Hackers turn from vandalism to extortion

A sharp increase in the number of cyberattacks on specific companies has seen hackers targeting victims for financial gain.

A sharp increase in the number of cyberattacks on specific companies has seen hackers targeting victims for financial gain.

A report by IT security software supplier Symantec said its analysis of network attacks in the first six months of this year showed that malicious hackers were moving away from mass campaigns to more focused attempts on e-commerce sites.

Other security suppliers and analysts painted a similar picture.

"We're seeing a big escalation of attacks targeted at e-commerce companies," said Tom Corn of security company Mazu Networks. He said that many attacks were attempts to extort money.

The plight of Authorize.Net is a perfect example. According to marketing director David Schwartz, the company, which provides payment processing services to more than 100,000 online businesses, had its web-based systems disrupted by intermittent but "large-scale" distributed denial of service attacks last week.

The attacks were launched just days after company officials refused to give in to an extortionist's demand for "a substantial amount of money," Schwartz said. "It was something that was sent to our general mailbox," he said, adding that the FBI was investigating the incident.

This isn't the first time Authorize.Net has been targeted, but the onslaught was the biggest yet. "We have been attacked in the past, but not on this scale and with such tenacity," Schwartz said.

Symantec senior manager Jonah Paransky said that targeted attacks on e-commerce sites had quadrupled in the last 12 months to 16%. "Attackers are turning to where the money is," he said.

Paransky added that a jump in the number of remotely controlled "bot networks" used to launch such attacks made the threat more serious. Between January and June the number of bot networks monitored by Symantec rose from fewer than 2,000 to more than 30,000. Malicious hackers have also been getting faster at exploiting new vulnerabilities.

Mazu's Corn said the attackers were becoming more sophisticated, with DDoS attacks "dynamically monitored" by their creators and modified on the fly in an effort to get around corporate defenses.

The combination was creating havoc for IT managers, said Jon Duren, CTO at electrification services company IdleAire. Despite his best efforts, IdleAire's networks kept getting infected with worms, viruses, adware and spyware "that render machines useless," he said. Too much time was spent fighting a battle "where the enemy grows increasingly intelligent".

David Giambruno, director of strategic infrastructure and security at mail and document management firm Pitney Bowes, said the easy availability on the internet of toolkits for developing and launching attacks compounded the problem. "The way those tools simplify the process of launching attacks scares me to death," he said.

Extortion schemes that used attacks like the one against Authorize.Net are becoming more common, with banks among the typical targets, said Gartner analyst John Pescatore. "They are definitely targeted, ransom-type attacks, and there's going to be a lot more of them."

Jaikumar Vijayan writes for Computerworld

Read more on IT risk management