Top 5 Cybercriminal Motives In 2013 Attacks

A Look At The Motives Behind Most Attacks

Attackers struck at the New York Times, targeted employees at Apple and Facebook, and were responsible for a massive data security breach at Adobe Systems that exposed the company's precious software source code.

From hacktivists aiming to hijack accounts or steal and expose data to nation-state attackers looking at maintaining persistence on corporate systems for a lengthy period of time, they all share similar hacking tools and techniques, say security experts. Common vulnerabilities and configuration errors are consistently used in all the attacks.

Account credentials are highly coveted, and credit card data is a consistent target. But, intellectual property theft is gaining increased attention. Security researchers at Kaspersky Lab reviewed attacks in 2013 and provided the top five motives behind cyberattacks. Here's what they found.

5. Financial Losses

Distributed denial-of-service attacks took the center stage at the start of the year, following the rising threat of attacks targeting U.S. financial sector. DDoS is a longstanding threat, common to the gaming industry, according to Arbor Networks' channel chief Jeremy Nicholls, who said his firm constantly works to filter out attacks targeting offshore casino websites and other gaming networks with its line of DDoS mitigation appliances. Downtime at online gaming sites can cost millions in revenue.

It is getting much more difficult to detect bad DDoS attack traffic from legitimate traffic, according to Web application hosting provider Akamai Technologies, which recently acquired Prolexic to extend its security portfolio.

Kaspersky Lab cited one of the most powerful DDoS attacks this year conducted against Spamhaus as an example of the attack technique increasingly used as a tool tied to potential financial losses.

4. Damaging Company Reputation

A popular motive of hacktivists is reputation damage, which is typically undertaken to spread a political message or make a statement. The Syrian Electronic Army conducted broad attacks in 2013. It hijacked a number of Twitter accounts connected to news organizations. The group hijacked the Twitter account of the Associated Press in April, sending out a message that temporarily roiled the financial markets.

A domain reseller was to blame in the successful SEA attack in August that disrupted the websites of the New York Times, Twitter and other online services. The group stole the login credentials from a reseller and used them to gain access to the authoritative DNS server information being maintained by Melbourne IT, a large domain registrar.

3. Stealing Money

There was also no big surprise here. Banking Trojans are specially programmed to gain access to a victim's account and stealthily drain the available funds.

Zeus and SpyEye are among the most notorious known banking Trojans, having been around since 2009. The malware was seen masquerading as an antivirus update last month. Meanwhile, an emerging banking Trojan called Neverquest can target about 100 banks by injecting code in the browser of Internet Explorer and Firefox users, enabling bank and financial investment account credentials to be sent back directly to attackers. Fidelity Investments appears to be its top target, according to Kaspersky Lab.

2. Wiping Data, Blocking Infrastructure

Kaspersky Lab said it is monitoring a relatively new kind of attack aimed at wiping out a company's data or destroying a business' internal infrastructure. Malware designed to limit employee access to data or wiping out systems entirely can be severely crippling.

Cryptolocker is designed to encrypt data on a victim's machine and then require victims to payout a ransom fee to regain access to their files. While consumers are usually impacted the most, solution providers told CRN that Cryptolocker also impacted some small businesses.

Kaspersky points to the Wiper and the Shamoon Trojans, which erase data from systems. Wiper was detected in June targeting South Korean systems. Shamoon was used in 2012 against Saudi Aramco. Both threats highlight the importance of offline backup and system redundancy.

1. Stealing Information

No surprise here: Financially motivated cybercriminals, hacktivists and nation-state attackers attempt to break into sensitive systems to steal data, Kaspersky Lab said. Hacktivists typically expose stolen information to make a statement. Other cybercriminals have made a big business out of selling stolen information. Account credentials and credit card information are top sellers in underground forums, according to Dell SecureWorks, which uncovered an underground health insurance data market in July.

Some cybercriminal groups have made a big business in selling automated exploit toolkits to support attack campaigns aimed at stealing data. Botnets can be rented out to carry out widespread attacks. Other individuals simply sell their hacking services to set up the command-and-control servers and other infrastructure used as the staging ground for attacks.