Security vendors are busy adding and upgrading defensive technologies into their products, but security experts say an end to the cat-and-mouse game with organized cybercriminals is nowhere in sight.
Strong and often complex business networks that support the delivery of malware and other attacks designed to steal credit card data, passwords and personal information are constantly building in strength, according to Kaspersky Lab malware experts and executives who spoke with reporters at the company's Global Press Tour in Moscow. The company opened its doors to journalists, showcasing its new global headquarter facilities, which opened in March next to the Moscow River.
The cybercriminal ecosystem is constantly changing and growing more complex, said Dmitry Bestuzhev, head of Kaspersky Lab's Latin America global research and analysis team. The work of carrying out attack campaigns is split up, beginning with malware writers who sell exploits to cybercriminals. Botnet owners lease out thousands of infected computers, while automated attack toolkits targeting some of the latest vulnerabilities are sold and supported with updates. Money mules also work to drain bank accounts by cashing out stolen debit cards. Once the money is collected it is laundered, Bestuzhev said.
"All of us are potential targets of cybercriminals," Bestuzhev said. "If you own a device that is wired to connect to a network, you are a target."
Bestuzhev said attackers buy and sell goods and services on underground hacking forums with Bitcoin and other e-currency. On the black market, credit cards, user names and passwords have been a hot commodity, he said. In addition, stolen software licenses are popular among cybercriminals, with a Windows 7 activation license estimated to cost between $8 and $10, Bestuzhev said.
Aleks Gostev, chief security expert at Kaspersky Lab and head of the global research and analysis team, said researchers are carefully studying targeted attacks and see a common thread between Stuxnet, Duqu, Flame and other targeted nation-state cyberattacks and those used by financially motivated cybercriminals. It's very likely that the same cybercriminals behind credit card fraud also are designing targeted attacks for nation-states, he said.
"The whole thing is like a pyramid with financial cybercrime at the bottom and cyberweapons like Stuxnet at the top," Gostev told CRN. "We're seeing some of the same code base and techniques used in the state attacks."
Ransomware, which is a common attack technique that locks a victim's machine and demands payment for an unlock code, also is being used in targeted attacks, according to Kaspersky Lab. Some ransomware in targeted attacks against companies use encryption to lock data on endpoint devices. Other ransomware threats are worse and attempt to wipe all the data. For example, the Shamoon attack against Saudi Aramco last year crippled the massive oil company by wiping system files.
NEXT: Mobile Malware Targets Android DevicesMeanwhile, mobile malware is increasingly becoming a serious threat to Android devices, according to Kaspersky Lab, which has identified more than 51,000 samples of mobile malware in the first half of 2013 and nearly all of it is on the Android platform. SMS Trojans that silently send a text to a premium rate number is the most widely seen threat. Adware that collects large amounts of personal data to sell to advertisers also is being widely seen, according to Kaspersky Lab.
One serious risk to mobile devices is the use of public Wi-Fi for Internet access, said Stefan Tanase, a Kaspersky Lab senior security researcher. Using plain text makes it easy for an attacker to hijack a browsing session and view data on sites that are not using a secure connection. Some mobile apps also are vulnerable. WhatsUp, a popular messaging mobile app was until recently using an unencrypted protocol, and Yahoo Messenger still uses plain text, Tanase said.
"Mobile devices are in our pockets or backpacks and they're becoming more similar to classic PCs," Tanase said. "There are chats, business contacts, email and credit card numbers stored on them and cybercriminals are starting to target them more and more online as time passes."
Nikolay Grebennikov, chief technology officer of Kaspersky Lab, said the company plans to roll out a global VPN network for mobile device owners. The company is investing heavily in mobile, which has been a significant focus for the vendor's software engineers.
The company introduced Multi-Device product this week, focused on helping users manage all of their devices on a single software license. Grebennikov said the smartphone protection includes an updated portal, which will be available in August.
Users can get management capabilities for storing login data across all devices through the portal. It will be the central console to determine the location of a lost or stolen smartphone, issue the command to remotely wipe it or use the camera to remotely take an image of the individual using the device. The company also updated its Android security app, which integrates with the Kaspersky Security Network for threat protection.
PUBLISHED JULY 22, 2013