RSS Alerts

Share

More services

Related Links

Related Stories

  • Conficker and Facebook / Twitter attacks dominate Q1 email threats
    The Conficker worm and attackers’ social engineering techniques exploiting users on Facebook, Myspace and Twitter, dominated the email threats in the first quarter (Q1) of 2009, according to identity-based unified threat management (UTM) solutions provider Cyberoam and its Israeli messaging and web security partner Commtouch.
  • Conficker methodology appears in updated Neeris worm
    Even though version D of the Conficker worm failed to cause havoc - as was widely predicted - on April 1, the worm's methodology continues to cause problems in the shape of an updated version of the Neeris worm.
  • IBM warns over four percent Conficker infection rate
    After scanning around two million PCs, IBM's ISS security division says that around four percent of the PCs it scanned were infected by the Conficker worm.
  • Cisco moves into security and unified communications
    Cisco continued its diversification away from its mainstream networking roots this week with the release of a range of security, storage and unified communications offerings for small businesses.
  • Kaspersky reveals price list for botnet attacks
    A sophisticated underground economy has grown up to exploit the millions of personal computers that have been infected with rogue software that turns them into 'zombies' controlled by botnet masters, says an IT security expert.

Top 5 Stories

News

Cybercriminals adopt business strategies

16 July 2009

Online criminals are using state of the art business strategies to commit cybercrimes, says network equipment maker Cisco.

The Cisco midyear security report published yesterday showed that internet criminals are using software as a service (SaaS), collaborative partnerships, and other enterprise strategies to do improve profitability.

The report outlines common technical and business strategies that criminals use to breach corporate networks, compromise websites, and steal personal information and money.

The researchers found that the Conficker worm, which began infecting computer systems late last year by exploiting a Windows operating system vulnerability, has continued to spread. Several million computer systems were under Conficker's control as of June 2009, it said.

Online criminals were exploiting news to maximise traffic to websites they controlled. When the H1N1 influenza ("swine flu") virus hit the headlines in April, cybercriminals quickly blanketed the web with spam that advertised preventive drugs but linked to fake pharmacies, it said.

While many spammers continued to operate with extremely high volumes, some were switching to low volume but more frequent attacks in an effort to remain under the radar. This followed the successful closure of the McColo website, which was responsible for almost 50% of spam at the time.

Cisco said criminals were developing an ecosystem of specialists. For example, botnet owners were renting out their networks to fellow criminals to deliver spam and malware via the software-as-a-service (SaaS) model.

Spam remained a major vehicle for spreading worms and malware, as well as for clogging internet traffic. Spammers sent 180 billion spam messages a day, about 90% of the world's e-mail traffic, to drive traffic to both legitimate sales pitches and malicious websites, it said.

Cisco said the rise of social networking has made it easier to launch worm attacks. "People in these online communities are more likely to click links and download content they believe were sent by people they know and trust," it said.

The researchers found that cybercriminals sought to disguise malware as legitimate software using a techhique known as spamdexing. Spamdexing packs a website with relevant keywords or search terms to persuade Google and other search engines to list the sites higher in search result pages. This increased the odds that users would download malware from a corrupted site.

Cisco said 2009 saw the start of at least two or three new text or SMS campaigns per week that target mobile phones. "With some 4.1 billion mobile phone subscriptions worldwide, a criminal may cast an extraordinarily wide net and still walk away with a nice profit, even if the attack yields only a small fraction of victims," Cisco said.

The global recession meant insider threats were a growing concern, it said. Insiders who committed fraud could be contractors or other third parties as well as current and former employees.

This article first appeared on Computer Weekly

This article is featured in:
Internet and Network Security • Malware and Hardware Security

 

Comments

Courion says:

16 July 2009
I am not surprised by this new evidence that insider threats are a growing concern. More users than ever before have access to sensitive data, not just IT or board level employees but day-to-day office workers, contractors and partners.

The easiest way for criminals to get their hands on this sensitive data is not by hacking through firewalls, but by simply bribing someone within a company to get the information for them. Fired or laid-off employees know that their former employers are often slow to suspend access to accounts and disgruntled employees could easily cause harm through accessing, stealing and disseminating confidential information before all of their accounts are completely turned off.

In a depressed economy such as we’ve seen over the past 18 months or so, the risk of insider theft has increased. Employees no longer feel a sense of loyalty to their companies and are more tempted by a quick buck than they would in a good economy. If they have been laid off, the temptation is even greater. Only yesterday, it was announced that unemployment had hit 7.6% ¬- the highest rate in more than 10 years.

Organisations need to recognise the growing insider threat highlighted in this research and build a strategy to understand where exactly sensitive information is being held, who has access to it, how they have access to it and why. In addition, they should automate the process to manage user access to this data so that when someone leaves the organisation, the system knows exactly what access they had and can immediately disable that access.

Stuart Hodkinson, UK General Manager, Courion (www.courion.com)

Note: The majority of comments posted are created by members of the public. The views expressed are theirs and unless specifically stated are not those Elsevier Ltd. We are not responsible for any content posted by members of the public or content of any third party sites that are accessible through this site. Any links to third party websites from this website do not amount to any endorsement of that site by the Elsevier Ltd and any use of that site by you is at your own risk. For further information, please refer to our Terms & Conditions.

Comment on this article

You must be registered and logged in to leave a comment about this article.

Terms & Conditions |Privacy |Website Design|Reed Exhibitions. All rights reserved. Copyright © 2012