E-crime has evolved into abooming business. Viruses, malware and
online crime have moved from hacking vandalism into a major shadow
economy that closely mimics the real business world, including
profit-driven organised cybercrime, writes Yuval Ben-Itzhak,
CTO at Finjan.
Money is driving the growth of targeted attacks against
financial institutions, enterprises and governmental agencies. The
financial damages from security breaches will keep on running into
millions of pounds.
Cybercriminals use the web as a highly effective attack vector
for a wide range of illegitimate and malicious activities,
including identity theft through keylogging, financial fraud,
espionage, and intelligence gathering. Their operations function as
international organised crime networks which makes it hard to catch
them, let alone to prosecute.
In 2008, we have seen the continued development of sophisticated
criminal-to-criminal
(C2C) business models. These mature business models operate on two
levels. Crimeware developers are supplying "crimeware toolkits" to
other criminal elements to be used for attacks. These "how to"
packages instruct users step-by-step in how to infect a system and
then retrieve data for financial gain. But criminals can also go
the old-fashioned way: purchasing data collected by Trojans,
keyloggers and other types of
crimeware. These crime pros use robust and scalable crimeware
that gives them maximum flexibility in terms of command and
control.
One of the main reasons why e-crime remains so profitable is the
success rate of Trojan technologies, using
web 2.0 as the main attack vector. By using silent
installations and drive-by downloads, PCs and networks have
successfully been infected.
These
"Trojan 2.0" attacks combine various web services to heighten
their infection ratio. At the same time, they substantially reduced
their chance of being detected. They use legitimate websites and
domains for distributing instructions to botnets, which makes it
look like regular web traffic. To make things even more
complicated, evasive techniques (such as the use of obfuscated
codes) is deployed to bypass security applications. In short, any
organisation, company, enterprise or business with Internet access
is a potential and prime target - regardless of its size or
location.
A striking example is the wave of attacks that came from
China in late 2007 and have continued into 2008. Malicious
content was distributed using obfuscated code and a network of
websites to bypass traditional information security technologies.
One of the websites used to distribute the crimeware belonged to a
Chinese government office. It illustrates that cybercriminals not
only successfully attack government websites, but also turn them
into "cyber crime tools". Due to its high success rate, we see more
of these kinds of attacks using infected legitimate websites. A
recent example is the Forth Road Bridge's website, where
cybercriminals deployed the Neosploit crimeware toolkit, using
obfuscated JavaScript, for their attack.
It is clear that traditional security solutions, such as
anti-virus, URL filtering or reputation services, will become more
and more limited in their ability to handle the latest and highly
complicated cybercrime attacks. Traditional security technologies
are not equipped to deal with, let alone prevent, these threats. To
meet the growing demand for more effective protection, the security
industry must close the gap between these new attack techniques and
the conventional defence strategies.
The optimal way to do this is concentrating on real-time code
inspection technologies. These can effectively protect networks
against such attacks, since they analyse every piece of content
regardless of its source. They are therefore able to detect
malicious codes without using signature updates or databases of
classified URLs.
With the use of active real-time code inspection, entities can
be sure that no malicious content will enter their corporate
networks, even if the origin is a highly respectable and trusted
website.
>>
Computer Weekly Infosec Europe showguide and preview