This page contains a Flash digital edition of a book.

While stealing information or crippling websites is one pillar of cybercrime, the other lies in the black market economy underground that sustains the buying and selling of stolen data, and the tools to get them. Discussion forums show brazen conversations between cybercriminals over opportunities and developments, but there are aspects of these sites that are used to market malware products or even security holes that were otherwise undetected. Moreover, amateur hackers – or ‘script kiddies’ – could utilize search engines and YouTube to learn how to use free malware tools like BackTrack. Voelk says these aren’t a signifi cant threat to businesses with security deployments, but individuals using the tools can still attack other users without needing background knowledge or an understanding of the technology behind the malware. This illicit trade in services and methodologies is actually growing more pervasive, notes Jean-Loup Richet, an information systems researcher who is a research associate at the Canada Research Chair in Identity, Security and Technology at the University of Montréal. He is also a member of the Postgraduate Committee at the British Society of Criminology. “We’re in the era of the advanced persistent threat, and cybercrime is an

increasing business with fl ourishing underground marketplaces that are feeding the professionalization of malware authors and hackers to the point where the Zeus malware even had professional tech support”, Richet tells Infosecurity. “These are opportunists who know where to look, and the huge growth of mobile devices is making them an attractive target for cybercriminals moving forward.”

From Booze and Gambling to Smartphones The International Telecommunications Union (ITCU) recently released a report suggesting that mobile broadband penetration had reached 1.2 billion subscriptions worldwide in 2011. The bulk of this number is smartphones, which have accounted for 45% increases in each of the last four years. “These are ‘computers on the go’ that are now subjected to attacks like phone fl ooding, smishing, SMS bombing and, particularly in developing countries, money laundering scams”, Richet advises. “Smartphones and tablets will provide potential access points to corporate networks if they aren’t integrated into the security infrastructure, but individuals will be equally targeted because of the personal information stored on these devices.”

A key reason why cyberattackers have their sights set on smartphones and tablets is because user behavioral patterns mimic those of computers, albeit with a higher level of comfort and trust in the technology, the FBI’s Harris adds. The numbers seem to support that, with Symantec’s report indicating that 10% of victims in 2011 had been hit on their mobile devices. “There’s a lot more effort going into mobile malware development than there was fi ve years ago”, Harris says. “There’s an obvious opportunity for intrusion because so many people log on to their bank accounts on smartphones without even thinking about it. This is why we’re beginning to see ongoing underground activity going into mobile malware, but on the other side, we also see vendors doing more in mobile anti- virus and security software.”

While the range of attackers varies widely from underground professionals, organized crime and street gangs, to the curious amateur hacker, it’s virtually impossible to estimate just how many are engaging in cybercrime worldwide. “Some of the attacks don’t make for good stories in the press”, Harris says in parting, “and professional cyberattackers also have a vested interest in keeping them as quiet as possible”.

Trending: Organized Crime a Threat to Smaller Organizations organized crime groups were more likely to steer clear of targeting

Smaller organizations (<1000 employees) found themselves increasingly targeted by organized crime groups in 2011. The reason for this is simple: smaller organizations typically spend less on security, making them more attractive targets. This fact means


External agent responsible for data breach Organized criminal group

Unknown Unaffi liated person(s) Activist group Former employee Relative or acquaintance of employee 30

larger organizations. Conversely, activist groups took aim at larger organizations and the accompanying publicity.

Organizations Breached 83%

Of Which were Larger Organizations 33%

10% 31% 4% 2% 1% 0% 10% 21% 6% 2%

Source: Verizon’s ‘2012 Data Breach Investigations Report

May/June 2012

Page 1  |  Page 2  |  Page 3  |  Page 4  |  Page 5  |  Page 6  |  Page 7  |  Page 8  |  Page 9  |  Page 10  |  Page 11  |  Page 12  |  Page 13  |  Page 14  |  Page 15  |  Page 16  |  Page 17  |  Page 18  |  Page 19  |  Page 20  |  Page 21  |  Page 22  |  Page 23  |  Page 24  |  Page 25  |  Page 26  |  Page 27  |  Page 28  |  Page 29  |  Page 30  |  Page 31  |  Page 32  |  Page 33  |  Page 34  |  Page 35  |  Page 36  |  Page 37  |  Page 38  |  Page 39  |  Page 40  |  Page 41  |  Page 42  |  Page 43  |  Page 44  |  Page 45  |  Page 46  |  Page 47  |  Page 48  |  Page 49  |  Page 50  |  Page 51  |  Page 52