Experts see forecast worsen for cybercrime

But investigators say they're developing clearer strategies for dealing with online crime

Law enforcement agencies can count a few recent victories against cybercriminals, but agents say the battle against them isn't getting any easier.

Highly organized cybercriminals are using increasingly sophisticated tools and methods that make them hard to trace, said Keith Mularski, supervisory special agent with the U.S. Federal Bureau of Investigation's Cyber Division.

"They have evolved over the years," Mularkski said. "It really is organized crime."

Mularski, who spoke at the RSA conference in London on Wednesday, has had great success in infiltrating organized cybercrime rings. He successfully infiltrated a ring known as DarkMarket, an online forum where criminals bought and sold personal data, such as credit card numbers.

DarkMarket was shut down about a year ago and 59 people were arrested, with the help of authorities in the U.K., Germany, Turkey and other countries.

While the DarkMarket bust was a big win, there are still such forums operating today and they're hard to infiltrate. New members must be vetted for reliability and to ensure they're not agents like Mularski.

The malicious software programs used to collect the data have become insidiously complicated and hard to detect. Financial organizations now are in a "raging battle" against "high-grade" weaponry, said Uri Rivner, RSA's head of new technologies for identity protection and verification, who gave a presentation earlier in the day at RSA.

Those programs go by names such as Sinowal -- also known as Mebroot and Torpig -- which is a nasty rootkit that burrows in a computer's master boot record below the OS. It may not even be removed by reinstalling the operating system. It can steal data and even modify the HTML of Web pages requested by a user.

Computers that do not have up-to-date software patches are in particular danger. Hackers often set up Web sites or hack legitimate ones to perform what's called a "drive-by" download, which automatically exploits vulnerable software programs to infect a computer.

Microsoft has particular insight into the problem. Late last month, the company released its free Security Essentials antivirus software and so far it has been downloaded 3.5 million times, said Amy Barzdukas, Microsoft's general manager for Internet Explorer and Consumer Security, who also spoke at RSA.

More than 30 percent of those computers running Security Essentials needed "a fair amount of cleaning of viruses, Trojans and rootkits," she said.

While it may be hard for law enforcement to figure out who is writing those malicious programs, they do have a clear five-prong strategy for how to disrupt the cybercrime operations.

Agents try to infiltrate the groups if possible, said Andy Auld head of intelligence of the e-crime department for the U.K.'s Serious Organized Crime Agency, who spoke alongside Mularski.

Following the money exchanged for personal data is also a "critical path," Auld said. Tracking down stolen data is important, as credit card numbers that are being traded can be shut down before the criminals have a chance to use or sell the numbers.

Another path is finding ways to revoke the IP (Internet Protocol) address allocations given to cybercriminals running servers. Those allocations are given by five organizations, including the RIPE Network Coordination Center, he said.

The FBI has become more proactive in dealing with fast-breaking cybercrime issues, Mularski said. For example, the FBI has issued public service advisories warning people of online-related hazards, stepping away from its secretive tradition.

"We're adapting," Mularski said. "We're making great strides."

Join the CSO newsletter!

Error: Please check your email address.

Tags rsa securitymarket researchcybercrime

More about etworkFBIFederal Bureau of InvestigationMicrosoftRSA

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Jeremy Kirk

Latest Videos

  • 150x50

    CSO Webinar: Will your data protection strategy be enough when disaster strikes?

    Speakers: - Paul O’Connor, Engagement leader - Performance Audit Group, Victorian Auditor-General’s Office (VAGO) - Nigel Phair, Managing Director, Centre for Internet Safety - Joshua Stenhouse, Technical Evangelist, Zerto - Anthony Caruana, CSO MC & Moderator

    Play Video

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

More videos

Blog Posts

Market Place