Cyber crime has become an economically-motivated underground movement. What strikes fear in businesses is not the familiar malware we know, but the malicious threats we don't hear about, says Allison Miller, PayPal group product manager for account risk.
Miller explained, at the fifth annual ITWeb Security Summit held this morning, at the Sandton Convention Centre, that the traditional fortress mentality of developing security perimeters around an enterprise is no longer relevant in today's evolving threat landscape.
Cyber criminals have changed their strategies to attack the end-user at the client level, as part of a secondary market for the underground cybercrime industry. “Today, clients are being used as part of rent-to-own network of darknets as an alternative way to collect and spread credentials for financial gain.”
Miller pointed out that, in today's world, anybody can rent a darknet, which is a closed private network of computers used for illicit file sharing. She explained that hackers are initiating their attacks to find the quickest and easiest way of financial return by stealing personal information.
Clients traditionally have lower perimeter security and are more vulnerable to attack because of their standardised systems. In addition, attacks on these systems can be automated and require very few resources, said Miller.
“Cyber criminals are no longer interested in attacking the mothership at the perimeter of the organisation; they are attacking end-users,” Miller noted. “They have evolved into an ecosystem mentality where they want to monetise on the attacks they deploy by targeting all of the end-user systems and partners' systems.”
Ulterior motives
Miller explained that cyber criminals have created vast criminal networks where botnets can be rented out online and resold on a secondary underground market. “We are seeing a secondary level of indirect threats where attacks are created for a higher purpose to steal and sell personal information and credentials.”
According to Miller, social engineering attacks have become more sophisticated, as criminals take over social network accounts. She added that phishing scams have also become refined over the years, as a phishing e-mail can mimic a genuine service provider's e-mail almost perfectly.
Getting ahead
In order to combat phishing scams, PayPal has formed partnerships with international e-mail service providers that find and eliminate phishing scams impersonating PayPal. According to Miller, if a PayPal customer account is hacked, PayPal takes on the liability for the breach.
PayPal has enforced a strategy to understand its customers and in real-time detect anomalies in the pattern of purchasing behaviour within its customer base, she explained. This is to find out whether an account has been compromised and then initiate an investigation, depending on the results.
“Generally, once we have determined that the new user on the system is genuine, we will expand the user's privileges, such as transaction limits. The types of anomalies that PayPal would look out for is if the user is doing something brand new, like logging into the system from a cyber caf'e, or if large amounts of money are leaving the user's account.
“PayPal has set up a team to take down phishing sites, and the average takedown is usually an hour after detection. We work with the AntiPhishing Working Group with a portion of our site focused on educating our customers around security.
“The attack space is changing and is becoming more economically motivated, and legitimate users of a platform are as likely to be attacked as the platform itself.”
Share