Friday, April 17, 2009

Twin Reports Suggest We are Losing the Cybercrime War

According to Symantec, malicious activity in 2008 amounted to 60 percent of all the activity they have recorded since they started keeping records. Last year, they recorded 1.6 million new malicious code signatures and blocked 245 million malware attacks from their users every month.

Many of these attacks – when the words malware or malicious code are used – are designed to steal information (preferably financial) or take command and control of a computer. Once command and control of a computer is accomplished – it’s called a zombie and networked into a botnet. A botnet works as a super computer and is used to spam the electronic universe. Some of these spam e-mails contain even more malware, which infects more unprotected systems.

In 2008, Symantec saw a 31 percent increase in the number of zombie computers. In 2008, Symantec observed an average of more than 75,000 active bot-infected computers each day, a 31 percent increase from 2007. Symantec's latest report, which covers January to December of 2008, suggests that 90 percent of these attacks are designed to steal information. Attacks using key loggers – which log a computer's keystrokes and send them to the criminals who installed the malicious code – grew from 72 to 76 percent of the activity observed by Symantec's security lab.

Many of these attacks use a technique known as phishing, which is normally delivered in a spam e-mail. Phishing either tricks people into giving up their information (social engineering) or gets them to download malicious code, which makes the process automatic. Last year, Symantec detected 55,389 phishing website hosts, which is where you are sent if you click on a link in a phish-mail. Spoofed financial services companies accounted for 76 percent of these lures compared to 52 percent in 2007.

Spam, which delivers most of this activity, continued to grow, too. This equated to 349.6 billion spam messages in 2008 compared to 119.6 billion spam messages in 2007, which is a 192 percent increase. According to the monthly spam report from Symantec, last month's spam social engineering themes included mortgage rescue, tax season, terror and scareware (fake antivirus solutions) for the much anticipated Conficker worm that was designed to hit on April Fool's Day. Please note that Conficker a.k.a. Downdaup is still a problem, but it didn't spread it's gloom and doom on April 1st to the degree it was expected to.

Cybercriminals have always been quick to exploit the headlines and with the sour economy in the news have been targeting the financial industry. Here also, Symantec saw an increase of personal and financial information being stolen by using financial institutions as bait. In 2008, this amounted to 29 percent of the activity compared to 10 percent in 2007.

In their latest report, Symantec leveraged information from their recent Report on the Underground Economy which points to an organized criminal community that specializes in the sale of stolen personal and financial information. They noted that the economic principle of supply and demand has come into play with this underground economy due to a glut of stolen data – causing prices to go down.

Most of this stolen information is sold in electronic forums, such as websites and Internet Relay Chat (IRC) channels. These forums enable information to be sold worldwide and make the activity anonymous. Because the activity is anonymous, it is very difficult to investigate or shut-down. Credit cards go anywhere from less than a dollar to about $30 and bank account credentials sell for anywhere from $10 to $100. Much of the cost depends on the perceived value of information and the amount of it, which is purchased.

Symantec isn't the only one releasing a report showing an alarming increase information theft. Verizon just released a report showing that 285 million information records were compromised in 2008, alone. While the Symantec report focuses more on individual attacks, the Verizon report studies the impact large scale attacks on businesses and organizations. When combined, the information in these reports is pretty revealing.

According to the Verizon report, the 285 million records stolen are greater than what was known to be stolen in 2004 to 2007. I say "greater" because I've often speculated that the most valuable information stolen is the data no one knows has been stolen. After information is known to have been stolen, measures are taken to protect it. This makes it useless or at least a lot harder to use.

Recently, underground services have also popped up in these underground forums, which allow information thieves to see if the information they are buying hasn't been compromised (pun intended).

Verizon, who investigated 90 data breaches last year, noted that malware is now being designed to steal debit card and PIN information. The report also breaks down the point of compromise by industry and how the data was breached. For instance, in the past year 93 percent of the activity compromised was at financial institutions. Also cited was that most attacks were accomplished by external entities (73 percent) taking advantage of procedural flaws, but that when the breach was assisted by an insider (20 percent) more data was stolen.

The trend towards compromising debit cards and PINS is likely because these instruments are the quickest route to obtaining cash. Obtaining cash is normally the ultimate goal of an information thief and stolen debit card information accomplishes this with a minimum of effort.

Also covered are breaches caused by partners (32 percent), which are external entities providing services to a business. Please note these percentages add up to more than 100 percent, which means that multiple points of compromise can be attributed to any one incident in some cases.

Both reports are an excellent read and point to the fact that there is a glut of stolen information for sale on the black market, which isn't good news. The fact that more information is being stolen than ever before – even when security procedures are ramped up on a regular basis – is not good news, either.

Perhaps both of these reports suggest the obvious, which is we are not winning the war against cybercrime and the problem is getting worse. Historically, these losses have been written off and the cost is passed to the consumer. With the sour economy and the fact that a lot of the financial industry is already on the brink of bankruptcy, writing off these losses might no longer be a realistic solution.

The reason criminals can easily exploit this information is that we are storing it in too many places that are too easy to access. The reason this has happened is because a lot of people are making a lot of money by using and selling this information. Making the information easy to access makes it easier to make money from it. I'm all for making money, but at what point does it prove to be irresponsible?

No security fix is going to solve this problem without a healthy dose of common sense being infused into the scheme of things!

After all, the economy is already in a lot of trouble because of some of same people making a lot of money, irresponsibly. My guess is we are getting to the point, where we will no longer be able to write-off the cost of being irresponsible to the consumer, as well as, the taxpaying public.


Anonymous said...

If you are tired of getting ripped then you found me.
ICQ : 472707238
Visa Classic, MC Standard -$60 .
Visa Gold, Platinum, Business, Signature, Corporate -$80.
Visa Classic, MC Standard -$35
Visa/MC Gold, Platinum, Business, Signature, Corporate -$45.
USA and Canada
Visa Classic, MC Standard -$20.
Visa Gold, Platinum, Business, Signature, Corporate -$40.
Visa Classic, MC Standard -$10.
Visa / MC Gold, Platinum, Business, Signature, Corporate -$15.
518955 5189550708166026=0904101000002 1251000 BANK LEUMI
518955 5189550708688623=0906101000005 7351000 BANK LEUMI
499991 4999910007288033=0902101115468 6400000
499991 4999910010237019=0903101000000 2500000
544548 5445480000060364=1003101000007 6500000
430413 4304131446614008=0907101109658 6800000 Barclays Bank
PLC Italy Credit CLASSIC
452407 4524070000049546=1010101000091 6400001 Banco
Citibank S.A. Brazil Credit PLATINUM
496663 4966630019439726=1002101168999 1200000 Bankinter
S.A. Spain Credit GOLD/PREM
450766 4507666310477276=1102101000003 5029302 Samba
Financial Group Saudi Arabia Credit CLASSIC
401849 4018490900168100=1101101000008 92 Commerzbank AG
Germany Debit CLASSIC
5523180800972256=1110101000200 5430000?
5523180800967058=0911101000100 9370000?
5523180805344246=0906101000200 0210000?
5490501014782513=1008101000000 8901100?
5490500020550559=1003101000009 5400100?
5490500047882480=0812101000001 9102100?
5490500015093052=1004101000008 0502100?
ICQ : 472707238
Don't waste my time if u want to take stuff for free because you wont get!
I are interested in serious partnership only and serious long time buyers.
I provide only good and fresh stuff. If there are problems i am replacing the dumps in maximum 24 hours.
Replace policy :
-You have 48 hours to give me the bad dumps.
-Hold and Decline replaced.
-I don't replace the dumps for the reason that the bin you asked didn't worked in you area. You should know what is working in your area.
I dont give TESTS or DEMOS because i am not SANTA. If you want to get some then youre loosing your time. You have to pay if you want stuff.
I accept only Western Union and WMZ!
I don't have dumps with pin!
I don't know the balance!
I provide only good stuff!
I am talking only to serious people, looking for long time buyers!
Please do not waste my time! Go straight to the point or i will ignore you!
ICQ : 472707238

computer fraud said...

I also think that, if authorities don't start fighting seriously this crime, and people don't start realizing that internet fraud is a real danger for them, we will lose this war against internet crime.

Unknown said...

This is so true I just came back from a hacking conference where I met a member of Network Intercept. They had a product called Keystroke Interference that can put an end to spyware collecting your keystrokes which is where the majority of the attacks happen according to this blog and many other statistical resources. I downloaded if from CNET.

Unknown said...

your blog was too good. i really appreciate with your blog.Thanks for sharing.

PU Document Cases