminals' computer.
Extortion of money is not uncommon. Most often, this is done with the help of ransomware, which
secretly encrypts the contents of computer storage media, either all information is encrypted, or
certain types of files or folders. After encryption is complete, access to the encrypted information is
excluded, and the ransomware displays a message on the screen demanding that a certain amount be
transferred to the attackers' account. Usually, payment is accepted in cryptocurrency on anonymous
electronic wallets, which greatly complicates or completely excludes the identification of criminals by
law enforcement agencies. It is calculated that the loss of critical information will cost more expensive
than paying criminals to decipher this information. Crimes related to the theft of payment card data
have already become a classic (Korolova et al., 2020). Using this data, attackers typically make card
clones and withdraw cash at ATMs. In addition, there are options with the transfer of funds from bank
cards to the accounts of cybercriminals. This is also done by buying cryptocurrency and transferring it
to anonymous electronic wallets. It is quite rare for cybercriminals to buy goods or services directly
using stolen payment card data, since in such cases the likelihood of being detained by law
enforcement agencies significantly increases.
A relatively new method of cybercrime in Ukraine concerns illegal gaining access to computers of
notaries. Having gained such access, attackers can steal personal data and other sensitive information
of notaries' clients. This information can be sold or used in the future for illegal actions against these
customers. More often control over computers of notaries is used to access state registries of real
estate. On behalf of notaries, changes are made to state registers in order to transfer ownership of
certain objects to third parties under the guise of making fictitious transactions. These items are usually
resold several times in the future, making it very difficult to return them to their owners. In case of
detection of illegal re-registration in the state register, the suspicion first falls on the notary on whose
behalf the changes were made to the register.
There are other ways to enrich themselves illegally by committing cybercrimes. But they all have
one thing in common - attackers receive funds directly from their victims. At the same time, recently
at the interstate level, fundamentally new types of crimes have appeared, which in their totality can
be called cyberwar. A growing trend in the world is the use of cyberattacks against critical information
infrastructure and strategic sectors of the economy, where cyber sabotage and cyber terrorism are
becoming the main weapons.
3. Analysis of some cyber incidents that have occurred in recent years
The first documented case of cyber diversion can be considered a cyberattack on a uranium
enrichment plant in Natanz (Iran). Although Iran has been a member of the International Atomic
Energy Agency (IAEA) since 1958 and joined the Treaty on the Prohibition of Nuclear Weapons Tests
in the Atmosphere, Outer Space and Underwater since 1963, Iran has sought to have its own nuclear
weapons. To this end, a number of nuclear facilities were built throughout the country - uranium
mines, design bureaus, a research reactor, uranium processing plants, etc. One of the key facilities is
the uranium enrichment plant in the city of Natanz (Iran, Isfahan province).
5Cybercrime as a global threat to the world economy
Of course, such aspirations of Iran could not go unnoticed by the advanced states of the world and
the IAEA. For a long time, attempts were made to resolve the situation through negotiations,
occasionally imposing sanctions and offering Iran favorable terms to pay for the curtailment of its
nuclear program. When once again the negotiations did not achieve the desired result, a cyberattack
was carried out using the malicious software Stuxnet. This malicious software implemented a rather
unusual method of distribution, namely through flash drives, using four 0-day vulnerabilities of the
operating system and carefully checking which automated system it got. If the pest found that it was
not in the target SCADA (Supervisory Control and Data Acquisition) - Siemens Step 7, under the control
of which the uranium enrichment centrifuges functioned, it immediately removed itself from the
system. Instead, entering the target SCADA system, Stuxnet intercepted the control of the centrifuges
and, unnoticed by the operator, began to accelerate and brake them sharply. This extreme mode of
operation led to the failure of 1368 out of 5,000 centrifuges. Iran's nuclear program was rejected a few
years ago. Although no exact estimates of the damage from this cyberattack have been found in open
sources, a number of authors have compared the effects of the software pest to an air force attack on
an object (Cherniavskyi et al., 2019).
The next illustrative case that should be considered in this publication is a series of cyberattacks on
energy supply companies in Ukraine in late 2015 and early 2016. This is the first documented case in
the world where a significant number of consumers have been cut off as a result of a cyberattack. The
complexity and multistage nature of the attack is striking. First, the cybercriminals carried out a
phishing campaign: an e-mail message containing Microsoft Word documents containing macros was
sent to employees of energy supply companies, primarily IT personnel. When the sent document was
opened, a standard window opened, namely a request to run macros. If the user agreed, the script
downloaded and installed the BlackEnergy3 malware. One of the functions of this malicious software
is hidden remote control of an infected computer, the so-called backdoor.
Thus, cybercriminals gained control over a number of computers in the corporate networks of
electricity suppliers. The next step was to penetrate the SCADA system. It also took some time, as it
was necessary to examine the network from the inside and identify vulnerabilities that would allow
access to the industrial control system. Then there was a reconfiguration of the uninterruptible power
supply systems of the two power distribution centers in order to ensure that after a general blackout,
these centers would also be left without electricity (Ovcharenko et al., 2020). Also, was provided the
replacement of the embedded software («firmware») of the serial Ethernet interface converters at a
number of substations with the modified software is a malicious software. These converters provided
command processing from the SCADA system to the substation control systems. The modified
firmware not only allowed the converters to be turned off remotely, but also made it impossible to
turn on the electricity remotely after it was turned off.
On December 23, 2015 criminals turned off the system of uninterrupted power supply and started
turning off power supply through substations. At this time call centers of the power suppliers received
thousands of fake phone calls from Russian phone numbers. In fact, a phone distributed denial of
service (DDoS) attack was carried out. Piles of fake phone calls made impossible to accept calls from
de-energized users. At the end of the attack the criminals applied the malicious software KillDisk in
order to delete all the files from operator’s stations and disable them. It is worth mentioning, that
criminals also attempted to conduct a cyber-attack on the airport “Boryspil”, where malicious software
BlackEnergy3 was detected on one of the computers. However, that time the attackers did not manage
to intervene in the work of the airport.
The consumers of “Prykarpattiaoblenergo” have suffered from the cyber-attack the most: about 30
substations were turned off, nearly 230 thousand residents have been cut off from the electricity for
about 1 - 6 hours. “Chernivtsioblenergo” and “Kyivoblenergo” were also under attack, but the
consequences have proved to be much less. In general, the break in power supply has amounted from
1 to 3,5 hours. The overall shortage – 73 MWt*h (0.015 % from the amount of daily consumption in
Ukraine) (Zetter, 2016). A mass cyber-attack on organizations, entrepreneurships and establishments
of Ukraine in summer 2017 is also worth attention. This attack also had a long term of thorough
6Oleksiy S. Omelyan, Dmytro S. Melnyk, Yevhen V. Yudenko, Valentina M. Fornoliak, Oleksandr Yu. Koshel
preparation. Around 80% of affected computers were in Ukraine, but information systems of other
countries have also fallen under effect of the cyber-attack.
The first stage was penetration of the software distribution services “M.E.doc.”, which was widely
used for document circulation and reporting in Ukraine. It is worth noting, that law-enforcing agencies
warned the authority of the company-developer of “M.E.doc.” about low levels of their informational
infrastructure protection. Besides, the “M.E.doc.” update server was on the hosting of WNet Internet
provider, which shortly before the described events was accused of cooperating with Russian
intelligence services by the Security service of Ukraine.
In general, the cyber-attack was carried out in the following way. Having access to “M.E.doc.”
update server hosting, the criminals (Russian intelligence agencies or cyber-criminals, which acted on
request of Russian intelligence agencies) implemented another update pack malicious software
NotPetya (also known as Petya.A, Petya.C, SortaPetya, Petna, ExPetr, Petya.2017, Nyetya). During the
automatic update of the program “M.E.doc.” the wrecker NotPetya hit the computers which were
being updated. NotPetya has coded the information carriers (hard drives) on the affected computers
and blocked access to them. After that a message with the ransom demand on the Blockchain
appeared on the screen of the affected computer.
At first glance, a cyberattack by the malicious software NotPetya looked like an attack by "ordinary"
cybercriminals with selfish motives, that is, in order to make money by extortion. And only during
thorough investigation involving both domestic and foreign experts it was established that this
cyberattack was in fact planned and carried out by the Russian intelligence agencies as a cybersabotage
or cyberattack. Such conclusions were due, in particular, to the fact that NotPetya did not in fact leave
the possibility to decrypt the media even if the attackers were paid a ransom. In other words, NotPetya
was not a cryptographer (Ransomware), but a viper (Wiper).
An unusual feature of the wrecker NotPetya is its collection of USREOU numbers (Unified State
Register of Enterprises and Organizations of Ukraine). Each registered organization in Ukraine has a
unique USREOU number. According to cybersecurity experts, using USREOU, it is possible to conduct
targeted cyberattacks against a specific legal entity (company or organization). In particular, it is
possible to try to direct a cyberattack only on the computers of Ukrainian organizations, filtering out
foreign ones (although, if the attackers had such a task, they failed to limit the attack to Ukrainian
companies only). The Maersk Group estimates that the company's losses, especially those of its Maersk
Line, Damco and APM Terminals divisions, will total $200-300 million (Leovy, 2017). The American
logistic and postal company FedEx estimated losses in its subsidiary in the Netherlands TNT Express in
about the same amount ($300 million). А The American pharmaceutical company Merck stated that it
did not receive revenue of up to $240 million. According to experts, the damage from the attack of the
NotPetya virus reaches 10 billion US dollars in the world as a whole (Greenburg, 2018).
Malware distribution tactics have proved to be successful. It was used again during a recent
cyberattack on SolarWinds, a company that develops software to manage companies' IT infrastructure.
The attackers gained access to the SolarWinds Orion build system and added a malicious remote
hidden control software (a backdoor already described, something like BlackEnergy3) to the program
update file. This file was then distributed to SolarWinds customers through an automatic update
platform. After booting, the backdoor connected to a remote server to receive "tasks" to run on the
affected computer. Dozens of US companies and state institutions have have suffered the cyberattack.
As in the case of the NotPetya cyberattack, Russian "government hackers" (that is, hackers who work
for the intelligence services or are their staff) were accused of the cyberattack.
4. The difference between cyberattacks and "ordinary" cybercrimes
It is much more difficult to plan, prepare and implement a cyberattack. This applies in particular to
the malware used: the above-described Stuxnet proved to be a unique malware at the time in its
complexity and perfection, and NotPetya collected and used it during the distribution of the USREOU.
In addition, there is the involvement of "non-computer" means (massive phone calls to call centers
7Cybercrime as a global threat to the world economy
during the attack on the Ukrainian energy sector). Cyberattacks are carried out in many stages,
stretched over time, which is also generally uncharacteristic of "ordinary" criminals who need to make
a profit as soon as possible. The cost of preparing and implementing such cyberattacks is very high,
unattainable for "ordinary" cybercriminals.
The attacker does not receive material benefits directly from the victim (although the attack may
be disguised as a ransom). The benefit for the attacker is the greatest possible losses for the victims of
a cyberattack, its weakening, provocation of panic, etc. Such targets are more common in combat, but
in cyberspace, where cyber-terrorism is analogous to conventional terrorist attack, and cyber-sabotage
is analogous to conventional sabotage. After all, in war, the warring parties also try to weaken each
other and sow panic in the ranks of the enemy. It should be noted that during a cyberattack it is
possible to implement an "ordinary" cybercrime. For example, let's remember the above-mentioned
cyberattacks on notaries' computers for the purpose of making illegal changes to state registers. If such
illegal changes are large-scale (affecting hundreds of thousands or even millions of real estate, mostly
housing), it will cause mass panic, significant social tensions and loss of trust in public authorities.
Provoking panic itself is a good achievement during hostilities. But in addition, panic and distraction
from law enforcement can be used to prepare for and implement another cyberattack.
At present, we can already talk about the cyber war between Russia and Ukraine, which is taking
place in parallel with Russia's armed invasion of Ukraine, as well as some cyber operations of Russia
against Western countries. The danger of cyberattacks can be illustrated by the recent attack on the
Colonial Pipeline. This pipeline transports 45% of diesel fuel, gasoline and aviation fuel on the east
coast of the United States (Russon, 2021). The attack shut down all pipelines in the system for five
days, and US President Joseph Biden was forced to declare a state of emergency.
Extremely informative is the case that occurred in the United States with the then well-known
company Yahoo Inc. On September 22, 2016, Yahoo reported the theft of information related to at
least 500 million user accounts at the end of 2014 (Perlroth, 2016). The stolen information included
information about usernames, email addresses, phone numbers, encrypted or unencrypted security
questions and answers, dates of birth, and encrypted passwords.
As a result of this hacking and disclosure, Yahoo's stock price fell 3 percent, resulting in a loss of
about $1.3 billion in market capitalization. In addition, the company, which at the time was negotiating
the sale of its business to Verizon, was forced to agree to a discount of 7.25 percent on the proposed
purchase price, which reduced its value by $350 million. Yahoo was also fined $35 million by the US
Securities and Exchange Commission for late disclosure. In addition, Yahoo had to face a nationwide
lawsuit initiated on behalf of more than one billion users who claimed that their personal information
had been compromised as a result of data leaks from the company. Yahoo's management even had to
answer to the US Senate for leaks. The two-year lag between the breach occurring and Yahoo warning
customers, however, isn't that unusual. According to cybersecurity firm FireEye's Mandiant division,
organizations require on average 146 days to discover they've been breached. Also, 53 percent of
compromised organizations first learn that they were breached only thanks to an external entity
(Schwartz, 2016).
Steve Grobman, senior vice president and technical director of McAfee, drew attention to the
important problem of hidden losses from cybercrime. According to him, "the seriousness and
frequency of cyber threats to business are constantly increasing with the creation of new technologies
and the development of existing ones, which significantly increases the number of objects to attack.
In addition, criminals are taking advantage of the fact that people are increasingly working remotely
at home as a result of the COVID-19 pandemic (McAfee, 2020). After all, remote work often requires
remote access to the company's servers. But if the server is under the supervision and protection of a
qualified system administrator, the employee's home computer may be vulnerable to cyberattacks.
After accessing an employee's home computer, attackers automatically gain access to the company's
server using employee authentication, VPN settings, etc.
8Oleksiy S. Omelyan, Dmytro S. Melnyk, Yevhen V. Yudenko, Valentina M. Fornoliak, Oleksandr Yu. Koshel
Experts from the IT company McAfee and the Center for Strategic and International Studies (CSIS)
say: “While industry and government are aware of the financial and national security implications of
cyberattacks, unplanned downtime, the cost of investigating breaches and disruption to productivity
represent less appreciated high impact costs. We need a greater understanding of the comprehensive
impact of cyber risk and effective plans in place to respond and prevent cyber incidents given the
hundreds of billions of dollars of global financial impact.” (McAfee, 2020). The theft of intellectual
property and money causes significant damage to companies. The least obvious losses from
cybercrime are related to reduced efficiency of companies. According to the study, 92% of
corporations reported other negative business consequences of cyberattacks in addition to financial
losses and loss of working hours. The McAfee report details the following hidden costs and long-term
effects of cybercrime on businesses, namely:
- system downtime (such downtime proved to be a common problem for two-thirds of respondent
organizations. The average loss for the longest downtime in 2019 was $ 762,231. A third (33%) of study
participants reported that security incidents caused IT-systems downtime, which cost them in the
amount of 100 to 500 thousand US dollars);
- reduced efficiency (due to system downtime, companies lost an average of nine working hours
per week, which led to a decrease in the efficiency of their work. The average suspension time was 18
hours);
- incident response costs (according to the report, in most companies the average response time to
a cyberthreat from detection to resolution is 19 hours. Most problems can be solved on their own, but
large-scale incidents often require external consultants. Costs of their services are a significant share
of the costs associated with responding to a large-scale cyberattack);
- damage to the brand and reputation (the cost of restoring the brand image with external
consultants or new employees to prevent future incidents is also included in the negative results of
cybercrime. 26% of respondents reported that downtime caused by a simple cyberattack resulted in
significant damage to their brand) (McAfee, 2020).
In this regard, the decisions made during the meeting of the Group of Experts to conduct a
comprehensive study of cybercrime, which took place on April 6-8, 2021 in Vienna, are noteworthy.
This group of experts was formed as part of the Commission on Crime Prevention and Criminal Justice
(CCPCJ), as the main policy-making body of the United Nations, to conduct a comprehensive study of
cybercrime and develop responses.
States should undertake surveys to measure the impact of cybercrime on businesses, including
measures implemented, employee training, types of cyberincidents that affect them and the costs
associated with recovering from and preventing cyber-incidents. States should support businesses and
communities in raising awareness of cybercrime risks, mitigation strategies and enhancing
cyberpractices, as these can have significant downstream preventive benefits (Seventh session…,
2021).
5. Conclusions
First, it should be noted that both large and small businesses can now become victims of
cyberattacks by highly qualified so-called "government" hackers, who enjoy the support of the
intelligence services of individual states. The purpose of the attack will not be enrichment, but inflicting
as much damage as possible. Secondly, it can be stated that resisting targeted cyberattacks is much
more difficult than conventional cybercrime. This necessitates paying more attention to cybersecurity.
However, the cost of security will in any case be less than the financial damage and reputational
damage in case of a successful cyberattack. Third, if previously ensuring their own cybersecurity was
the business of the firms themselves, in modern realities, effective countering of cyber threats is no
longer possible alone. We need close cooperation between companies and cooperation with
government institutions responsible for cybersecurity.
9Cybercrime as a global threat to the world economy
It should be emphasized, that if cyber wars are currently taking place between states, in the long
run this way of eliminating competitors can be adopted by the firms themselves, especially large
corporations. Of course, such cyber wars of corporations will be conducted covertly, but the
consequences of cyberattacks can be felt not only by a particular business, but also by the entire
economy of the world. Attention should also be paid to the reports of McAfee-CSIS analysts, who claim
that most of the damage from cybercrime is directly related to what experts call the "cost of data
recovery", i.e. the operation of deleting, modifying or restoring personal data. Even given the fact that
after such procedures, criminals could no longer benefit from the stolen data, their victims were forced
to spend significant funds on the recovery of personal information.
Therefore, it is important for all businesses in the world to have the same mandatory security
measures, ensure economic and financial transparency of companies and government agencies,
standardize cybersecurity requirements and create a multilevel cybersecurity system, increase
knowledge about cybersecurity through organized training of employees and officials development
and implementation of plans to prevent and respond to cyberattacks, ensuring the protection of
critical infrastructure from cyberattacks.
References
1. Cherniavskyi, S.S., Golovkin, B.N., Chornous, Y.M., Bodnar, V.Y., & Zhuk, I.V. (2019). International
cooperation in the field of fighting crime: directions, levels and forms of realization. Journal of
Legal, Ethical and Regulatory Issues, 22(3), 1-11.
2. Council of Europe. (2001). Convention on Cybercrime. Retrieved from
https://zakon.rada.gov.ua/laws/show/994_575#Text
3. Council of Europe. (2003). Additional Protocol to the Convention on Cybercrime, concerning the
criminalisation of acts of a racist and xenophobic nature committed through computer systems.
Retrieved from https://rm.coe.int/168008160f
4. Greenburg, A. (2018). The untold story of NotPetya, the most devastating cyberattack in history.
Retrieved from https://www.wired.com/story/notpetya-cyberattack-ukraine-russia-code-
crashed-the-world/
5. Interpol. (2017). Global Cybercrime Strategy. Retrieved from
https://www.interpol.int/content/download/5586/file/Summary_CYBER_Strategy_2017_01_EN
%20LR.pdf
6. Korolova, V. V., Dolianovska, I. M., Hryhorchuk, M. V., & Vyshnevska, Y. V. (2020). Theoretical and
practical aspects of counteracting unfair competition and violation of antimononpoly laws.
International Journal of Criminology and Sociology, 9, 1533-1541.
7. Kozlovskyi, S., Butyrskyi, A., Poliakov, B., Bobkova, A., Lavrov, R., & Ivanyuta, N. (2019).
Management and comprehensive assessment of the probability of bankruptcy of Ukrainian
enterprises based on the methods of fuzzy sets theory. Problems and Perspectives in Management,
17(3), 370-381. DOI: 10.21511/ppm.17(3).2019.30
8. Leovy, J. (2017). Cyberattack cost maersk as much as $300 million and disrupted operations for 2
weeks. Retrieved from https://www.latimes.com/business/la-fi-maersk-cyberattack-20170817-
story.html
9. McAfee. (2020). New McAfee Report Estimates Global Cybercrime Losses to Exceed $1 Trillion.
Retrieved from
https://www.mcafee.com/enterprise/en-us/about/newsroom/press-releases/press-
release.html?news_id=6859bd8c-9304-4147-bdab-
32b35457e629&utm_source=twitter_mcafee&utm_medium=social_organic&utm_term&utm_co
ntent&utm_campaign&sf240838844=1
10. Morgan, S., & Calif, S. (2020). Cybercrime to cost the world $10.5 trillion annually by 2025.
Retrieved from https://cybersecurityventures.com/cybercrime-damages-6-trillion-by-2021/
10Oleksiy S. Omelyan, Dmytro S. Melnyk, Yevhen V. Yudenko, Valentina M. Fornoliak, Oleksandr Yu. Koshel
11. Nizovtsev, Yu. Yu., Parfylo O. A., Barabash O. O., Kyrenko S. G. & Smetanina N. V. (2021).
Mechanisms of money laundering obtained from cybercrime: the legal aspect Journal of Money
Laundering Control. Retrieved from https://doi.org/10.1108/JMLC-02-2021-0015
12. Novikovas, A., Novikoviene, L., Shapoval, R., & Solntseva, K. (2017). The peculiarities of motivation
and organization of civil defence service in Lithuania and Ukraine. Journal of Security and
Sustainability Issues, 7(2), 369-380.
13. Ovcharenko, M.O., Tavolzhanskyi, O.V., Radchenko, T.M., Kulyk, K.D., & Smetanina, N.V. (2020).
Combating illegal drugs trafficking using the internet by means of the profiling method. Journal of
Advanced Research in Law and Economics, 11(4), 1296–1304.
14. Perlroth, N. (2016). Yahoo says hackers stole data on 500 million users in 2014. Retrieved from
https://www.nytimes.com/2016/09/23/technology/yahoo-hackers.html
15. Russon, M.-A. (2021). US fuel pipeline hackers 'didn't mean to create problems'. Retrieved from
https://www.bbc.com/news/business-57050690
16. Schwartz, M. J. (2016). Yahoo Hacked by Cybercrime Gang, Security Firm Reports. Retrieved from
https://www.bankinfosecurity.com/yahoo-hacked-by-cybercrime-gang-security-firm-reports-a-
9428
17. Seventh session of the of the Open-ended intergovernmental Expert Group to Conduct a
Comprehensive Study on Cybercrime, 6-8 April 2021. (2021) Retrieved from
https://www.unodc.org/documents/organized-crime/cybercrime/Cybercrime-April-
2021/Working-documents/EGM_Cybercrime_Agreed_paragraphs_Status_7_April_6_PM.pdf
18. United Nations Congress. (2000). Crimes related to computer networks. Tenth United Nations
Congress on the Prevention of Crime and the Treatment of Offenders Vienna, 10-17 April 2000 //
A/CONF. 187/10. Retrieved from https://documents-dds-
ny.un.org/doc/UNDOC/GEN/V99/909/56/PDF/V9990956.pdf?OpenElement
19. Zetter, K. (2016). Everything we know about Ukraine's power plant hack. Retrieved from
https://www.wired.com/2016/01/everything-we-know-about-ukraines-power-plant-hack/
11You can also read
