People don't need to be technological whizzes to become cyber criminals, as malicious applications can be obtained and deployed easily, says M86 Security VP of technical strategy Bradley Anstis.
Speaking at ITWeb's Security Summit, Anstis said this is the reason collaborative work needs to be done in addressing the issue of cyber crime.
In his presentation, “How to beat the recession: become a cyber criminal”, Anstis highlighted the relative ease with which a person can become a cyber criminal.
He added that the chances of getting convicted for cyber crime are very slim. In addition, there isn't a great level of expertise that's needed to engage in the activity, since criminals can buy applications called exploit kits that automatically do most of the procedures required for cyber crime.
Purchasing crime
Anstis laid out six steps to become a cyber criminal to emphasise the simplicity of the process.
The first step is to select an exploit kit that can be found on newsgroups, carder sites and other crime-based Web sites.
“Kits offer all the features you would expect to see in normal commercial software, such as support and maintenance.”
He added that it is typically installed on a Web server provided by the purchaser of the kit.
The second step is to load the malware, which is also supplied by the kit supplier or a specialist, and can be found on the same sites as the exploit kits.
“Initially, a backdoor Trojan is installed, then after that a cocktail mix of malware, depending on what the attacker wants to achieve.”
Anstis said the third step is to infect the targeted domains or Web sites, and drive traffic to them.
He added that there are common Web site infection techniques that are used either manually or automated through Bot networks. Blended e-mail threats or Blackhat search engine optimisation are used to drive traffic.
Final three
The fourth step, according to Anstis, is to track the successful infections, and the fifth is to manage the ongoing attack.
Here, malware collections must be managed, new attack templates loaded and money mule details set up with the targeted attacks. New spam templates must also be loaded.
The sixth step is to monitor detection levels and swap out domains or malware as required. Anstis said cyber criminals need to know when their malware is being detected.
Multiple players
Cyber criminals can make money using several methods, including through blackmail, direct financial attacks against victims, selling personal information, and selling collected IP.
The cyber crime ecosystem is made up of many different players, each with their own speciality. Anstis said cyber criminals can, therefore, do what they can and hire the other pieces to do what they cannot.
These pieces include the exploit kit creator, the kit operator, the exploit creator, the bandwidth specialist to assist with search engine optimisation and other functions, the detection monitor and the money mule recruiter.
Fixing it
Anstis added that many financial institutions just write off cyber crime attacks as a cost of doing business. Also, for all the same reasons that commercial organisations are embracing the cloud, so are cyber criminals.
For this reason, Anstis suggested remediation needs to be a joint effort between several different parties.
These include cloud providers, law enforcement, financial institutions and security researchers. “Cloud providers need to make sure their customers are using their services for valid reasons.”
Share