Gangs now specialise in attacks on executives
SYDNEY, 7 APRIL 2010 - Mass indiscriminate computer attacks are giving way to highly targeted individual attempts in a new wave of professional cyber crime, experts say.
Right now millions of computers are being targeted all over the world. At one point last week, home computers and telecommunications companies were the two user groups most under threat worldwide. In Australia alone, 2.95 million attacks have been detected, originating mainly from Canada, the US and China.
According to Symantec, the maker of Norton AntiVirus and owner of corporate email filtering company MessageLabs, between 20,000 and 40,000 new threats are discovered every day by collaborating vendor security labs around the world.
The worrying new trend is that while mass attacks were the norm in the past, targeted, almost single-user, attacks have started to appear.
Hand-picked individuals in corporations are receiving emails and electronic documents that resemble something they expect to see in their inbox, only to unleash trojans and other malware on to their corporate networks.
In its new report, MessageLabs says the top-five targeted job titles are director, senior official, vice-president, manager and executive director. Top of the list are those responsible for foreign trade and defence policy, especially in relation to Asian countries.
The recent hacking attempts on Google and up to 20 large US corporations were aimed at extracting specific information from single users. Individuals appeared to have been targeted according to their position or access to corporate information, according to the chief architect of security technology and response at Symantec, Carey Nachenberg.
In one documented case, senior managers received an infected PDF agenda for a conference they were planning to attend. Opening the document either tried to download and install an executable file, or directed the user to a credible-looking website that was in fact an attempt at phishing.
"What's very unique about this is people had a lot of patience," says Nachenberg, who is responsible for several security patents and teaches computer science at UCLA. "They spent a lot of time putting their targets together. The purpose of the attack we can only guess. We don't know who got the information and for what purpose."
He says malware authors have switched from mass distribution of a few exploitable threats to micro-distribution of millions of distinct threats, each with different instructions and individual fingerprints.
Symantec has detected 120 million distinct threats in the past 12 months. Some, like Vundo, had been distributed to 18 users, while others, such as Harakit, had attempted to infect only 1.6 users on average.
The security response manager of F-Secure Labs in Malaysia, Chia Wing Fei, cites another strategic exploit example.
"We detected a banking virus that is only interested in PCs in Europe," he says. "It won't infect PCs anywhere else, even if the user goes to the drive-by website. The virus uses the user's IP address to determine targets."
Chia says security vendors have detected a rapid professionalisation of cyber crime. Attacks are no longer perpetrated by script kiddies looking for kudos but organised gangs moving in underground communities bent on generating big dollars.
Gangs are now employing IT professionals and business minds to carefully plan their moves and stay one step ahead of detection. Interestingly, they trade their goods on the internet, commanding high prices for the proceeds of crime.
"When we get too close, they find out," Chia says.
A security report by Symantec that focused on the underground economy in late 2008 estimated the potential value of total advertised goods on the black market was more than $US276 million ($305 million) annually.
The most traded commodity was stolen credit card information, followed by stolen bank account data. Credit card numbers sell for as little as US10¢ to $US25, while bank account information can fetch between $US10 and $US1000.
Vendors such as AVG and McAfee suspect the majority of cyber attacks are now the work of a small number of criminal gangs that also deal in other crimes. "We're talking about dozens of crime gangs off and online that organise money laundering and credit card fraud," says a global security strategist at AVG Technologies, Larry Bridwell.
"There's a small number of incredibly [capable] hackers that make up the largest amount of fraud."
The vice-president of threat research at McAfee, Dmitri Alperovitch, says gangs have built pyramid-like schemes of small operators who are unaware of the size and nature of their employer. They recruit unsuspecting people, including pensioners, who have to do little but withdraw and transfer regular amounts of money.
"They have roughies who ruffle up people locally to make sure the money mules pass on their pay," Alperovitch says.
AVG says despite continuous improvement in technology security, online crimes still happen because 30 per cent of all machines run with outdated antivirus software or with it turned off, criminals make increasingly more money and big corporations don't patch their machines as often as they should.
Lia Timson travelled to Silicon Valley as a guest of Symantec and to Malaysia as a guest of F-Secure.
- wong chee tat :)
No comments:
Post a Comment