The amazing growth of cybercrime

The cybercrime represents today one of the primary concerns on global scale, it is a growing industry that is impacting every sector of the society in serious way causing relevant financial loss. The crime is exploring new channels and it is implementing new sophisticated fraud schemas to increase its earnings, daily IT security community registers new cyber attacks against private companies, common people and also government agencies.

Lest week I read an interesting article, as usual, published on the blog KrebsonSecurity that described the existence of a service that is proposing access to thousands of corporate servers of major firms for a derisory amount. The criminals behind the service are trying to make profit selling the remote accesses to a series of corporate Windows servers obtained exploiting know vulnerabilities, such as RDP flaw,  using available exploit tool kits.

The service introduced in the article is Dedicatedexpress.com, it is proposing access to nearly 17,000 computers but what is really scaring is that similar cyber criminal activities are very common, the information is becoming a valuable commodity, very much in demand and easily marketable with reduced risks.

The service described is not new, according the post it has been proposed since 2010 impacting almost 300,000 computers worldwide. The specific service collected RDP credentials for corporate servers exploited due the use of improper authentication mechanisms.

The situation is paradoxical, Brian Krebs found a Windows Server 2003 machine in the list of exploited servers belonging Cisco Systems company that used as username: Cisco and password: Cisco … very clever, what do you think about?

The example I proposed is not unique, criminal organizations daily sell a huge casuistry of services and products, let’s think to the renting of botnets to conduct cyber attacks or the sale of malware to realize frauds or to conduct cyber espionage operations.

Many times we have discussed on the localization of cyber criminal phenomena, they usually settle their bases in those countries where law enforcement are tolerant against these type of countries such as Russia and the introduction of new paradigms, such as cloud, hidden new dangers and represent a further opportunity for crime industry.

Stuart McClure president and founder of security startup Cylance, provides an alert on the possible increase of cyber criminal activities that could exploit cloud infrastructures:

“Most of the vulnerabilities you see in the corporate space today for this type of an attack to work are the same vulnerabilities you’re going to find in the cloud,” McClure said.

The impressive growth of cyber criminal activities is targeting mainly new social media platforms and mobile due their wide audience and the lack of awareness on cyber threats, the phenomena are impacting private sectors such as financial, and public.

Organizations and law enforcement share the same vision on how to mitigate the effect of cybercrime, public and private sectors need to collaborate and exchange information on conducted cyber attacks, examining their origins and the way they have been successful. In this optical I find very interesting the data provided by  of the Internet Crime Complaint Center (IC3) discussed in one of my previous articles.

In my opinion, as usual a meaningful support could be provided by ethical hacking, to prevent cyber criminal activities and to put in place the right countermeasures, the knowledge of the dynamics behind this form of crime is essential. Let’s consider the necessity to infiltrate group of criminals, at least being able to track them on line analyzing the evolution of cyber threats and the channel used to sell their services.

Which are privileged targets for cyber attacks organized by criminality?

For sure financial organizations, the number of frauds is in constant increase, cyber criminal are primary interested in stealing money but we must consider also the market of information, the various criminal organizations have demonstrated a great interest in the theft of sensible information to resell in the black market.

According the report “Hacker Intelligence Initiative, Monthly Trend Report #13” produced by Imperva on the its analysis of a large hacker community behind a forum containing more of 250,000 members. Imperva detected a black market for social network frauds.

About 33% of the discussions started in the forum are related to tutorials on how realize fraud schema and how to conduct a cyber attack.Hackers exchange information on strategic targets, related vulnerabilities and on the way to exploit them.

Amichai Shulman, CTO, Imperva said:

“By examining what information hackers seek out or share in these forums, we can better understand where they are focusing their efforts,”

“If organizations neglect SQL injection security, we believe that hackers will place more focus on those attacks.”

The statements synthetize exactly the thought I expressed above. The study reveals DDoS and SQL injection are most common type of attacks, it’s quite simple to find in the hacking forums tools and instruction on how to arrange an offensive.

According to data provided by Imperva DDoS settles 19 percent of total topics and SQL injection 19 percent, meanwhile the most discussed social networks are Facebook with 39%  and Twitter 37%.

The social networks represents an incredible opportunity of business, hackers sell and buy different odds such as account credentials and social bot agents.

RSA’s October Online Fraud Report 2012 confirm a large increases in phishing attacks, 19% more comparing with data related to the second half of 2011 for a total cost to various organizations of $2.1 billion in losses over the last 18 months, a serious damage. RSA confirms that various cyber threats are exploring new channels such as social networks, these platforms are used daily by 50% of U.S. citizens. It is becoming critical the continuous exploit of social media to spread malicious content.

“According to a research study by Microsoft, phishing via social networks in early 2010 was only used in 8.3% of all attacks by the end of 2011 that number stood at 84.5% of attacks delivered through social media.”

It’s clear that social media represents today a privileged vector for cybercrime, “with social media, a core component of a successful phishing attack is already built-in: Trust.”

Let’s provide some figures from the report:

• In September, RSA identified 35,440 phishing attacks launched worldwide, marking a 28% decrease from August.
• 314 brands were targeted by phishing attacks, marking an 8% increase from August.
• In the U.S. banking sector, nationwide bank brands witnessed a 10% increase in attacks.
• Despite a 22% decline in attacks, the UK continues to be the country that endured the highest attack volume, marking the seventh consecutive month, with 47% of attack volume. In turn, Canada absorbed most of this with 17% of attack volume in September.
• U.S. brands continued to be the most targeted by phishing, targeted by 29% of attack volume, followed by the UK and Australia.
• The U.S. continued to be the top hosting country for phishing attacks hosting 77% of attacks. Poland, the UK, Canada, and France accounted for hosting just over 10% of attacks in September

The information provided in this article demonstrate the operational and efficient machine “cybercrime”, it represents an evolving  threat difficult to fight, and who daily brings serious damage to the global economy. The proposed trend is disturbing when analyzed in the global economy and are even more serious contextualized to particular countries.

How to counter growing so large?

Through the sharing of information and investing in-depth knowledge of the techniques used by cyber criminals, methods and techniques that can be acquired through the recruitment of professional hackers, today the police are fighting an unequal battle.

Pierluigi Paganini