|
By Michael Eggebrecht
While cybercriminals are employing ever more sophisticated technologies as they engage in illicit activities, their evolving business strategies could pose an equally significant threat.
According to Cisco Systems' Midyear Security Report, issued July 14, online criminals are exploiting traditional business strategies as they continue to flourish amid a shaky global economy. "We see many signs that criminals are mimicking the practices embraced by successful, legitimate businesses to reap revenue and grow their enterprises," said Tom Gillis, VP and general manager of Cisco security products, in the study.
In a video blog previewing the report, Patrick Peterson, Cisco's chief security researcher, called the Michael Jackson spam campaign an indication of the speed with which cybercriminals react to opportunities and the sophistication of their strategies. "Any legitimate business has to acquire customers, and there are sales and marketing programs to tell you how to do that," said Peterson. "The criminals have taken a page from that book and they've been very innovative in customer acquisition."
Criminal enterprises are also increasingly collaborating, selling each other's "products," and developing expertise in specific tactics and technologies, according to Cisco.
As an example, the study cites collaborative efforts between the creators of Conficker -- the much publicized worm that emerged in November -- and the Waledac spam botnet. "In April, the Conficker botnet monetized itself by delivering the Waledac malware via Conficker's own hosts, along with scareware -- scam software sold to consumers based on their (often unnecessary) fear of a potential threat -- to generate revenue from victims," says the report. "In other words, Conficker served as a large-scale distributor for Waledac's wares."
Cisco says that its security experts expect similar "joint ventures" to come to light in the near future.
However, collaboration can work both ways. In response to the Conficker worm, a working group that includes representatives from companies like Cisco, McAfee, Microsoft and Symantec was established earlier this year. The group has a Web site that offers patches and tests, and "the collaborative efforts of Conficker members helped disrupt most of the worm's activities," according to Cisco.
But the recession could increase the number of cybercriminals whom businesses and individuals will have to contend with. "Employees who have been laid off, particularly those with IT skills, may see no option but to turn to online scams or other criminal activity," says Cisco. A cybercriminal interviewed for the report by Cisco said that the typical botmaster makes $5,000 to $10,000 a week.
The security threats are hardly just external. "As the economy has softened, as there have unfortunately been layoffs, the insider threat has grown," noted Peterson. And many current and former staffers are well aware of an organization's security weaknesses.
In a study issued last month, research firm Aite Group called internal data breaches, both malicious and accidental, the biggest vulnerability for financial firms. According to the non-profit Identity Theft Resource Center, insiders were responsible for about 25 percent of data breaches at financial institutions in 2008.
Cisco points to the April arrest of a former IT analyst for the Federal Reserve Bank of New York and his brother for allegedly obtaining loans using stolen identities. Investigators said the ex-staffer had a flash drive with applications for $73,000 in student loans using two stolen identities and "a fake driver's license with the photo of a bank employee who wasn't the individual identified in the license."
As companies look to save money by increasingly depending on short-term staff, teleworkers and consultants, says Cisco, additional security policies should be implemented and access to sensitive data should be carefully controlled. Organizations should also be sure to remove access rights after terminating an employee, adds the report.
Only registered users can write comments.
Please login or register. |
