santiago silver - Fotolia
Security industry has to change to remain an effective opposition to cyber criminals
The cyber criminal world has moved to a platform approach and it increases the challenges for those trying to protect data
Those operating in the security channel need to be braced for further changes in the industry as vendors face pressure to respond to evolving threats.
The sophistication of threats has increased and research from Bromium has indicated that cyber crime is now bringing in more than $1.5trn in illicit revenues and some of that is being reinvested by criminals determined to overcome the defences trying to protect data.
The size of the money involved is an indication of the challenge being faced by those trying to protect customers and the increasing attractiveness of this type of crime.
The Bromium research also echoed concerns that have been shared in the security world for years, that cyber crime is linked to drugs and terrorism.
With cyber crime taking a platform approach it has become even easier for criminals to use the available tools, ranging from zero day exploits to custom spyware, and choose the attacks that they believe will penetrate security defences.
"The platform criminality model is productising malware and making cybercrime as easy as shopping online. Not only is it easy to access cybercriminal tools, services and expertise: it means enterprises and governments alike are going to see more sophisticated, costly and disruptive attacks as The Web of Profit continues to gain momentum," said Gregory Webb, CEO of Bromium.
The result is that the industry is going to have to evolve and resellers that have loyally stuck with applications from the past are going to have to consider alternatives. Not only is the industry dealing with unparalled levels of sophistication but the speed of the emergence of threats is also making it difficult for those not on top of their game to keep up.
“We can't solve this problem using old thinking or outmoded technology. It's time for new approaches,” he added “We have to understand and tackle the underlying economic ecosystem that enables, funds and supports criminal activity on a global scale to stem the tide and better protect ourselves. By better understanding the systems that support cybercrime, the security community can better understand how to disrupt and stop them. New approaches to cybersecurity will be required."
Services on offer
The research provided some examples of the sorts of services that criminals now offer:
- Zero-day Adobe exploits, up to $30,000
- Zero-day iOS exploit, $250,000
- Malware exploit kit, $200-$600 per exploit
- Blackhole exploit kit, $700 for a month's leasing, or $1,500 for a year
- Custom spyware, $200
- SMS spoofing service, $20 per month
- Hacker for hire, around $200 for a "small" hack