Cyber's the name of the game . . .

In recent years businesses the world over have experienced the definitive influx of cybercrime – everything from malicious network attacks to data theft. Not only does the Internet provide a new backdrop for a new breed of criminal, but it also simplifies the process of these criminals finding one another and converging their interests and skills. According to John Lynch, deputy chief for the Department of Justice Computer Crime and Intellectual Property Section, there is an ever growing online market for malicious specialties. Analogous to the way one could find a legitimate job on a site like Craigslist or LinkedIn, cybercriminals are founding their own social networking sites and getting connected with other likeminded individuals.
And these new coalitions of cybercriminals have a lot to work with . . .
Last year, the IBM Internet Security System X-Force research and development team discovered a total of 7,247 Internet security vulnerabilities, that 88.4% of said vulnerabilities could be exploited remotely through a common web browser, and an even scarier 50.6% would grant a hacker the ability to gain control over the host. The most common vulnerability exploitations are spamming and phishing attacks, and according to IBM, U.S. businesses are the most targeted organizations of phishing emails, accounting for 71.4% of all cases.
Fortunately, Internet security leaders have been investigating the malicious dealings of these new cybercriminals, and thanks to their diligent work we now know who they are, what they're after, how they operate, and how to best protect our networks from attack.
Who they are
As addressed in last month’s “Beware the Scareware,” cybercriminals are no longer thrill seeking hackers but rather experts in their field. They are highly skilled developers and engineers meeting each other online in chat rooms devoted to cybercrime.
The cybercriminals of 2010 are now also “organized,” although IBM program manager Peter Allor would say that they are more like confederations of cybercriminals, moving around from project to project as opposed to permanently organized forces. These confederations have well rehearsed methods that tend to wreak less initial havoc than the work of an anarchist hacker. As they are professionals in their field, they understand the importance of anonymity, and their undetected entrance grants them additional time to cause far more long term damage to your system.
What makes it all the harder to detect these confederations is the fact that their servers and websites are all underground. Often the servers are in other countries where laws are more lax and the websites are protected via passwords or accessed through encrypted channels. What's more, cybercriminals use nicknames which allow them to maneuver online with anonymity, so when one of their sites are detected and shut down they can simply create a new one as their identities are never caught and reprimanded only their sites. According to Allor, a malicious site can move over 40 times in the course of six weeks.
Even more confounding is the fact that these confederations continue to shift about; no group of cybercriminals ever seems to stay together for more than one project. Only a handful of constants sit at the top of each crime confederation; they recruit others, set up and control the malicious websites, and control or lease the botnets. The rest of the players are small time mules, performing a lot of the dirty work of the masterminds for a small cut. Confederations are hard to shut down due to this structure. With the masterminds on top recruiting mules to do the bulk of the dangerous work, mules are the ones typically getting busted. When mules are caught, they are completely cut loose from the confederation; the higher ups allow them to become scapegoats and the mules have no idea who the higher ups even are so they can't offer up names when caught.
What they're after
As with any other mode of organized crime, cybercriminals are after money. Below are 8 specifics cybercriminals are after for profit.
1. Authentication credentials - so as to access your system without malware
2. Money laundering - from illegal and semi-legal activities such as drugs and prostitution
3. Extortion schemes - breaching the defenses of a particular site to then blackmail the proprietors with the threat of denial of service attacks
4. Business information – to accumulate and sell online
5. Personal information – anything from social security numbers to credit card information
6. Bandwidth – tapping into your bandwidth for their own personal use, affecting your network’s performance
7. Exploit codes, backdoor data, and other entry material – any way to hack into your network
8. Selling their own tools to other would be cybercriminals
Their strategy
The higher ups typically follow a 10 step plan that has been addressed by Tracy Mayor of Pragmatix.
1. The cybercriminal launches multiple, high-volume spam and phishing emails, directing recipients to phony websites
2. The malicious site installs a downloader onto the user’s PC via browser vulnerabilities
3. The downloader installs keystroke loggers, backdoor root kits, botnet agents, and other malicious software all designed to capture valuable personal data
4. The malware installed on the user’s PC then turns the PC into a botnet or the cybercriminal uses a “work from home” spam scam to recruit mules.
5. The stolen data is used to access bank accounts and transfer funds into mule accounts
6. Mules convert the remainder of funds into electronic checks
7. The checks are deposited into overseas holding accounts
8. The money is used to buy vast quantities of hard to trace easy to use gift cards
9. A different set of mules purchase goods with the gift cards at one large retailer
10. These goods are returned for cash at another branch
How to protect yourself
The only way to go about protecting your network and valuable data is to adopt a holistic approach to security: harden your network, defend your perimeter from all possible external threats, layer your internal security, continue with your email and web content filtering, and adopt data encryption.
The best thing to do is to hire a professional managed service provider for their expert analysis of your specific needs and threats, their opinions and their products and services. Bryley Systems has been in the business for over 23 years. If you have any questions or concerns regarding cybercriminal confederations or the safety of your network please feel free to contact us today.
Want to learn more?
Contact Bryley today!
Call 888.280.5799
Email Sales@Bryley.com
Visit www.Bryley.com
Resources
Pragmatix – www.pragmatix.com “Cyber: Criminals get organized” written by Tracy Mayor
IBM ISS X-Force Report, Executive Brief – www.iss.net/documents/whitepapers/X_Force_Exec_Brief.pdf
U.S. Department of Justice Computer Crime & Intellectual Property Section – www.cybercrime.gov