The New Face Of Cybercrime

Cybercrime 2.0
With any flourishing industry come technological advancements. Viruses and worms from a decade ago have been replaced by sophisticated password-stealing Trojans and keyloggers that are designed to silently sit on a user's computer and funnel important data into remote foreign servers.

The malware is often distributed through malicious links sent via e-mail, directing people to an infected Web site. As of late, security experts have also seen a rise in malware attacks on legitimate, but vulnerable Web sites, which stay for a short period of time before they're detected and removed. During that time, however, attackers can identify thousands of potential victims. Often the victims are individuals and employees encouraged to click malicious links by some kind of enticing social engineering tactic delivered through e-mail. Some of the most popular tactics include malicious eVites or e-cards, and links to Web pages or videos impersonating high-profile news events or celebrity sensationalism. Henderson said that, in particular, Chinese hackers have perfected the art of creating effective social engineering techniques with highly researched and biographically targeted messages. "They're very skilled at going out online and collecting biographical information from a myriad of sources and going out and planning attacks," he said.

Once a user's computer is infected, it will generally become part of a larger network of infected computers, or botnet, which will, in turn, become a vehicle to distribute malware onto other systems. "They're constantly changing their methods of getting you to click," Henderson said. "Most people will be blissfully unaware that their computer is infected and is attacking the Pentagon."

Meanwhile, cybercriminals are honing techniques to circumvent most standard security measures. They can create malware that bypasses or breaks the antivirus signatures, and encrypts or obfuscates the payload, security experts say.

"And you cannot create a signature to block it," said Yuval Bet-Itzhak, chief technology officer for Finjan. "It will never block MySpace or Yahoo pages. The combination of serving malicious code and encrypting it, manages to bypass security techniques most enterprises are using today."

Attacking The SMB
With more cybercrime organizations creating malware at breakneck speeds, businesses can only expect to see their networks afflicted with more security breaches.

Yet, as enterprises build up their security environments, cybercriminals are now looking elsewhere for easier targets. Those who will likely be most at risk will be the small business and midmarket segments—companies with fewer or limited resources and outdated or inadequate security infrastructures. And while many SMBs may not have heard of the Russian Business Network, many undoubtedly will feel the ill effects of malware distributed via the Web.

"When it comes to vulnerability management, smaller firms have a bigger challenge," said Nic Alicandri, managing director at New York-based information security firm CipherTechs Inc.

Security experts have begun warning companies that the threat is definitely growing. A July McAfee study, "Does Size Matter? The Security Challenge of the SMB," found that one in five small businesses have suffered a security attack, with a third of those suffering more than four IT breaches in the past three years. One in five respondents said that a security attack could put them out of business. Additionally, the 10th Annual CSI/FBI survey released last October found that U.S. businesses lost an average of $350,424 in 2007 as a result of cybersecurity incidents—a number that more than doubled from losses incurred from 2006.

"I think that the people that think because they're not a household name, they're not going to be an attack target [are] going to be mistaken," said Ken Phelan, chief technology officer for Gotham Technology Group, a Montvale, N.J.-based IT consulting VAR, with specialties in access management and information security.

Phelan said that one of his SMB clients with fewer than 100 people was given a sheaf of confidential company data that was lifted from the company. The client was told they needed to pay the attacker, or run the risk of losing the information to their competitors.

Gotham Technology points SMB customers to pre-existing regulatory security solutions, such as those outlined by Payment Card Industry standards, Phelan said. Among other things, PCI standards recommend that all businesses encrypt data, authenticate users and secure networks with an array of endpoint protection software.

SMB company networks "are being pounded," and "a lot of them don't even know it's happening," said Stephen Nacci, regional account manager for TLIC Worldwide Inc., an Exeter, R.I.-based VAR specializing in security solutions and network management.

Nacci recommends that his clients extend their security solutions beyond the perimeter.

"(SMBs) are getting killed. These guys are bleeding and they don't even know it," Nacci said. "We need to counter that."

Next: Tracking Chinese Hackers