Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Risk

9/25/2015
03:00 PM
Connect Directly
Twitter
LinkedIn
RSS
E-Mail
50%
50%

Google, Others Seek to Make Cybercrime Costlier For Criminals

Most effective long-term strategy is to target the support infrastructure and financial services used by criminals, Google says

Researchers from Google and several academic institutions are devising ways to fight organized cybercrime by targeting the support infrastructure and financial services used by threat actors to conduct illegal activities.

The goal of the effort is to try and discourage fraudulent activity to the extent possible by making it costlier for criminals to operate, Kurt Thomas and Elie Bursztein, two members of Google’s Anti-Fraud and Abuse Research said in a blog post Thursday.

The two researchers pointed to several examples where Google and others have already begun taking such actions to try and disrupt the cyber underground.

By studying and understanding how cybercriminals are abusing the phone verified account system to do bulk registration of fraudulent accounts, Google for instance, has been able to make its accounts 30 to 40 percent costlier to register in the black market, Thomas and Bursztein said.

Similarly, by studying the methods used by a group of 26 underground merchants to register fake Twitter accounts, researchers at the University of California, Berkeley, George Mason University and Twitter were able to develop a method for retroactively detecting the fake accounts.

With Twitter’s help, the researchers were able to use the method to disable 95 percent of all fraudulent accounts registered by the 27 merchants, including those accounts that had already been sold in the underground.

Using similar tactics, researchers from George Mason University and the University of California, San Diego were able to disrupt payment processing for several illegal pharmacies and outlets selling counterfeit software, the two researchers said.

Such measures are needed because conventional client and server-side oriented countermeasures such as personal anti-virus tools, firewalls, network packet scanners, automated software updates, and two-factor authentication only have had a limited effect in stemming cybercrime, Thomas and Bursztein noted in the blog.

Each time security researchers have developed defensive measures cyber criminals have been able to circumvent them. “While these safeguards have significantly improved user security, they create an arms race: criminals adapt or find the subset of systems that remain vulnerable and resume operation.”

The increasing sophistication and commoditization of the cyber underground has made it easy for criminals from everywhere to trade in knowledge, technologies, services, and data for defrauding businesses and users.

The availability of specialized services for buying and selling infected systems, exploit kits, spam hosting, and user records have transformed cybercrime into a massive collaborative operation among criminals, the Google researchers said.

“An alternative strategy in this space is to target resource bottlenecks within the underground,” they said. The goal should be to try and make it costlier for cybercriminals to do business.

Going forward, security researchers need to focus on a more thorough understanding of the ecosystem used by cybercriminals to develop, execute, and profit from fraudulent campaigns, the two researchers said in a technical paper to the topic developed with other researchers.

The study of underground markets has to evolve from an exploratory niche involving mostly anecdotal research to a core-component of security research.  A clear picture of how attackers profit from victims and institutions is vital to developing effective countermeasures and breaking up the “fragile interdependencies” that exist in the cyber underground, the paper said.

 

Jai Vijayan is a seasoned technology reporter with over 20 years of experience in IT trade journalism. He was most recently a Senior Editor at Computerworld, where he covered information security and data privacy issues for the publication. Over the course of his 20-year ... View Full Bio
 

Recommended Reading:

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
<<   <   Page 2 / 2
Joe Stanganelli
50%
50%
Joe Stanganelli,
User Rank: Ninja
9/25/2015 | 11:58:03 PM
Krebs
InfoSec journalist Brian Krebs has written a great book on this subject: Spam Nation.  It addresses the interconnectedness of the underground cyber marketplaces -- and their connections to other organized crime.  And, indeed, the ability of a lot of these sites and vendors to process credit card payments is essential for their existence.
<<   <   Page 2 / 2
Commentary
What the FedEx Logo Taught Me About Cybersecurity
Matt Shea, Head of Federal @ MixMode,  6/4/2021
Edge-DRsplash-10-edge-articles
A View From Inside a Deception
Sara Peters, Senior Editor at Dark Reading,  6/2/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
The State of Cybersecurity Incident Response
In this report learn how enterprises are building their incident response teams and processes, how they research potential compromises, how they respond to new breaches, and what tools and processes they use to remediate problems and improve their cyber defenses for the future.
Flash Poll
How Enterprises are Developing Secure Applications
How Enterprises are Developing Secure Applications
Recent breaches of third-party apps are driving many organizations to think harder about the security of their off-the-shelf software as they continue to move left in secure software development practices.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-21554
PUBLISHED: 2021-06-14
Dell PowerEdge R640, R740, R740XD, R840, R940, R940xa, MX740c, MX840c, and, Dell Precision 7920 Rack Workstation BIOS contain a stack-based buffer overflow vulnerability in systems with Intel Optane DC Persistent Memory installed. A local malicious user with high privileges may potentially exploit t...
CVE-2021-21555
PUBLISHED: 2021-06-14
Dell PowerEdge R640, R740, R740XD, R840, R940, R940xa, MX740c, MX840c, and T640 Server BIOS contain a heap-based buffer overflow vulnerability in systems with NVDIMM-N installed. A local malicious user with high privileges may potentially exploit this vulnerability, leading to a denial of Service, a...
CVE-2021-21556
PUBLISHED: 2021-06-14
Dell PowerEdge R640, R740, R740XD, R840, R940, R940xa, MX740c, MX840c, and T640 Server BIOS contain a stack-based buffer overflow vulnerability in systems with NVDIMM-N installed. A local malicious user with high privileges may potentially exploit this vulnerability, leading to a denial of Service, ...
CVE-2021-21557
PUBLISHED: 2021-06-14
Dell PowerEdge Server BIOS and select Dell Precision Rack BIOS contain an out-of-bounds array access vulnerability. A local malicious user with high privileges may potentially exploit this vulnerability, leading to a denial of service, arbitrary code execution, or information disclosure in System Ma...
CVE-2021-32682
PUBLISHED: 2021-06-14
elFinder is an open-source file manager for web, written in JavaScript using jQuery UI. Several vulnerabilities affect elFinder 2.1.58. These vulnerabilities can allow an attacker to execute arbitrary code and commands on the server hosting the elFinder PHP connector, even with minimal configuration...