Today's cybercrime has far-reaching implications for security professionals. Corporate environments are increasingly targeted, with intellectual property becoming a primary focus for criminal activity. According to Uri Rivner, head of new technologies, identity protection, and verification at RSA, this trend was highlighted during a roundtable at the RSA conference in London this week.
Rivner explained that in the past, cybercrime was often a one-man operation—typically a basement hacker causing mischief. Nowadays, it has evolved into an entire economy, run like legitimate businesses with a few key exceptions.
"Online fraud is divided into two parts—harvesting and cashing out," he said. "This means those who steal and collect the data and those who monetize it by using the stolen credentials."
Launching a Trojan attack has become remarkably easy. Rivner noted, "A Trojan costs around $700, with the famous Zeus Trojan priced at $3,000. An adware system costs about $300, and random crypto goes for around $200."
He also mentioned that the Zeus Trojan even comes with customer support. “Perhaps the most famous banking Trojan, Zeus steals data through keystroke logging. It spreads mainly through drive-by downloads and phishing schemes. Additionally, Zeus can steal other information, such as users' stock trading data or even online dating information."
Another piece of malware responsible for the theft of hundreds of thousands of bank account details is Sinowal, also known as Torpig. "This botnet is spread by various Trojans affecting computers using MS Windows," he explained. "It circumvents antivirus software using rootkit technology and scans the infected system for credentials, accounts, and passwords. It also potentially allows attackers full access to the computer and can modify data on the system."
These types of malicious programs are starting to infect corporations. "88% of Fortune 500 companies reported being infected at some point," Rivner said. "Both private and corporate information is stolen, and these days it is no longer about the network; it's about the people. We've seen an increase in 'spear phishing,' where a specific employee is targeted to gain control of the PC and steal company information."
He cited the Aurora attack as an example. "Operation Aurora was a cyber attack that occurred between mid-2009 and December 2009. It was first publicly disclosed by Google in January 2010, and the company said it originated in China."
The attack targeted several companies besides Google, with Adobe Systems, Juniper Networks, and Rackspace publicly confirming themselves as targets. Rivner explained, "The attack used spear phishing, typically an email containing a link to a malicious web page. The exploit is contained directly in its JavaScript, in the case of browser exploits, or the script downloads an auxiliary file with an exploit targeting a browser plug-in. Either way, the PC's security is compromised, and the cybercriminal can direct the browser to secretly download malware. Once installed, the cybercriminal gains a foothold in the corporate network and can begin searching for data. In this way, once you have the resource, you have access to the network."
Unfortunately, RSA's recent research shows many companies are unaware of the impact of malware on their systems and the significant threat to their information and bottom line.