Page 1 of 2
Security vendors are busy adding and upgrading defensive technologies into their products, but security experts say an end to the cat-and-mouse game with organized cybercriminals is nowhere in sight.
Strong and often complex business networks that support the delivery of malware and other attacks designed to steal credit card data, passwords and personal information are constantly building in strength, according to Kaspersky Lab malware experts and executives who spoke with reporters at the company's Global Press Tour in Moscow. The company opened its doors to journalists, showcasing its new global headquarter facilities, which opened in March next to the Moscow River.
The cybercriminal ecosystem is constantly changing and growing more complex, said Dmitry Bestuzhev, head of Kaspersky Lab's Latin America global research and analysis team. The work of carrying out attack campaigns is split up, beginning with malware writers who sell exploits to cybercriminals. Botnet owners lease out thousands of infected computers, while automated attack toolkits targeting some of the latest vulnerabilities are sold and supported with updates. Money mules also work to drain bank accounts by cashing out stolen debit cards. Once the money is collected it is laundered, Bestuzhev said.
"All of us are potential targets of cybercriminals," Bestuzhev said. "If you own a device that is wired to connect to a network, you are a target."
Bestuzhev said attackers buy and sell goods and services on underground hacking forums with Bitcoin and other e-currency. On the black market, credit cards, user names and passwords have been a hot commodity, he said. In addition, stolen software licenses are popular among cybercriminals, with a Windows 7 activation license estimated to cost between $8 and $10, Bestuzhev said.
Aleks Gostev, chief security expert at Kaspersky Lab and head of the global research and analysis team, said researchers are carefully studying targeted attacks and see a common thread between Stuxnet, Duqu, Flame and other targeted nation-state cyberattacks and those used by financially motivated cybercriminals. It's very likely that the same cybercriminals behind credit card fraud also are designing targeted attacks for nation-states, he said.
"The whole thing is like a pyramid with financial cybercrime at the bottom and cyberweapons like Stuxnet at the top," Gostev told CRN. "We're seeing some of the same code base and techniques used in the state attacks."
Ransomware, which is a common attack technique that locks a victim's machine and demands payment for an unlock code, also is being used in targeted attacks, according to Kaspersky Lab. Some ransomware in targeted attacks against companies use encryption to lock data on endpoint devices. Other ransomware threats are worse and attempt to wipe all the data. For example, the Shamoon attack against Saudi Aramco last year crippled the massive oil company by wiping system files.