The Explosion of Cybercrime

May 26, 2011
Cyber Security, FedCyber Wire
No Comment

via Inform IT

Cybercrime is broadly defined as any crime involving a computer or a network. In the last decade, the amount of cybercrime has grown substantially resulting in significant losses to businesses, and lining the pockets of criminals. This article presents some information about some of the common cybercrime activities and it helps emphasize the value of IT security for any organization.

It also helps to emphasize the value organizations place on employees with IT security awareness. The (ISC)2 CISSP has become one of the top IT security certifications and many organizations seek employees with this certification for both IT jobs and managerial positions. Lower level security certifications such as CompTIA’s Security+ and the (ISC)2 SSCP are also valued by organizations. For example, the U.S. Department of Defense requires anyone with an administrative account to have at least a Security+ certification.

Cyber Extortion

In high-crime areas, extortionists have demanded payments from businesses for “protection.” If the businesses refused, the business was attacked, robbed, employees harassed, and in extreme cases, the business was burned. Of course, the extortionists actually attacked the businesses when the protection money wasn’t paid.

Extortion has made it to the cyber community. Attackers use distributed denial of service (DDoS) attacks to show they can cripple Websites and corporate networks. They then demand protection payments to stop the attacks. Ron Lepofsky wrote in 2006 that the U.S. and FBI receive at least 20 new cases of cyber extortion a month. Blackmailers use various types of denial of service attacks to cripple Websites and corporate networks. They then demand protection payments to restore the service. Extortionists have demanded ransoms of more than 1 million dollars to stop the attacks. Some companies quietly pay. Others attempt to fight back.

A smaller form of cyber extortion is in the form of rogueware, or fake antivirus software. A user visits a Website and sees a popup indicating their system is infected, and encouraging them to download free software to clean their system. After the user downloads and installs the software, the rogueware reports several serious infections, but then states that the free version only scans the system, but won’t clean it. If they want to clean their system, they must pay between $49.95 and $79.95 for the full version. PandaLabs reported in 2008 that criminals were extorting approximately $34 million dollars a month from unsuspecting users. While this is bad enough in itself, the rogueware provides zero protection against actual malware, leaving the user with a false sense of security.

Additionally, many rogueware criminals include additional malware in the rogueware. For example, an added keystroke logger can capture a user’s keystrokes (such as capturing passwords for online banking accounts) and periodically send the data to the criminal. Many versions also include software to convert the computer into a zombie as part of a botnet.

Continued here.