(ID999) INCIDENT RESPONSE - Tel: UK 0044 1732 897 601

Stuart Hargreaves (Spambrella) - Emerging Cyber Threats

Cybercrime threats

Cybercrime is perhaps the most complicated problem facing corporate organisations and internet users in the world today. Any criminal that uses a computer either as an instrumental target or a tool for composing crimes comes within the scope of cyber-crime. Online fraud and cheating is one of the most lucrative businesses growing today in cyber-space. Some of the cases of online fraud and cheating that have come to light are those pertaining to credit card crimes, contractual crimes, offering jobs, etc.

Financial trojan Zeus

In the RSA 2012 Cybercrime Trends Report titled 'The Current State of Cybercrime and What to Expect in 2012', it is reported that Zeus 2.0 has continued to dominate as the leading financial Trojan throughout the year. Indisputably the most widely spread financial malware in the world, Zeus is responsible for around 80% of all attacks against financial institutions today and is estimated to have caused over $1 billion in global losses in the last five years.

Continued data harvesting

Non-Financial Data Cybercriminals continue to understand the value of non-financial data harvested by their Trojans and are already actively looking for ways to monetise this information. Not only is victims’ information being traded in the underground, but access to victims’ computers is increasingly being offered for sale, as well.

On a daily basis we (BII Compliance) have seen and investigated cases wherby organised cyber-criminals post phishing data on forums looking for utility bills and health records. If the data is harvested it is either used by that organised group or sold in the cyber black market to the highest bidder.

Fraud as a Service (FaaS)

Fraud-as-a-service (FaaS) is the one area of the underground economy which has seen the most consistent innovation throughout 2011. Comparable to legitimate hosted software service (SaaS) providers (Cloud services), those who create and provide the fraud supply chain with the latest Trojan codes and plug-ins offer their work and associated services to those who require turnkey solutions, set-up, instructions and support.

According to RSA the most dominant FaaS offerings in 2011 were the more elaborate sets of compromised credit cards (dubbed “dumps” in underground forums) and account logins. Another hot commodity would be card checking tools like the Mastercard verification tools. In situations like this Trojans are not required as the user is providing personal data freely. These platforms enable cyber-criminals to sell large amounts of compromised data and with 'Cloud' expected to grow exponentially over the next few years, FaaS is guaranteed to expand with it.

Three key causes of loss

In 2013 it is guaranteed that the severity and frequency of breaches will rise, risk managers and finance directors need to develop a greater understanding of how to predict and prevent data breaches.

The reasons for data loss break down into three main areas when having reviewed multiple 2012 security reports;

  1. 32% - Hackers and cyber criminals were responsible for breach events.
  2. 19% - Rogue employees were the cause of data breaches.
  3. 33% - Theft of mobile computer equipment such as laptops and memory sticks carrying unencrypted data.

Political hacktivism

Anonymous is a loosely organised international movement of online activists who share similar social and political ideals. Anonymous says it promotes access to information, free speech, and transparency, and also supports various anticorruption and antiauthoritarian movements.

It is thought the group is generally anarchic, with no controlling leadership although many of its attacks are carefully planned. Having researched the group extensively it would seem when ideas and activities gather enough support in the Anon community, a collective agreement is made, dates and virtual meeting times are set and participants proceed to launch a campaign to accomplish whatever goal they’ve set out to achieve.

Members of Anonymous say it’s easy to join the group. Just hide your identity while conducting your online activities and you’re in. Because of the complex, informal and, of course, anonymous nature of the group, it’s not really possible to establish an accurate demographic on its membership.

Anonymous accomplishments

The Anon group is associated with collaborative hacking activities (“hacktivism”) that are often launched as a form of retaliatory protest against governmental agencies, commercial entities, and other institutions. Such attacks commonly come in the form of denial-of-service (DoS) or distributed denial-of-service attacks (DDoS), which shut down Internet websites or other Internet-based services.

Hackers associated with the group have claimed cyber-attacks ranging from minor pranks against various corporations to shutting down the website of the U.S. Central Intelligence Agency.

To see a timeline of 'Operations' associated with Anonymous visit 'this Wiki link'.

LinkedIn Profile

How we educate the criminals

Cyber criminals looking to exploit data for financial gain are in an increasingly strong position. Not only does innovative technology and growing access to that technology provide ever more opportunity, but governments and private enterprises are aware that they can no longer keep quiet about data leaks and malicious attacks on their systems.

An obvious but sometimes overlooked issue comes directly from this mandated public announcement, any release of information on the nature and extent of successful cyber attacks and how to prevent them in the future also educates the criminals and raises the threat level further. 

BII Compliance is approaching authorities in mid 2013 with an innovative way of securing public announcements. We believe that only intended and targeted audiences should be able to view particular breach successes by fraudsters and other more sensitive matters should be classified, categorised and securely released.

Advanced persistent threats

With the advance persistent threat (APT) landscape growing, enterprises need to adopt continuous monitoring of their security risk posture rather than performing periodic security assessments. While we are already seeing this trend growth in vulnerability management, it also applies to areas such as firewall compliance, network access, and end point controls.

The transition to continuous security monitoring enables the IT security organisation to move from reaction to threat prevention. A high degree of automation is required, leading organisations to seek out risk management tools that can keep pace with continuous changes on a daily basis without taxing the resources of the security teams internally.

Our stance

BII is working with a number of tier one security vendors, crisis management experts, global clients and government organisations to further improve proactive and reactive measures required to tackle cyber threats of the future.