One industry sector is actually happy about the current state of the global economy: cybercriminals.
"One thing we've seen is financially based cybercrime is recession-proof," says Darren Mott, supervisory special agent for the FBI's Cyber Division. "With [this] changing economy, the only thing that changes is the way they go about obtaining their information."
Organized cybercrime has already begun capitalizing on the global financial crisis, cybercrime experts say, with targeted phishing attacks on customers whose banks have folded, and attacks that scam consumers who may be shopping less online, but are now spending more time at home. With fewer business and consumer targets available, the bad guys are redirecting their efforts to adapt to the market. For example, credit cards are out; debit cards are in.
"The crisis is good for cybercrime because people become more desperate for 'good deals.' It is bad for cybercrime in that they will continue operations much like they do now, but have to move around more often," says security expert Gadi Evron.
And they are already on the move: A wave of targeted phishing attacks on doomed banks and brokerages has been spotted by The Shadowserver Foundation during the past few weeks. "They were crafted a little better, mentioning the affected banks," as well as some that posed as the Better Business Bureau, says Andre' DiMino, co-founder and director of Shadowserver. "They are almost preying on how people are trying to be more savvy in what they buy and what they are doing as they are more careful in where they spend."
One attack used Citigroup's attempted takeover of Wachovia as a premise for stealing Wachovia customers' credentials. (Wells Fargo eventually outbid Citigroup for Wachovia). "There's been a surge in phishing, telling customers that due to the new takeover, they need new credentials," says Ori Eisen, founder and chief innovation officer for 41st Parameter. If the victim hands over his old credentials to "set" his new ones, it's game over for his bank account information.
[...]
In the past two months, researchers at Finjan have found three times the number of servers with stolen data. "Before that, we'd see five or six servers in a single month, or one every week or so. Now we're seeing four or five servers a week," says Yuval Ben-Itzhak, CTO of Finjan. "Increased phishing attacks might be the reason, and a combination of both corporate and consumer [victims]."
Other researchers have cited a direct correlation between the stock market's nosedive and an increase in cybercrime activity. (See related story, Security Weathering Economic Storm.) Ryan Sherstobitoff, chief corporate evangelist for PandaLabs says he and his team first noticed a jump in overall malware on Sept. 16 when stocks started to dip significantly. Panda discovered a 5 to 30 percent increase in malware that day related to the recent wave of rogue antivirus adware attacks. "If the stock market is crashing, there's not a lot of confidence," Sherstobitoff says. And phony antivirus popups warning that your system-may-be-infected-so-you'd-better-run-this-scan preyed on fears, he says.
Meanwhile, law enforcement and cybercrime experts say more malicious Web sites posing as economic or financial advisory services will start to emerge in this jittery financial climate. "'Have you been victimized by your bank's closing? Check us out,'" is the type of lure the bad guys may use with these sites, DiMino says.
That means a reverse in the trend from the past few months of cybercriminals' silently infecting legitimate sites. "Expect to see malicious sites crop up that are geared to information-stealing, malware-dropping, pharming, and phishing rather than compromising legitimate site," he says.
And just as street crime increases in times of financial stress, more novice attackers and script kiddies are likely to perform an online version of shoplifting and bank robbery. "You're going to see more quick-hit script kiddies, like street crime," DiMino says.
[...]
The insider threat, too, will likely also intensify as layoffs spread in the corporate world. "You're going to see insider attacks and less direct hacks," Shadowserver's DiMino says. "There will be more of an attempt to infiltrate from inside, with botnets and SQL injection." With potentially fewer overall enterprise targets, cybercrime organizations could end up fighting over turf. "In general, cybercrime is nothing more than a new form of organized crime," the FBI's Mott says. "You may see more online cybercrime 'violence.' DDoS attacks may go up." Still, the bottom line is that the crisis hasn't hurt the cybercriminal's bottom line. Nor has it slowed any activity in the bustling online black market, at least thus far. "Right now, there's no observable effect. We still see the same trading activity on IRC channels," says Guillaume Lovet, senior manager for Fortinet's Threat Response Team.
This is one of the primary reasons why security-related jobs fair better during hard economic times. We are not recession-proof by any means. I have seen several of my friends take a hit during the last year. But compared to many other job types, we ride the waves better.
But, in the end, companies just can't afford not to be secure...literally.
No comments:
Post a Comment