SAN JOSE, Ca. – Cyber-criminals have become organized and bare more than a passing resemblance to legitimate business today, according to Finjan’s latest trends report from its Malicious Code Research Center.
The report looked at the trend of cyber-crime during the second quarter of 2008, and it looks like cyber-criminals have gone up-scale. Finjan’s research, based on study and discussions with cyber-criminals, found that cyber-crime has taken on the attributes of the business world. It has bosses issuing orders for work to be done, workers and even reseller teams to spread the word about the latest crimeware and sell it.
“We managed to collect all these details, and some of the discussions we included in the reports. Putting them all together provides a fresh and clear view at how organized these organizations are,” said Yuval Ben-Itzhak, CTO of Finjan.
The report offers insight into cyber-crime organizations, which Ben-Itzhak said can help legitimate organizations prevent security breaches. Most people think cyber-crime organizations are simply a group of people writing malware and spreading it; they don’t realize how mature these organizations are and how quickly they can organize, he said.
“This type of maturity level explains the spike of malware, the major increase in malware starting in 2008,” Ben-Itzhak said.
Cyber-crime organizations are very organized and very efficient in the way they’re operating, he stressed. In fact, they’re mimicking the business world in the way they operate.
“You can see it very well in the heirarchy of the organization,” he said.
According to Finjan, the loosely-organized clusters of hackers trading stolen data online is becoming a thing of the past. Instead, those clusters of hackers are being replaced by hierarchical cyber-crime organizations that use sophisticated pricing models, business models, crimeware drop zones and campaigns for the best distribution of their software.
“Over the course of the last 18 months we have been watching the profit-driven cyber-crime market maturing rapidly,” Ben-Itzhak said. “It has evolved into a booming business, operating in a major shadow economy with an organizational structure that closely mimics the real business world. This makes businesses today even more vulnerable for cyber-crime attacks, especially considering the maturity of the cyber-crime market and its well-structured cybercrime organizations. Recent industry reports containing record numbers of malware infections during the first half of 2008 alone underline again the huge impact of cyber-crime on today’s businesses.”
Crimeware software is much more sophisticated than in the past. As with a lot of legitimate business software, it’s been designed to be easily tailored. Users can adjust attacks to specific territories or Web sites. The software makes it easy to collect data and see what’s stored on a target’s server, as well as sort data based on various criteria, Ben-Itzhak said.
“It’s very mature. It’s not just script kiddies,” he said.
Crimeware toolkits are often marketed on Web sites and on message forums. Finjan has been tracking the toolkits for the last two years, and they typically cost between $100 and $200 (U.S.).
“That enables even the amateur … to start to do the crimes, to start to infect end-user machines, collect the data and start to sell it,” Ben-Itzhak said.
For businesses, this means there’s an increasing need for detection and prevention technology. Ben-Itzhak recommended that businesses add more proactive security on top of their anti-virus and anti-spam technologies. Real-time content/code inspection is highly recommended because it can identify intent and behaviour of content in real-time, he said.
“Businesses need to realize that malicious code will infiltrate their network also from legitimate Web sites, from large Web sites,” Ben-Itzhak said.
This column was written by Chris Talbot of ConnectIT
a>>
