Cybercrime Fueled by Mature Digital Underground
Industrial approach to digital theft costs businesses billions annually, report says.
Thu, June 27, 2013
CSO — Cybercrime is on the rise, spurred by a robust underground economy that's industrialized the making and delivery of tools for criminal behavior, says a report released Wednesday by a maker of device recognition and intelligence solutions.
"Cybercrime is on the rise: large-scale fraud attacks, consumer data breaches and politically-motivated Distrbuted Denial of Service (DDoS) attacks on financial institutions and others are costing these businesses billions of dollars every year," said the report by 41st Parameter.
"Much of this growth stems from the maturation of the criminal digital underground and its 'industrial' approach to cybercrime," the report said.
Five top cybercrime trends were identified in the report:
- Data Breaches. Stolen identities are the fuel that drives the industrial fraud complex, the report said. This fact has led to some spectacularly large consumer data breaches during the past year including Twitter, LinkedIn and LivingSocial's disclosure that more than 50 million records compromised in April 2013.
- Malware. Fraud apps are typically used to impersonate a victim or gain access to their credentials, the report explained. In many cases, malware is designed to avoid detection both by human users and the anti-virus scans that may be running on a device.
- Mobile Threats. The popularity of smartphones -- some 700 million of them were sold worldwide in 2012 -- is being seen as a business opportunity by fraudsters, the report noted. It said that last year, mobile malware threats jumped 163 percent over 2011, infecting some 32.8 million devices -- most of them Android devices.
- Industrialization. This allows cyber bandits to multiply their effectiveness through automation. Because all online and mobile interactions are 'machine-to-machine' -- a user's device interacting with a business's server -- cyber interactions naturally lend themselves to automation, the report said. Once a fraudster secures the credentials required to access a victim's accounts, a process can be built in which multiple accounts are accessed automatically.
- Distributed Denial of Service Attacks. The first goal of a DDoS attack, the report explained, is to disrupt the operation of a website. That usually leads to increased call center activity, which drives up an organization's costs and undermines customer trust in it.
DDoS attacks can be used for other purposes, too. "What we're finding is that fraudsters are starting to use DDoS attacks as a diversionary tactic," said David Britton, vice president of industry solutions for 41st Parameter.
"They're using it to cover up the actual financial takedown activity that they may be running simultaneously," he told CSO.
Those takedowns are aided by fraud automation, the 41st Parameter report said. Fraud automation allows fraudsters to trade a large number of smaller transactions for fewer, larger transactions. This makes anomaly detection systems less effective while introducing greater requirements to identify, document and reset compromised accounts.
Also, industrial-strength automation allows cybercriminals to broadly spread their maliciousness. "Why are cybercriminals industrializing their operations?" Kevin Morgan, CTO of Arxan, asked in an interview. "The answer is the whole world of enterprises are having to extend their interfaces into the mobile world so there's a lot more attack surface area for industrialized applications."
The mobile world is like the Wild West for cybercriminals. "Security things learned 10 years ago in the laptop space are just starting to appear in the mobile space," Charles Henderson, director of Trustwave SpiderLabs, said in an interview.
Henderson said convenience may be an obstacle to mobile phone security. "The fact is that mobile devices are easy to use," he said. "When something is easy to use, it's also easy to misuse."
The "shadow" economy has become one of scale providing services to a myriad of players -- both states and non-states, said Tom Kellermann, vice president of cybersecurity for Trend Micro.
"There's been an overt commoditization and automation of cyber weaponry in the shadow economy," he told CSO. "That's the reason we're seeing such robust end-stage attacks in today's environment."
Even if a cybercriminal doesn't have the capability to accomplish what they want, it's easy enough to purchase it on the cyber black market. "You can get enough capability to hack into almost anything for 600 bucks," Kellermann said.