Sep 18: Internet security threat report released by Symantec reveals that the commercialization of internet crime is increasing as online trade in stolen details is going on, attackers using sophisticated technology and thus making money. Its growing market is none other than America at no. 1 while Germany and Sweden rank second and third.
Report says that cyber criminals are adopting professional as well as commercial methods in developing distributing and using the malicious code and services. They are making money out of it. They are developing more professional attack methods and tools to carry out their malicious plans.
Hackers gain personal information about a person by attacking computers mainly from social networking sites as Orkut, Myspace or Facebook or from job recruitment cites.
With this personal information they create a personalized e-mail that prompts the victim to click on it. These attacks are planned in several stages in which first attack is just a base for subsequent attacks. Example of multi staged attack is staged downloader that allows an attacker to change the downloadable component to any type of threat that suits the objectives. MPacke is a multi-staged downloader.
Thus they stole personal bank account numbers credit card details, email passwords and email addresses. For bank account details stolen by hackers, says Symantec report, huge amount is paid in this underground cyber economy. These can be sold up to US $ 400 while credit card details sell for $0.50 and $5.
Alarming trend is their business like strategy plus professional grade service agreement between cyber criminals and agents with which they are doing this malicious activity, says the report.
For this they use different ‘toolkits’. In its report which took the cases during the time span of first half of the year Symantec finds increase in use of such sophisticated toolkits. Citing the example of one such kit called MPack, a professionally developed toolkit which is deployed to install malicious code on thousands of computers throughout the world. Not only these software programmes are installed but the success of these is also monitored through password protected control.
Uses of these kits show how co-ordinated the attackers are. Through these toolkits an attacker spoofs the legitimate website and set up phishing website. 42% of all phishing attacks are managed with the help of just 3 toolkits. They use phishing messages to steal personal as well as financial information.
What was most alarming in the trend according the report was that professionals are doing it for money and not for fame. The report is based on the Symantec data collected from more than 40,000 censors deployed in more than 180 countries.
|
|
Comments:
