Cybercrime fueled by mature digital underground

Cybercrime is on the rise, spurred by a robust underground economy that's industrialized the making and delivery of tools for criminal behavior, says a report released Wednesday by a maker of device recognition and intelligence solutions.

"Cybercrime is on the rise: large-scale fraud attacks, consumer data breaches and politically-motivated Distrbuted Denial of Service (DDoS) attacks on financial institutions and others are costing these businesses billions of dollars every year," said the report by 41st Parameter.

"Much of this growth stems from the maturation of the criminal digital underground and its 'industrial' approach to cybercrime," the report said.

Five top cybercrime trends were identified in the report:

Data Breaches. Stolen identities are the fuel that drives the industrial fraud complex, the report said. This fact has led to some spectacularly large consumer data breaches during the past year including Twitter, LinkedIn and LivingSocial's disclosure that more than 50 million records compromised in April 2013.

Malware. Fraud apps are typically used to impersonate a victim or gain access to their credentials, the report explained. In many cases, malware is designed to avoid detection both by human users and the anti-virus scans that may be running on a device.

Mobile Threats. The popularity of smartphones -- some 700 million of them were sold worldwide in 2012 -- is being seen as a business opportunity by fraudsters, the report noted. It said that last year, mobile malware threats jumped 163 percent over 2011, infecting some 32.8 million devices -- most of them Android devices.

Industrialization. This allows cyber bandits to multiply their effectiveness through automation. Because all online and mobile interactions are 'machine-to-machine' -- a user's device interacting with a business's server -- cyber interactions naturally lend themselves to automation, the report said. Once a fraudster secures the credentials required to access a victim's accounts, a process can be built in which multiple accounts are accessed automatically.

Distributed Denial of Service Attacks. The first goal of a DDoS attack, the report explained, is to disrupt the operation of a website. That usually leads to increased call center activity, which drives up an organization's costs and undermines customer trust in it.

DDoS attacks can be used for other purposes, too. "What we're finding is that fraudsters are starting to use DDoS attacks as a diversionary tactic," said David Britton, vice president of industry solutions for 41st Parameter.

[In-depth: Why business is losing the war against cybercrime]

"They're using it to cover up the actual financial takedown activity that they may be running simultaneously," he told CSO.

Those takedowns are aided by fraud automation, the 41st Parameter report said. Fraud automation allows fraudsters to trade a large number of smaller transactions for fewer, larger transactions. This makes anomaly detection systems less effective while introducing greater requirements to identify, document and reset compromised accounts.

Also, industrial-strength automation allows cybercriminals to broadly spread their maliciousness. "Why are cybercriminals industrializing their operations?" Kevin Morgan, CTO of Arxan, asked in an interview. "The answer is the whole world of enterprises are having to extend their interfaces into the mobile world so there's a lot more attack surface area for industrialized applications."

The mobile world is like the Wild West for cybercriminals. "Security things learned 10 years ago in the laptop space are just starting to appear in the mobile space," Charles Henderson, director of Trustwave SpiderLabs, said in an interview.

Henderson said convenience may be an obstacle to mobile phone security. "The fact is that mobile devices are easy to use," he said. "When something is easy to use, it's also easy to misuse."

The "shadow" economy has become one of scale providing services to a myriad of players -- both states and non-states, said Tom Kellermann, vice president of cybersecurity for Trend Micro.

"There's been an overt commoditization and automation of cyber weaponry in the shadow economy," he told CSO. "That's the reason we're seeing such robust end-stage attacks in today's environment."

Even if a cybercriminal doesn't have the capability to accomplish what they want, it's easy enough to purchase it on the cyber black market. "You can get enough capability to hack into almost anything for 600 bucks," Kellermann said.

Join the CSO newsletter!

Error: Please check your email address.

Tags security

More about CSOMorganTrend Micro AustraliaTrustwaveWest

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by John P. Mello, Jr.

Latest Videos

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

  • 150x50

    IDG Live Webinar:The right collaboration strategy will help your business take flight

    Speakers - Mike Harris, Engineering Services Manager, Jetstar - Christopher Johnson, IT Director APAC, 20th Century Fox - Brent Maxwell, Director of Information Systems, THE ICONIC - IDG MC/Moderator Anthony Caruana

    Play Video

More videos

Blog Posts