Cybercriminals: Smarter Than Your Average Hosting Provider?


Many attacks are driven by automated toolkits in the hands of cybercriminals, Touchette said. Black Hole, an automated crimeware toolkit that drives many of the attacks targeting Java, Adobe and Microsoft Office vulnerabilities, comes with a subscription for new exploits and encryption mechanisms that shield malware from being detected. Whole spam botnets -- an army of zombie computers -- can be rented out to the highest bidder, giving cybercriminals the ability to sharpen their target to people in a specific country. Despite the rhetoric about cyberwarfare and targeted attacks from China, security experts admit that the vast majority of cybercrime is from financially motivated cybercriminal gangs.

"I think we're all fighting the same fight," Touchette said of cloud hosting providers. "I think phishing is an easy way to make steady money and it works. The first thing they do is get a foothold and start stealing cookies, passwords and browser histories."

Network filtering technologies can be deployed by hosting providers that go beyond SMTP proxies with limited capabilities, said Kevin San Diego, a product manager at Cloudmark, which provides carrier-grade content filtering to ISPs and hosting providers. Appliances from Cloudmark, Blue Coat, Websense, McAfee, Symantec and other security vendors can be configured to inspect traffic for signs of spam, malware and volume fluctuations that could signal a potential problem. Systems available to providers typically have mechanisms to alert, throttle down accounts or shut them off completely to investigate incidents without impacting other networks that aren't exhibiting malicious behavior.

"There are huge problems with fraudulent sign-ups," San Diego said. "Even after a problem is detected and is shut down, that IP address reputation sticks around for a while and IP address is blacklisted and any other subscribers will have problem sending transactional messages."

Eric Montague, president of Salt Lake City-based MSP Executech, said more than half of his firm's email is spam. The pesky messages often push imitation pharmaceuticals and pornography, but malicious attachments spread data-stealing malware, keyloggers capable of recording keystrokes, or remote access Trojans (RATs) that give cybercriminals a backdoor into an infected system. A simple, but effective phishing message with a document file attachment that contained embedded malware cost one client $15,000 to clean up in a single day, Montague said.

"People are becoming more militant about making sure the servers are locked down, but incidents are taking place with more frequency because it's not just a technology problem, there's a human factor as well," Montague said. "Spam is now more than just a time-waster."

PUBLISHED MAY 30, 2013



Get a roundup of CRN's security coverage right to your inbox with the Security Advisor newsletter.