Cyber crime is costing the economy billions of dollars every year. It is a complex and highly organised underworld, with players big and small, organised and fringe, competing for their piece of the profits.
So says Martin Walshaw, Cisco security expert, who talked to ITWeb about the findings of the Cisco Midyear Security Report. “Many of these players are even pooling their knowledge and resources to get the most out of the black hat economy. As predicted in last year's report, attacks are only going to become more sophisticated and targeted as we move through 2009.”
He says social engineering is, and will remain, the technique of choice for criminals devoted to mastering the arts of trust-breaking and reputation-hijacking.
“These types of cyber crooks may jump on the hot topic of the day, such as Michael Jackson, or the swine flu, and pose as a friend or family member, or alternatively a bank or well-known company, to lure unsuspecting victims into handing over their personal information and ultimately, their identity and money.”
Walshaw adds that multitudes of users are unwittingly installing software that infects their systems and then harvests their personal data or takes over the machine in order for it to spam, infect, or con other users.
“Another tactic is to dupe users seeking protection into buying bogus anti-malware software to 'clean up' their infected systems.”
Botnet business
Alongside this, Walshaw says, is a growing investment, focus, and success in malware used to infiltrate a computer and make it part of a botnet.
He says botmasters are monetising their botnets, by renting them out, forming alliances, or deliberately exploiting each other. They are borrowing the best practices and strategies of competitors, and mirroring the genuine business world.
“These activities are all indicative of the maturing cyber crime economy, where technologies and techniques can be easily gathered and used to effectively and quietly launch an attack against millions of people.”
Walshaw says that on the bright side, while cyber crime is more pervasive, this demonstrates the growing effectiveness of the means for fighting back. The unprecedented level of cooperation and participation by security professionals and industry in response to the Conficker threat earlier this year marked an important milestone in the ongoing battle against cyber crime.
The report also reveals that vulnerability and threat activity has been off to a slower start this year compared to last, adds Walshaw. This could indicate that security is succeeding in making it more difficult for attacks to take root and grow.
“In addition, more cyber criminals are being identified and prosecuted. Security watchers are cautiously optimistic that future efforts to shut down online criminal activity will be increasingly supported by law enforcement.”
Related stories:
PDF Trojan found
Mobile malware 'a growing threat'
SA millennials ignore security policies
Share