Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Attacks/Breaches

7/3/2013
07:08 AM
Dark Reading
Dark Reading
Quick Hits
50%
50%

How Cybercriminals Operate

A look at cybercriminal motives, resources, and processes -- and how they may affect enterprise defense

[The following is excerpted from "How Cybercriminals Operate," a new report posted this week on Dark Reading's "a href="http://www.darkreading.com/attacks-breaches">Attacks and Breaches Tech Center.]

Sun Tzu's The Art of War says "know your enemy," yet many businesses are unfamiliar with the cyber enemies that are attacking them every day. Mandiant's APT1 report provides fascinating insight into state-sponsored cyber espionage, but what about the world of the cybercriminal?

Fortinet's 2013 cybercrime report concludes that cybercriminal organizations are pretty much indistinguishable from any well-run, legitimate business operating in a global industry. They are organized, highly motivated, and react quickly to new opportunities and challenges by buying or renting specialist products and services if they don't have the necessary skills in-house.

In this Dark Reading report, we offer a look not at the world of foreign intelligence services or politically and theologically motivated hacktivists, but at the people and organizations that operate in the world of cybercrime. With a better understanding of cybercriminal activity and an appreciation of the threats cybercrime poses, businesses can make their defenses more effective.

The National Intelligence Estimate, the consensus view of the U.S. intelligence community, sees the current level of cyber espionage as a direct threat to the nation's economic interests. Taken with the recent high-profile accusations of state-sponsored cyber attacks against the United States, it's understandable that enterprises and government agencies arefocusing their attention on combating APT-style attacks emanating from other nation-states.

But these attacks are more about disrupting national infrastructures and the wholesale gathering of intelligence and intellectual property than they are about running a profitable but criminal business Criminals are motivated by greed, not ideologies, and the continuous growth of the Internet, e-commerce and data provides unlimited possibilities for making money.

Looking at the economics of cybercrime, it's easy to understand why crime syndicates have expanded their operations into cyberspace. The global nature of the Internet and the lack of effective cross-border and even national legislation make cybercrime relatively risk-free compared with traditional crimes. Trafficking drugs is probably still the most lucrative criminal trade, but the risks of getting caught are quite high. When it comes to cybercrime, on the other hand, the chances of getting caught, of being prosecuted or convicted, or of serving a full sentence are minimal.

For example, the Rustock botnet, thought to be capable of sending 30 billion messages a day from some 1 million infected computers, was taken down in 2011 after concerted efforts by Microsoft, U.S. federal law enforcement agents, FireEye and the University of Washington. The people behind Rustock have never been caught, despite Microsoft's offering a reward of $250,000 for information resulting in conviction.

Many players in the cybercrime economy are from or based in countries where there are weak cyber laws or a low level of enforcement, poor monitoring and even tacit government support for any business bringing in much-needed foreign earnings.

Countries that have a good educational system but offer few job opportunities are also a breeding ground for people susceptible to the lure of easy money.

Banner ads looking to recruit malware engineers give a rate of between $2,000 and $5,000 a month. This is quite alluring when you consider a sampling of national minimum annual wages in 2012: Estonia, $4,923; Brazil, $4,172; Russia, $1,794; and Moldova, $595.

Cybercrime requires no physical contact with victims -- they can be located anywhere in the world. This both reduces the chances of being caught and makes it very difficult for law enforcement to fingerprint a cybercriminal. It also greatly increases the potential number of victims of an attack and the return on investment.

And the ROI is astonishing: One network of hackers from countries including Estonia, Russia and Moldova reportedly defeated the encryption used by an RBS WorldPay computer network. The hackers and their associates withdrew more than $9.4 million from more than 2,100 ATMs across at least 280 cities around the world in less than 12 hours. This type of operation requires an incredible amount of preparation and organization.

To read more about cybercrime operations, motivations, resources, and methods -- and how you can defend against them -- download the free report.

Have a comment on this story? Please click "Add a Comment" below. If you'd like to contact Dark Reading's editors directly, send us a message.

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
COVID-19: Latest Security News & Commentary
Dark Reading Staff 5/22/2020
How an Industry Consortium Can Reinvent Security Solution Testing
Henry Harrison, Co-founder & Chief Technology Officer, Garrison,  5/21/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: This comment is waiting for review by our moderators.
Current Issue
How Cybersecurity Incident Response Programs Work (and Why Some Don't)
This Tech Digest takes a look at the vital role cybersecurity incident response (IR) plays in managing cyber-risk within organizations. Download the Tech Digest today to find out how well-planned IR programs can detect intrusions, contain breaches, and help an organization restore normal operations.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-13438
PUBLISHED: 2020-05-24
ffjpeg through 2020-02-24 has an invalid read in jfif_encode in jfif.c.
CVE-2020-13439
PUBLISHED: 2020-05-24
ffjpeg through 2020-02-24 has a heap-based buffer over-read in jfif_decode in jfif.c.
CVE-2020-13440
PUBLISHED: 2020-05-24
ffjpeg through 2020-02-24 has an invalid write in bmp_load in bmp.c.
CVE-2020-13433
PUBLISHED: 2020-05-24
Jason2605 AdminPanel 4.0 allows SQL Injection via the editPlayer.php hidden parameter.
CVE-2020-13434
PUBLISHED: 2020-05-24
SQLite through 3.32.0 has an integer overflow in sqlite3_str_vappendf in printf.c.