Online criminals are using state of the art business strategies
to commit cybercrimes, says
network
equipment maker Cisco.
The Cisco
midyear security report published yesterday showed that
internet criminals are using software as a service (SaaS),
collaborative partnerships, and other enterprise strategies to do
improve profitability.
The report outlines common technical and business strategies
that criminals use to breach corporate networks, compromise
websites, and steal personal information and money.
The researchers found that the
Conficker
worm, which began infecting computer systems late last year by
exploiting a Windows operating system vulnerability, has continued
to spread. Several million computer systems were under Conficker's
control as of June 2009, it said.
Online criminals were exploiting news to maximise traffic to
websites they controlled. When the H1N1 influenza ("swine flu")
virus hit the headlines in April, cybercriminals quickly blanketed
the web with spam that advertised preventive drugs but linked to
fake pharmacies, it said.
While many spammers continued to operate with extremely high
volumes, some were switching to low volume but more frequent
attacks in an effort to remain under the radar. This followed the
successful closure of the McColo website, which was responsible for
almost 50% of spam at the time.
Cisco said criminals were developing an ecosystem of
specialists. For example, botnet owners were renting out their
networks to fellow criminals to deliver spam and malware via the
software-as-a-service (SaaS) model.
Spam remained a major vehicle for spreading worms and malware,
as well as for clogging internet traffic. Spammers sent 180 billion
spam messages a day, about 90% of the world's e-mail traffic, to
drive traffic to both legitimate sales pitches and malicious web
sites, it said.
Cisco said the rise of social networking has made it easier to
launch worm attacks. "People in these online communities are more
likely to click links and download content they believe were sent
by people they know and trust," it said.
The researchers found that cybercriminals sought to disguise
malware as legitimate software using a techhique known as
spamdexing. Spamdexing packs a website with relevant keywords or
search terms to persuade Google and other search engines to list
the sites higher in search result pages. This increased the odds
that users would download malware from a corrupted site.
Cisco said 2009 saw the start of at least two or three new text
or SMS campaigns per week that target mobile phones. "With some 4.1
billion mobile phone subscriptions worldwide, a criminal may cast
an extraordinarily wide net and still walk away with a nice profit,
even if the attack yields only a small fraction of victims," Cisco
said.
The global recession meant insider threats were a growing
concern, it said. Insiders who committed fraud could be contractors
or other third parties as well as current and former employees.