Online cyber criminal markets are putting very sophisticated attack tools into the hands of more low-level attackers, say cyber intelligence specialists.
More attackers are now getting their hands on tools like Zeus and SpyEye, according to the cyber intelligence team at the Online Threats Managed Services (OTMS) group of RSA, the security division of EMC.
Such tools are widely available at relatively low cost, said Idan Aharoni, head of the cyber intelligence team for RSA’s OTMS.
The barriers to entry are falling all the time because these tools are also increasingly easy to use with well-developed user interfaces, he told Computer Weekly.
Aharoni’s team, which monitors activity in cyber criminal chat rooms and forums, reports a growing number of attack tools are being supplied with user guides and support services.
Read more about cyber threats
- Cyber threats affect banks worldwide
- UK cyber protection should be more aggressive, say MPs
- MI5 fighting 'astonishing' level of cyber-attacks
This trend means that even lower-level criminals, who lack the technical expertise to develop attack tools, are now able to acquire and use them with relative ease.
“The risk is huge. More criminals are able to target highly-sensitive information within companies,” said Aharoni, citing a recent case where a password database was stolen from a large company.
However, apart from targeted attacks, there has also been an increase in the number of malware infections on machines within business networks, he said.
“Even in businesses are not specifically targeted, they are still at risk and should ensure they are able to mitigate against the kinds of attacks we are seeing,” said Aharoni.
The time has come for businesses to think beyond traditional barrier defences such as anti-virus and firewall protection, he said. “We have seen this approach fail over and over again.”
In the light of the latest cyber trends, Aharoni believes organisations should assume they will get infected and build their defence strategy around that.
This means adding to traditional defences the capability to identify what systems or machines are infected and identify what data has been targeted and is trying to leave the corporate network.
“Organisations must have a plan for dealing with infections and data breaches; they can’t just say this is an issue that doesn’t affect me. Any company that stores data is a potential target,” said Aharoni.
It is now in the open that countries are using malware as part of their cyber espionage programmes, and he believes companies should be planning their cyber security in light of that fact.