Today's cyber crime has far-reaching implications for security professionals. Corporate environments are experiencing more cyber crime, and intellectual property is increasingly a target for criminal activity.
This is according to Uri Rivner, head of new technologies, identity protection and verification at RSA, speaking during a roundtable at the RSA conference in London this week.
He said in the past, cyber crime was a one-man operation – the basement hacker causing mischief. These days, he added, it is an entire economy, run like legitimate businesses with a few obvious exceptions.
"Online fraud is divided into two parts – harvesting and cash out," he said. "This translates into those stealing and collecting the data, and those monetising it, cashing in the accounts using the stolen credentials."
According to Rivner, it is ridiculously easy to launch a Trojan attack these days, as they can be purchased off the Internet with ease. "A Trojan costs around $700, with the famous Zeus Trojan costing $3 000. An adware system goes for around $300 and random crypto about $200."
He noted that the Zeus Trojan even comes with customer support. "Perhaps the most famous banking Trojan, it steals data through keystroke logging. It is spread mainly through drive-by downloads and phishing schemes. In addition, Zeus can steal other information, or activity, such as a users' stock trading data, or even online dating information."
Another piece of malware responsible for the theft of hundreds of thousands of bank account details is Sinowal, also known as Torpig. "This is a type of botnet spread by a variety of Trojans affecting computers using MS Windows.
"It circumvents AV through the use of rootkit technology and scans the infected system for credentials, accounts and passwords as well as potentially allowing attackers full access to the computer. It is also purportedly capable of modifying data on the computer," he explained.
He said these sorts of malicious programs are starting to infect corporations. "88% of Fortune 500 companies said they had been infected at some point.
"Both private and corporate information is stolen, and these days it is no longer about the network, it's about the people," added Rivner. "We have seen an increase in 'spear phishing' or targeting a specific employee to get control of the PC and steal company information."
He cites the Aurora attack as an example of this. "Operation Aurora is a cyber attack that happened between mid-2009 and December that year. It was first publicly disclosed by Google in January 2010, and the company said it originated in China."
It was reported the attack has been aimed at several companies besides Google, with Adobe Systems, Juniper Networks and Rackspace publicly confirming themselves as targets.
Rivner said the attack used spear phishing, usually an e-mail containing a link to a malicious Web page, with the exploit contained directly in its javascript, in the case of browser exploits, or otherwise the script downloads an auxiliary file with an exploit that targets a browser plug-in.
Either way, the PC's security is compromised and the cyber criminal can direct the browser to secretly download malware. Once installed, the cyber criminal has a foothold in the corporate network, and can begin searching for the data. "In this way, once you have the resource you have access to the network."
Unfortunately, Rivner said, RSA's recent research shows many companies are unaware of the impact of malware on their systems, and the accompanying, significant threat to their information and bottom line.
