Subscribe

Cyber crime evolves


Johannesburg, 12 Oct 2011

The last eight years have seen a rapid evolution in financially-motivated cyber crime. A lot has changed since the early days of phishing and key-logging.

There are new forms of malware available, some of which can empty a bank account in 10 seconds and circumvent two-factor authentication.

“They are stealthy, adaptive, user-friendly, accessible and easy to customise,” says Uri Rivner, head of New Technologies for Identity Protection at RSA. He says the developers of these next-generation tools support a full product life cycle - from asking their client community to prioritise the development roadmap, to providing full documentation and customer support for new versions.

In addition, adds Rivner, these high-grade weapons of mass digital destruction are sold for hundreds of dollars, and end up in the hands of the masses. Cyber crime turnover has become a billion-dollar business, and is therefore more attractive than ever before; some of the proceeds are poured back into developing even better crime-ware.

He says another trend RSA is seeing, is that the same tools are being used for non-financial motivations. An example would be 'hacktivism', or the act of hacking, or breaking into a computer system, for a socially or politically motivated purpose, driven by idealism.

According to Rivner, the latest and most worrying trend in cyber crime is advanced persistent threat attacks, once reserved for military and government targets, and now widespread in the corporate world. “The attack's objective is typically intellectual property, trade secrets or critical infrastructure assets.”

He says although anti-virus has evolved over time, it was originally planned for contagious computer viruses, and is becoming less and less effective against Trojans. The main reason for this is that Trojans don't spread, they are designed to be stealthy, and some Trojans ensure that the number of PCs infected with a single variant (carrying a single signature) remains very low.

This in turn greatly limits the detection, explains Rivner. “Heuristics, or experienced-based techniques, are far more useful, and new community-based detection look like a good direction, but at the end of the day, Trojans are still spreading.”

Rivner says a further factor to consider is that security patches are not being released quickly enough, and the unfortunate reality is that there are more vulnerabilities needing patching each day - new applications, new devices, new mobile platforms. Not to mention unmanaged devices.

“There are numerous infection mechanisms that were not present until three years ago. Drive by download is now a well-oiled technique: whenever a new Web server vulnerability is published to the security community, fraudsters pick it up and use it to hijack thousands of legitimate Web sites within hours. The traffic of site visitors is directed to infection sites, and millions of PCs are infected this way,” he says.

He cites another popular infection method as poisoned links that are promoted through search engine optimisation techniques to the top 10 page of search engine results; and links sent from a user's social network contacts. “So not only Trojans have evolved to become high power threats, they are also spreading faster than ever,” he concludes.

Online fraud 101

Share