Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Attacks/Breaches

7/3/2013
07:08 AM
Dark Reading
Dark Reading
Quick Hits
50%
50%

How Cybercriminals Operate

A look at cybercriminal motives, resources, and processes -- and how they may affect enterprise defense

[The following is excerpted from "How Cybercriminals Operate," a new report posted this week on Dark Reading's "a href="http://www.darkreading.com/attacks-breaches">Attacks and Breaches Tech Center.]

Sun Tzu's The Art of War says "know your enemy," yet many businesses are unfamiliar with the cyber enemies that are attacking them every day. Mandiant's APT1 report provides fascinating insight into state-sponsored cyber espionage, but what about the world of the cybercriminal?

Fortinet's 2013 cybercrime report concludes that cybercriminal organizations are pretty much indistinguishable from any well-run, legitimate business operating in a global industry. They are organized, highly motivated, and react quickly to new opportunities and challenges by buying or renting specialist products and services if they don't have the necessary skills in-house.

In this Dark Reading report, we offer a look not at the world of foreign intelligence services or politically and theologically motivated hacktivists, but at the people and organizations that operate in the world of cybercrime. With a better understanding of cybercriminal activity and an appreciation of the threats cybercrime poses, businesses can make their defenses more effective.

The National Intelligence Estimate, the consensus view of the U.S. intelligence community, sees the current level of cyber espionage as a direct threat to the nation's economic interests. Taken with the recent high-profile accusations of state-sponsored cyber attacks against the United States, it's understandable that enterprises and government agencies arefocusing their attention on combating APT-style attacks emanating from other nation-states.

But these attacks are more about disrupting national infrastructures and the wholesale gathering of intelligence and intellectual property than they are about running a profitable but criminal business Criminals are motivated by greed, not ideologies, and the continuous growth of the Internet, e-commerce and data provides unlimited possibilities for making money.

Looking at the economics of cybercrime, it's easy to understand why crime syndicates have expanded their operations into cyberspace. The global nature of the Internet and the lack of effective cross-border and even national legislation make cybercrime relatively risk-free compared with traditional crimes. Trafficking drugs is probably still the most lucrative criminal trade, but the risks of getting caught are quite high. When it comes to cybercrime, on the other hand, the chances of getting caught, of being prosecuted or convicted, or of serving a full sentence are minimal.

For example, the Rustock botnet, thought to be capable of sending 30 billion messages a day from some 1 million infected computers, was taken down in 2011 after concerted efforts by Microsoft, U.S. federal law enforcement agents, FireEye and the University of Washington. The people behind Rustock have never been caught, despite Microsoft's offering a reward of $250,000 for information resulting in conviction.

Many players in the cybercrime economy are from or based in countries where there are weak cyber laws or a low level of enforcement, poor monitoring and even tacit government support for any business bringing in much-needed foreign earnings.

Countries that have a good educational system but offer few job opportunities are also a breeding ground for people susceptible to the lure of easy money.

Banner ads looking to recruit malware engineers give a rate of between $2,000 and $5,000 a month. This is quite alluring when you consider a sampling of national minimum annual wages in 2012: Estonia, $4,923; Brazil, $4,172; Russia, $1,794; and Moldova, $595.

Cybercrime requires no physical contact with victims -- they can be located anywhere in the world. This both reduces the chances of being caught and makes it very difficult for law enforcement to fingerprint a cybercriminal. It also greatly increases the potential number of victims of an attack and the return on investment.

And the ROI is astonishing: One network of hackers from countries including Estonia, Russia and Moldova reportedly defeated the encryption used by an RBS WorldPay computer network. The hackers and their associates withdrew more than $9.4 million from more than 2,100 ATMs across at least 280 cities around the world in less than 12 hours. This type of operation requires an incredible amount of preparation and organization.

To read more about cybercrime operations, motivations, resources, and methods -- and how you can defend against them -- download the free report.

Have a comment on this story? Please click "Add a Comment" below. If you'd like to contact Dark Reading's editors directly, send us a message.

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Navigating Security in the Cloud
Diya Jolly, Chief Product Officer, Okta,  12/4/2019
US Sets $5 Million Bounty For Russian Hacker Behind Zeus Banking Thefts
Jai Vijayan, Contributing Writer,  12/5/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: Our Endpoint Protection system is a little outdated... 
Current Issue
Navigating the Deluge of Security Data
In this Tech Digest, Dark Reading shares the experiences of some top security practitioners as they navigate volumes of security data. We examine some examples of how enterprises can cull this data to find the clues they need.
Flash Poll
Rethinking Enterprise Data Defense
Rethinking Enterprise Data Defense
Frustrated with recurring intrusions and breaches, cybersecurity professionals are questioning some of the industrys conventional wisdom. Heres a look at what theyre thinking about.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-19719
PUBLISHED: 2019-12-11
Tableau Server 10.3 through 2019.4 on Windows and Linux allows XSS via the embeddedAuthRedirect page.
CVE-2019-19720
PUBLISHED: 2019-12-11
Yabasic 2.86.1 has a heap-based buffer overflow in the yylex() function in flex.c via a crafted BASIC source file.
CVE-2019-19707
PUBLISHED: 2019-12-11
On Moxa EDS-G508E, EDS-G512E, and EDS-G516E devices (with firmware through 6.0), denial of service can occur via PROFINET DCE-RPC endpoint discovery packets.
CVE-2019-19708
PUBLISHED: 2019-12-11
The VisualEditor extension through 1.34 for MediaWiki allows XSS via pasted content containing an element with a data-ve-clipboard-key attribute.
CVE-2019-19709
PUBLISHED: 2019-12-11
MediaWiki through 1.33.1 allows attackers to bypass the Title_blacklist protection mechanism by starting with an arbitrary title, establishing a non-resolvable redirect for the associated page, and using redirect=1 in the action API when editing that page.