Top 10 cyber crime stories of 2012

Ten articles that illustrate some of the major trends in cyber crime in 2012

Cyber crime has continued to become more professional in 2012, with the barriers to entry becoming ever lower with the emergence of increasingly powerful toolkits and exploits for sale online.

In the past year, cyber criminals have used increasingly powerful and targeted attacks to steal information ranging from credit card details and other personal information to intellectual property.

At the same time, international co-operation is growing and has led to several botnet takedowns and arrests in co-ordinated operations around the globe.

Here are 10 articles that illustrate some of the major trends in cyber crime in 2012:

Powerful cyber attack tools widely available, say researchers

Online cyber criminal markets are putting very sophisticated attack tools into the hands of more low-level attackers, say cyber intelligence specialists.

More attackers are now getting their hands on tools like Zeus and SpyEye, according to the cyber intelligence team at the Online Threats Managed Services (OTMS) group of RSA, the security division of EMC.

2012 Cost of Cyber Crime Study: UK

Cyber crimes are costly. The Ponemon Institute found that the average annualised cost of cyber crime for the 38 organisations is £2.1 million a year, with a range of £0.4 million to £7.7 million

Cyber criminals target Skype, Facebook and Windows users

Cyber criminals targeted users of Skype, Facebook and Windows using multiple Blackhole exploits in October, according to the latest threat report from security firm GFI Software.

Researchers uncovered a large number of Blackhole exploits disguised as Windows licences, Facebook account verification emails, Skype voicemail notifications and spam messages.

Zero-day exploit for Yahoo Mail goes on sale

In November, a hacker was offering a zero-day exploit for Yahoo Mail for $700 that would enable an attacker use a cross-site scripting (XSS) vulnerability to steal cookies and hijack accounts.

The hacker, known as “TheHell”, created a video to market the exploit on an underground cyber crime market called Darkode.

Six arrested in the UK in worldwide FBI-led credit card data sting

Law enforcement officers arrested six people in the UK and 12 in the US in an FBI-led sting operation in June that netted a total of 24 credit card cyber fraudsters in 13 countries.

The arrests followed a two-year undercover FBI investigation that tracked those buying and selling credit card information through a fake online forum

XSS attacks remain top threat to web applications

Cross-site scripting (XSS) attacks remain the top threat to web applications, databases and websites, an analysis of 15 million cyber attacks in the third quarter of 2012 revealed.

Other top attack techniques are directory traversals, SQL injections (SQLi), and cross-site request forgery (CSRF), according to a web application attack report by cloud hosting firm FireHost.

AT&T takes APTs seriously

Advanced persistent threats (APTs) are real and all companies should be taking them seriously, says telecommunications company AT&T.

In the past year, the company has set up an IT security team dedicated to researching APTs and making recommendations on how to defend against them.

Yahoo user sues over personal data breach

A Yahoo user sued the web portal company for negligence in August for allowing more than 450,000 user names and passwords to be stolen from one of its sites.

Jeff Allan of New Hampshire, whose login credentials were posted online after a hacker infiltrated a company database on 11 July, filed a complaint in a federal court in California.

Nasa to encrypt data after latest breach

US space agency Nasa is to encrypt all its mobile computers after the loss of a laptop containing personal information about more than 10,000 employees and contractors.

This is the latest in a series of data breaches involving unencrypted laptops at Nasa in recent years and comes just eight months after the theft of a laptop containing personal information of 2,300 employees and students.

Cyber attackers increasingly targeting applications, research shows

Web and mobile applications are the new frontiers in the war against cyber attack, according to a top cyber security risks report from Hewlett Packard (HP) published in May.

The report reveals that SQL injection (SQLi) attacks on web applications increased sharply from around 15 million in 2010 to more than 50 million in 2011.

Read more on Privacy and data protection

Data Center
Data Management