Despite its reputation for aquamarine waters and harbours filled with super yachts, the British Virgin Islands in the Caribbean has one of the most prolific cases of malicious cyber activity in the world. According to a new report released by researchers from CSIRO’s Data61 and Macquarie University in collaboration with Nokia Bell Labs and University of Sydney, the British Virgin Islands ranked 8th on the global mal-activity scale, with roughly 243,000 reports of computerised attacks in the last decade.

Known as ‘FinalBlacklist’, the paper collates 51.6 million mal-activity reports dating back to 2007, aggregating 662,000 unique IP addresses worldwide, which were categorised using machine learning techniques into six classes of mal-activity: Malware, Phishing, Fraudulent Services, Potentially Unwanted Programs, Exploits and Spamming.

Countries with rich IT infrastructure such as the United States, Germany, China, France, and the Netherlands contributed the bulk of malicious cyber activity in the last 10 years, garnering 42M, 1.47M, 1.32M, 1.24M and 0.41M respectively, while spammers are concentrated in a few select countries, including the United States (35%), Russia (22%), British Virgin Islands (9%), Ukraine (5%), and Germany (5%). 

According to FinalBlacklist co-author and CSIRO’s Data61 Information Security and Privacy research leader, Professor Dali Kaafar, reports of spamming have steadily risen since 2009, an increase that coincides with mass adoption of smartphones. 

“In 2013, another spike was experienced which can be linked to the growing popularity of digital payment systems which attracted unwanted attention from cybercriminals,” says Professor Kaafar.

FinalBlacklist reveals that malware continues to dominate the proportion of all mal-activities, with a recent Ransomware attack (a type of malware that threatens to publish a victim’s data or block access to it unless a ransom is paid) being used to block access to several major systems in a number of regional Victorian hospitals and health services. In 2018, the WannaCry ransomware attack affected more than 300,000 computers across 150 countries causing billions of dollars in damage.

Analysis of the retrospective dataset will allow researchers to identify how the sources, types and scale of different mal-activity has transformed over time, so that organisations can be better prepared against it. 

“We’ve made this dataset available to the wider research community so it can be used to train algorithms to predict future instances of mal-activity before they happen,” Professor Kaafar said. 

Datasets detailing cyber attacks have been available for years, however, they have often belonged to private companies who were unable to share them due to privacy concerns and wanting to maintain a competitive advantage.

Dr Liming Zhu, Software and Computational Systems Research Director at CSIRO’s Data61 said researchers and organisations are locked in a perpetual arms race to combat widespread malicious activity on the Internet. 

“The insights that can be drawn from the FinalBlacklist dataset represent a significant contribution to cybersecurity research,” said Dr Zhu. 

“A retrospective analysis of historical mal-activity trends could help reduce the impact of cybercrime on the economy.”

A key insight from FinalBlacklist illustrates that mal-activity has consistently increased in volume over the last decade, with the annual cost of cybercrime damages expected to reach $6 trillion by 2021. 

Cisco’s annual cybersecurity report in 2018 highlighted that nearly one-third of large organisations globally have experienced cybersecurity attacks on their operational technology infrastructure, with a further third expecting attacks to move from IT (Information Technology) to OT (Operational Technology) within the next year. 

While FinalBlacklist’s analysis revealed a consistent minority of repeat offenders contributed to the majority of mal-activity reports, their presence on a blacklist has not hindered their activities, with the report calling for law-enforcement agencies, major network providers, and cloud operators to make tracking prominent mal-activity contributors a priority. 

“Detecting and quickly reacting to the emergence of such heavy mal-activity contributors would arguably significantly reduce the damage inflicted by them,” said Professor Kaafar. 

Tips to avoid malicious online activity

  1. Keep your operating system (OS) current: Whether you’re running Windows, Mac OS X, Linux, or any other OS, keep it up to date. OS developers regularly issue security patches that fix and plug security leaks.
  2. Don’t give in to ransom demands: If your device is infected by ransomware and you are locked out from accessing your files, don’t pay the ransom. There are no guarantees that your files will be released when you are dealing with criminals.
  3. Think before you click: Do not click on a link in an unsolicited email or open email attachments from somebody that you do not know. Hover over the link to check its validity.
  4. Do not reuse passwords: Use unique passwords for all online accounts. Randomly mix up symbols and numbers with letters. The longer and more complex your password, the more effective it will be in preventing brute-force attacks.
  5. Install ad blockers: Ads can be used to serve up malware or malvertising (malicious advertising containing viruses) and these simple web extensions can prevent this.
  6. Install script blockers (JavaScript-blockers in particular): Privacy preserving tools like NoScript preemptively block malicious scripts and only allow JavaScript, Java and other content from trusted sites.

Recently at D61+ LIVE 2019, Professor Kaafar examined the security of VPN (Virtual Private Networks) apps while speaking on the Trust in a Trustless World panel, highlighting the rate of malware and Javascript in various popular privacy preserving applications. Watch below: