Security

Three Ways Internet Crime Has Changed

Gone are the days when most hackers were looking for fame with a splashy, large-scale attack on a network that made headlines. Today's cybercriminals are quietly taking over vulnerable web sites as part of an elaborate process in the underground economy.

Cupertino, Calif.-based security products provider Symantec publishes a biannual internet threat report. Data collected through their managed security services are reviewed an analyzed for the report, which was recently published in its 13th edition.

One trend highlighted in the report change is the motivation of hackers, according to the data. "The trend has moved from hacking attempts being done for notoriety to hacking for criminal intent and fraud," said Grant Geyer, vice president of Symantec Managed Security Services.

How are cyber criminals working today? And what do you need to know to stay on top with your security strategy? Read on for the latest news on malicious web activity.

Botnets Spearhead For-Profit Hacker Activities

The latest data from Symantec confirms that the web is now an integral tool for criminals looking to make money (not merely mischief). Malware-infected systems are used as network of bots for a wide variety of inappropriate activities.

"Bots can do denial of service attacks, they can be used to send out spam, to send out phishing data, they can be the Swiss Army knife of malware distribution," said Geyer. "We're seeing more and more of both consumers, as well as corporations, being targeted by bots for malicious purposes."

Bots, Geyer confirms, are being used as business model; part of the underground economy that is run and organized like any major corporation. (See CSO's Inside the Global Hacker Service Economy for an in-depth investigation of how such sites work.)

"If you want access, if you want one of these bot networks to send out your specific spam message, you can purchase time on bot network, there are rates being established," noted Geyer. "Bots are also being used to steal confidential data. Credit card numbers are sold online. Market prices are established for that, too."

Cyber Criminals Are Quieter, and Sneakier

While early hackers wanted to make a big splash by attacking as many computers as possible in a show of genius and savvy for taking down network, now criminals don't want to be detected. Takeovers are done in a slow, methodical fashion.

"If you can go as slow and stealthily as possible and take over systems in a selective manner, you don't get caught. By not getting caught, you can use the systems you've taken over for a variety of purposes."

Geyer said sites in the United States are consistently the top target worldwide. China is usually second and many countries in Western Europe also in the top ten.

In the first few years the report was published, the number of vulnerabilities in operating systems and software increased annually. The good news is that has begun to change in the last 18 months, said Geyer. Vendors have become more proactive about patching. The bad news is hackers have taken on other techniques to exploit a system and are focusing more on site-specific vulnerabilities.

"Site-specific vulnerabilities are lot harder problem to solve," said Geyer. "You can't just send out a patch and protect everyone if the problem is site-specific." (See The Chilling Effect for more detail on website vulnerabilities.)

End Users Are Now the Primary Target

Large organizations were the main target of attacks less than a decade ago; now the end user is the primary target, said Geyer. Phishing web site hosts are dramatically increasing and so are new variants of malware.

"In past 18 months, the increase is just staggering. So much is being introduced, organizations are having tough time. A lot of it is the same piece of malware that is tweaked to be slight variant of other pieces already written. It just shows how easy it is to write it and also that there is true financial gain. This is proving to be a good business model for people in the underground economy."

Subscribe to the Security Watch Newsletter

Comments