Posts Tagged ‘cyber crime’
Tuesday, February 19th, 2013
The Mobile Security: McAfee Consumer Trends Report, says cyber criminals are growing increasingly sophisticated in mounting their digital attacks.
The report identifies a new wave of techniques hackers use to steal digital identities, commit financial fraud, and invade users’ privacy on mobile devices.
Mobile platforms have become increasingly attractive to cybercriminals as consumers live more of their digital lives on smartphones and tablets.
Mobile attracting mischief
According to IDC, mobile devices are surpassing PCs as the preferred way to access the Internet and the number of people using PCs to go online will shrink by 15 million over the next four years, while the number of mobile users will increase by 91 million.
With the mobile space becoming a more enticing platform for online mischief, the complexity and volume of threats targeting consumers will continue to increase. Using its extensive global threat intelligence network (GTI), McAfee Labs analyzed mobile security data from the last three quarters.
“Despite elevated consumer awareness of threats on mobile platforms, there is still a significant knowledge gap surrounding how and when devices become infected and the level of potential damage,” said Luis Blando, vice president of mobile product development at McAfee.
“Cybercriminals are exhibiting greater levels of determination and sophistication leading to more destructive, multi-faceted hacks that are harder to spot, and thus warrant a greater degree of security and vigilance. Our goal in releasing this report is to help consumers understand the risks they face and learn ways they can stay safe and compute with confidence on all of their devices.”
In the report, McAfee Labs identifies the following threats as the most severe existing and new trends consumers will encounter in 2013:
Risky Apps: Cybercriminals are going to great lengths to insert infected apps into trusted sources such as Google Play and the risks within each app are becoming more intricate.
As a matter of fact, McAfee Labs found that 75 percent of the malware-infected apps downloaded by McAfee Mobile Security users, who are apt to be more security conscious than the average consumer, were housed in the Google Play store, and that the average consumer has a one in six chance of downloading a risky app.
Nearly 25 percent of the risky apps that contain malware also contain suspicious URLs, and 40 percent of malware families misbehave in more than one way.
A risky app may allow someone to:
- Steal personal information such as banking, email or wireless account details and combine that with location data to put together a complete picture of who you are
- Perpetuate fraud such as an SMS scam that will charge you without your approval
- Abuse a device by making it part of a criminal bot network, which allows someone to remotely control your phone
Black Market Activity: Botnet clients, downloaders, and rootkits are generic, useful software sold on black markets as part of software toolkits.
Criminals use these to commit premium SMS and click fraud, spam distribution, data theft, or bank fraud – and the complexity of these criminal activities is growing. Commercial criminals are now reusing and recombining these components to devise new, profitable schemes.
Drive-by Downloads: The first mobile drive-by downloads were seen in 2012 and we expect these to increase in 2013. On a mobile device, a drive-by download fools a user into downloading an app without knowing it. Once a user opens the app, criminals have access to the device.
Near Field Communication: In 2013, we expect to see criminals abuse the tap-and-pay near field communications (NFC) technology used in mobile payment programs, or “digital wallets.” This scam uses worms that propagate through proximity, a process we can call “bump and infect.”
The distribution path can quickly spread malware through a group of people such as in a passenger-loaded train or at an amusement park. When the newly infected device is used to “tap and pay” for the next purchase, the scammer collects the details of the wallet account and secretly reuses these credentials to steal from the wallet.
Worm malware like this will spread by exploiting vulnerabilities on devices. This development would monetize the 11.8 percent of malware families that already contain exploit behaviors.
As the mobile space evolves, criminals will look at ways to generate revenue from features only mobile devices have. During 2012, about 16 percent of malware families detected by McAfee attempted to get devices to subscribe to premium SMS messages. In 2013, we foresee an increase in threats that will have users finding out they bought premium apps only when they check their bills.
For a full copy of the Mobile Security: McAfee Consumer Trends Report from McAfee Labs, with additional threats, please visit:http://www.mcafee.com/us/resources/reports/rp-mobile-security-consumer-trends.pdf
Thursday, February 14th, 2013
Most cybercrime is carried out by a loose confederation of independent contractors who work together when necessary through online forums and “partnerkas” that allow them to pool their resources, but these online criminal networks can be foiled, according to a new report released today by the Digital Citizens Alliance.
The Digital Citizens report sheds light on how global organized crime leverages the Internet for scams and other schemes that hurt consumers.
The report also highlights recent examples in which others have weakened the glue that binds these criminal communities together by undermining trust relationships, isolating and apprehending key members, and making it more difficult for them to receive payment for their crimes.
The Tangled Web
The “Tangled Web” report is the first in a series on cybercrime by Digital Citizens – an alliance of individuals, organizations and businesses dedicated to making the Internet safer and crime-free. For the full report, please go to.
Understanding how cybercriminals work together is an important part of combatting criminal activities on the Web. According to the report, cybercrime is not as organized as often believed. More frequent than not, the loose confederation of independent contractors work together only when mutually beneficial to all cooperating parties. This includes sharing best practices on how to secure the money stolen from digital citizens.
Follow the money
The report also points out that tackling counterfeits, content theft and intellectual property crime requires disrupting their channels of cooperation and payment. The third option – following the money and cutting off the payment source – is singled out as the easiest way to deter cybercriminals.
“The most uplifting part of this report are the examples of the digital community working with payment processors to stop and deter cybercrime,” said Tom Galvin , executive director of Digital Citizens Alliance.
Here at the TechJournal, we see continual evidence that hacking attempts are often try to exploit once compromised images, posts or WordPress plugins, even though we patched those security holes. That suggests to us that they’re being led to those via hacking forums or other sources.
Citizens can help combat cyber crime
“With this report, we want digital citizens to know that they play a significant role in combatting crime on the Web. It doesn’t take just law enforcement. Anyone can help take down a cybercrime ecosystem through established reporting methods with payment card networks.”
The key pillars that support most criminal commerce online, includes black market online bazaars, cybercrime joint ventures, and underground exchanges.
Other report findings show that cybercriminals…
- Work through Forums and “Partnerkas” (When Mutually Beneficial): These online forums allow independent actors to pool their resources, aimed at creating personal wealth, power and greater access to the tools that may further future online criminal schemes.
- Diversify their Operations: Some of the most successful criminals are those who diversify their operations. An average crime forum member has ties to multiple types of illegal or illicit online enterprises.
- Use Pharmacy, Malware, Counterfeiting, and Dating as Popular Schemes: Most forums feature a myriad of services for driving traffic to crime affiliate programs including rogue pharmacy sites, fake antivirus or ransomware affiliate programs, counterfeit software and prescription drugs, organized dating and reshipping scams, toll fraud and SMS billing schemes.
Friday, January 11th, 2013
Security experts say a security flaw in Oracle’s Java software allows hackers to attack personal computers and it should be disabled in your browsers or uninstalled now.
You can find instructions on how to disable Java in whatever browser you are using online.
A security officer with Rapid7 told Reuters, “This is like open hunting season on consumers.”
Java has had many security problems in the past and frequently updates to patch holes.
News reports say cyber criminals are already using the Java security flaw to mount attacks via exploit kits available online.
You many wish to simply uninstall Java, although that will prevent some things from working in your browser.
We disabled Java in Chrome and Firefox, the two browsers we use, this morning. It only takes a minute or two.
Wednesday, December 19th, 2012
While 2013 cyberthreats are already well anticipated and mundane, but Internet Identity (IID) predicts that by 2014 significant new methods of cybercrime will emerge. Some of them – such as murder via connected devices or a hacked power gird, are truly scary.
These new threats include the utilization of Internet connected devices to actually carry out physical crimes, including murders and cybercriminals leveraging mobile device Near Field Communications (NFC) to wreak havoc with banking and e-commerce.
IID also expects the industry to combat such threats with new platforms for sharing intelligence across researchers, commercial enterprises and government agencies.
“Being bold is predicting the end of the world this week coinciding with the end of the Mayan long-count calendar as some people are. What isn’t bold in cybersecurity is prognosticating the same old same old with more mobile malware, APTs giving cybercriminals backdoor access to their intended victims and even more data breaches of Fortune 500 companies as most industry pundits are,” noted IID president and CTO Rod Rasmussen.
“Those threats are well understood, and being addressed today. The more interesting thing from our perspective is what’s next? And how will the industry respond?”
Murder By Internet Connected Devices
With nearly every device, from healthcare to transportation, being controlled or communicated with in some way via the Internet, IID predicts that criminals will leverage this to carry out murders.
Examples include a pacemaker that can be tuned remotely, an Internet-connected car that can have its control systems altered, or an IV drip that can be shut off with a click of a mouse.
“With so many devices being Internet connected, it makes murdering people remotely relatively simple, at least from a technical perspective. That’s horrifying,” continued Rasmussen.
“Killings can be carried out with a significantly lower chance of getting caught, much less convicted, and if human history shows us anything, if you can find a new way to kill, it will be eventually be used.”
By 2014, Juniper Research predicts almost 300 million (one in five) smartphones worldwide will be NFC-enabled, and Global NFC transactions will total almost $50 billion. NFC, something mobile companies are heavily marketing, is a set of smartphone standards that enables everything from payments to unlocking of hotel room doors to automatic peer-to-peer information exchange between two devices placed closely together.
IID predicts that while the underlying technology in NFC is secure, almost all of the applications that will be written to interface with the technology will be riddled with security holes, and massive losses will ensue.
A gold mine for cyber crooks
“The amount of banking and point of sale e-commerce apps that are being developed utilizing NFC is astronomical,” said IID Vice President of Threat Intelligence Paul Ferguson. “This is a gold mine for cybercriminals and we have already seen evidence that they are working to leverage these apps to siphon money.”
In lock-step with all of these threats, IID predicts a strong response in the form of an intelligence sharing network that will alert participating companies, government institutions and more about the latest cybercrime attacks.
Currently, government agencies lack clear guidance about the rules of engagement for sharing, and enterprises are worried about the potential liabilities created by intelligence sharing. IID expects that Congress will enact new cybersecurity legislation that provides safe harbor protections enabling enterprises and government institutions to share intelligence without such fears in the coming months.
Other cybersecurity trends IID predicts in 2014 include:
- A large increase of government sanctioned malware targeting other government institutions around the globe with nation states openly engaging in acts of cyber-espionage and sabotage
- At least one successful penetration of a major infrastructure component like a power grid that results in billions of dollars in damage
- An exploit of a significant military assault system like drones that result in real-world consequences
To read about the latest Internet security trends, go towww.internetidentity.com/resources/trend-reports to access IID’s quarterly eCrime Trend Reports.
Wednesday, June 6th, 2012
As the number of data breaches involving smaller businesses continues to grow, a new survey by The Hartford finds that 85 percent of small business owners believe a data breach is unlikely, and many are not implementing simple security measures to help protect their customer or employee data.
“Most of the business owners surveyed believe they are not at risk, when in fact smaller businesses are increasingly being targeted,” said Lynn LaGram, assistant vice president of small commercial underwriting at The Hartford.
“As cyber criminals set their sights on smaller firms, it is important for business owners to take proactive measures to protect data and minimize the likelihood of a breach.”
The Hartford Small Business Data Protection Survey found that business owners varied in their adoption of eight data protection “best practices” to help reduce a business’s risk of a breach:
1. Lock and secure sensitive customer, patient or employee data - 48 percent
2. Restrict employee access to sensitive data – 79 percent
3. Shred and securely dispose of customer, patient or employee data – 53 percent
4. Use password protection and data encryption – 48 percent
6. Update systems and software on a regular basis – 47 percent
7. Use firewalls to control access and lock-out hackers – 48 percent
8. Ensure that remote access to their company’s network is secure – 41 percent
The Hartford survey also found that nearly two-thirds of business owners (61 percent) believe a data breach violates trust and would jeopardize their relationships with customers, patients and employees. More than a third (38 percent) say they have a more negative opinion of companies that have recently experienced a breach, based on the companies’ handling of the breach.
About a third of business owners (34 percent) say they would have difficulty complying with government notification requirements, and nearly half (47 percent) acknowledge it would be impossible for a small business to completely safeguard customer, patient or employee data.
“Given the potential business and reputational costs of a data breach, it’s also important for business owners to have insurance in place to help them respond and recover quickly and effectively in the event of a breach,” said LaGram.
The Hartford offers information and resources for small businesses about data breach protection at www.hartforddatabreach.com.
Thursday, March 8th, 2012
Hacktivists such as Anonymous may be having at least one good effect. They’re raising awareness of the need for better cyber security.
When asked “Is your company a potential target for hacktivists, organized cyber crime or nation state attacks,” 73% of respondents believe their organization is a target for hacktivists, and 71% identified organized cyber crime as a threat.
Only 57% believe nation state attacks are a risk to their organization.
nCircle, which sells information risk and security performance management solutions, conducted the survey of 244 attendees of the 2012 RSA Conference in San Francisco.
“Unlike cyber crime, there is no such thing as a small, private breach for hacktivists unless it is part of a larger attack plan,” said Tim ‘TK’ Keanini, CTO for nCircle.
“Hacktivist breaches are designed for media value and public impact, so they are always fully disclosed and the targets are selected for maximum shock value. On the other hand, every business with an Internet connection is a potential target for organized cyber crime.
“Hacktivists have increased our collective awareness of cyber security to a completely new level — everyone from IT security pros to my grandmother is worried about cyber security.”
Thursday, February 23rd, 2012
From 2010 to 2011, Android officially overtook Symbian as the most targeted mobile platform in the world by cyber criminals according to a new report from NQ Mobile Inc., (NYSE: NQ), a global provider of consumer-centric mobile Internet services focusing on security and productivity, indicates that
NQ Mobile’s Mobile Security Report also shows that in 2011, newer and more advanced forms of malware have successfully infected an estimated 10.8 million Android devices worldwide. This is expected to increase throughout 2012.
A double-edged sword
“Smartphones and tablets are finally delivering consumers with these converged and connected experiences we’ve been promised for so long,” says Omar Khan, Co-CEO NQ Mobile. “But this is a double edged sword: as smart device usage becomes more sophisticated, so too are cyber criminals’ methods of attacking consumers’ personal information.”
Key Findings for 2011
- Malware threats to Android devices increased 1880 percent from January to December 2011
- More than 10.8 million Android devices worldwide were infected by malware
- The top countries with infected Android devices were China, India, the United States of America, Russia and the United Kingdom
Trends in Malware Design
In 2011, malware created significant technical challenges for the industry. Specifically, mobile malware authors were not only actively applying advanced malware infection techniques from the traditional (and relatively mature) PC arena, but also developing new exploits or attacks unique the mobile platforms.
The top three techniques used by malware authors to gain access to mobile device were:
- Piggybacking on Legitimate Apps: Malware developers download popular applications, insert malicious code and then place the application back onto a marketplace. When users download and install this application it immediately launches its payload into the users smart device.
- Upgrade Apps to Malicious Apps: Similar to piggybacking, malware developers insert a special upgrade component into a legitimate application allowing application to be updated to a new, malicious version.
- Enticing Users for Downloads: The ability to side load applications outside of official application marketplaces allows malware developers an easy way to entice users to download malicious apps.
Predictions for 2012 and Beyond
As more consumers use their mobile devices to shop and bank, malware developers will be enticed by easy access to personal data. Despite best efforts by the market to actively develop and deploy advanced defense mechanisms, several types of mobile malware will continue to evolve in 2012.
- We will see more piggybacking on legitimate banking and financial apps as well as malware dressed up as security protection applications
- We will see more SMS fraud scams that charge users high rates for messaging and collect users’ personal data
- Popular on PCs, we will see more mobile botnets which will take advantage of security gaps and allow hackers to send messages, make phone calls and access user contacts and other personal information.
Tuesday, August 16th, 2011
Would-be hackers can now find the source code for SpyEye, the data stealing Trojan that was previously sold for $10,000, on sale cheap. Ranked as one of the top three Web treats in 2011 even before the inexpensive SpyEye malware kit was available, the Trojan now lets cyber criminals use the kit without the attribution that used to make it possible to trace it back to its source.
Security firm Damballa, which has been tracking SpyEye for some time, says in a blog post that the release of the source code for the Spyware, which is used to capture banking and other financial information, is a “two-edged sword.” On one hand, it may help security researchers find bugs in the program. On the other, it means anyone can now use it.
It is sophisticated spyware that can evade or disarm detection and removal and has even caused bank security systems trouble. The thing is dangerous.
Sean Bodmer, Damballa’s senior threat intelligence analyst, wrote on the company blog, “Now that SpyEye has been ousted it is only a matter of time before this becomes a much larger malware threat than any we have seen to date. So for the next few months, please hold onto your seats people… this ride is about to get very interesting.”
Thursday, January 27th, 2011
ATLANTA – It is no longer acceptable to rely solely on preventive measures for cyber security. Combating targeted threats requires a sustained effort and the capability to perform rapid threat detection and response. So says MANDIANT, a company selling incident response and computer forensics solutions and services, in its second annual M-Trends report released at the U.S. Department of Defense Cyber Crime Conference 2011 at the Hyatt Regency Hotel in Atlanta.
The M-Trends series spans more than a decade of lessons learned on the front lines of intrusion investigations for the U.S. government, defense industrial base and commercial organizations. When Prevention Fails spotlights malware capabilities and techniques and other highly complex and sophisticated attack schemes used by the Advanced Persistent Threat across a breadth of organizations.
Content presented in M-Trends has been derived by MANDIANT from unclassified environments and sanitized to protect victim identity and data.
Some excerpted trends and conclusions from M-Trends: When Prevention Fails:
It is no longer acceptable to rely solely on preventive measures. Combating targeted threats requires a sustained effort and the capability to perform rapid threat detection and response.
The majority of victims were either compromised by a targeted e-mail campaign or were victims of a prior intrusion that was never appropriately remediated.
Threats have evolved faster than our ability to reliably safeguard our assets. To better protect our information and intellectual property, we must adapt our organizational security programs to meet the emerging challenges.
Done right, threat detection and response provides IT security teams the situational awareness to rapidly detect incidents, suppress their impact, develop their own threat intelligence and rely on other timely intelligence to proactively inspect your networks for the fingerprints of compromise.
“In more than fifteen years of responding to incidents I have learned combating targeted threats requires a sustained effort and the capability to perform rapid threat detection and response,” said MANDIANT Chief Executive Officer Kevin Mandia, one of the report’s principal authors.
M-Trends is written for information security professionals in the enterprise and to increase our collective understanding of the advanced threat landscape. The report continues to break new ground in our collective understanding, information sharing and evolution of the APT and other sophisticated attacks targeted at government and commercial organizations.
“Between Aurora, Stuxnet, and the Wikileaks distribution of classified wires, 2010 should have made it abundantly clear that the stakes have changed,” said Josh Corman, Research Director for Enterprise Security at The 451 Group.
“We are well beyond casual attackers whose attacks conform to mainstream 80/20 rules and compliance checkboxes. Adaptive Persistent Adversaries know you are compliant and do not care. It’s time to refresh your models and to invest in greater visibility for early detection and prompt, agile response. Industry reports like M-Trends can help increase broader awareness and understanding of the advanced threat landscape.”
To download a copy of M-Trends: When Prevention Fails, see:
Thursday, January 20th, 2011
ORLANDO, FL – PandaLabs, Panda Security‘s anti-malware laboratory, infiltrated the cyber-crime black market and has released a fascinating report on what it found in the darker back alleys of the Internet.
It discovered a vast network selling stolen bank details along with other types of products in forums and more than 50 dedicated online stores. This is a rapidly growing industry and cyber-criminals are aiding and abetting each other’s efforts to steal personal information for financial profit. After posing as a cyber-criminal to infiltrate the network, PandaLabs made some alarming discoveries which are available in the full report .
The cyber-crime black market, which has traditionally centered on distributing bank and credit card details stolen from users around the world, diversified its business model in 2010, and now sells a much broader range of hacked confidential information including bank credentials, log-ins, passwords, fake credit cards and more. But as openly available as this information is, PandaLabs discovered that it can only be accessed by personally contacting the hackers who are promoting their information for sale on forums and in chat rooms.
Making the Sale
By having access to bank credentials, criminals can easily defraud any bank or credit card account long before the hack is discovered. Alarmingly, this data can be purchased for as little as $2 per card, but this level does not provide additional information or verification of the account balance available. If the buyer wants a guarantee for the available credit line or bank balance, the price increases to $80 for smaller bank balances and upwards of $700 to access accounts with a guaranteed balance of $82,000.
Prices are higher if the accounts have a history of online shopping or use payment platforms such as PayPal. For a simple account without a guaranteed balance, PandaLabs found prices starting at $10 and increasing to $1,500 depending on the platform and the guarantee of available funds. Similarly, these cyber-criminals also offer cloned credit/debit cards (from $180), card cloning machines ($200-1,000), and even fake ATM machines (from $3,500 depending on the model).
Money laundering, other services available
Additional products such as money laundering services (bank transfers or cashing checks) are available for a commission ranging from 10 to 40 percent of the operation. If buyers want to use stolen bank details to buy products online, but are wary of being traced through the delivery address, the cyber-criminals will make the purchase and forward the goods for a fee of between $30 and $300 (depending on the chosen product).
For more sophisticated cyber-criminals who want to set up their own fake online stores and use rogueware techniques to obtain both user details and also reap the money these unsuspecting victims pay for fake antivirus products, there are also teams available to deliver turnkey projects, design, develop and publish the complete store, even positioning it in search engines. In this case, the price depends on the project.
Prices for botnet rental for sending spam (using bot-infected zombie computers, for example) vary depending on the number of computers used and the frequency of the spam, or the rental period. Prices start at $15 and rise to $20 for the rental of a SMTP server or VPN to guarantee anonymity.
Tuesday, December 14th, 2010
By Allan Maurer
The InZero security device
RESEARCH TRIANGLE PARK, NC – Cybersecurity still seems to be an afterthought among everyone from McDonald’s to Gawker Media, not to mention the U.S. government and military. Too many entities worry about digital security only when it is breached.
Great business strategy that. Apparently, even giving your email address to a publication such as Gawker or to McDonald’s during one of its promotions, can expose your private data these days. Both admitted to serious security breaches as 2010 ends, while many Twitter accounts – including mine – were hacked by someone selling Acai for weight loss this week. Probably because I used the same password for both sites (see: Spammers Exploit Gawker) on Gawker, where I commented maybe once.
TechJournal South had its own problems with a hacked ad server a few months back and had to shift to another. Two major ad networks were hit with a similar problem this week.
And most of those security breaches were relatively minor in the scheme of things. Many more serious ones have already occurred and we have little doubt are to come.
But coming on the heels of the WikiLeaks fracas, these breaches all show a laxness about cybersecurity that I think is increasingly dangerous on the part of commercial enterprises, government agencies and the military, not to mention to each of us personally.
The problem is partly inherent in the open, accessible nature of the Internet. The very ease with which we swim the Internet’s electron sea makes us vulnerable to sharks. Still,the bad guys, be they foreign hacker crews backed by their own governments, malware creators, spammers, scammers or plain old crooks, actively hack away at us, while credit card companies, government agencies, and businesses remain all too often re-active.
We can’t win the cybersecurity battles that way.
It is absolutely necessary – probably for all of us, but certainly for government and commercial entities – to actively combat this problem. Harden passwords, be careful about what we put on thumb drives or pick up on them, shred documents with sensitive data, and find and use security systems not so easy for cyber criminals to break through.
I’ve noted one approach that seems to be powerful, that of using a security device separate from other equipment that acts as a lockbox preventing suspicious or actual malware and other intrusions from ever reaching operating systems. See: Herndon-based firm grabbing media attention for security device. And: NZero keeps the bad guys out.
Meanwhile, Panda Security of Orlando, which provides antimalware software in the cloud rather than on individual machines, has listed the top ten cyber security threats it sees for 2011.
See also: WikiWars: The Face of future conflicts.
There are contrary views. Over at InformIT, Gary McGraw & Ivan Arce explain how the current climate of exaggeration and FUD surrounding cyber attacks does not ultimately serve the best interests of computer security research in Cyber Warmongering and Influence Peddling.
Email TJS Editor Allan Maurer: Allan at TechJournalSouth dot com.