Study Finds Cybercriminals Becoming More Collaborative, Specialized
Symantec recently released its 11th Internet Security Threat Report, which offers an overview of threat activity between July 1 and Dec. 31, 2006. It was generated by Symantec’s Security Response organization, which surveys the world’s Internet-based threat landscape, seeing up to 25,000 suspicious, malicious files every week.
According to the report, attackers are refining their methods and consolidating their assets to create global networks that support coordinated criminal activity. The report deems these tactics “underground economy servers.”
Criminals and criminal organizations use them to sell cybercrime tools and stolen information, including government-issued identity numbers, credit cards, bank cards and personal identification numbers (PINs), user accounts and e-mail address lists.
So, is this organized crime online? Yes, said Dave Cole, director of the Symantec Security Response organization, “but not in the traditional kind of ‘Tony Soprano’ sense that a lot of people may think — these people have a service to barter.”
Cole described the phenomenon as an online criminal bazaar.
“Someone shows up and says, ‘I’ve got this Trojan. No one else has it. I’ll sell it to you for $500 to $1,000.’ Another one shows up and says, ‘I’ve got hacked hosts that you can have access to.’ Another one sells identities for $14 to $18. Credit cards run from $1 to $6, depending on how many you buy and where they’re located.”
It was 18 months ago that Symantec first took note of the more criminalized threat landscape.
“It wasn’t just people going out for a digital joy ride anymore, and that’s why things went pretty quiet for a while,” Cole said. “It wasn’t because things weren’t happening — it’s just that there’s no incentive for these people to make any noise as they burrow deep into the system and try to steal your login, password or identity.”
As they burrowed, cybercriminals formed fraud communities and economies on the Web to trade specialties — spammers working with phishers working with malware authors and so on.
The benefit of this is that it lowers social, geographical and technical barriers to entry into cybercrime.
“You’ve got a lot of people who might be attracted by quick money or who may have the technical skills to steal people’s identity but not necessarily an easy means of cashing that out,” Cole said.
Through online fraud communities and economies, cybercriminals are able to find individuals to process stolen goods, data or credit, sometimes from one country to another, essentially, virtual money laundering.
The result is that online attacks can get a lot more sophisticated.
“If [cybercriminals] participate in these communities and economies, they can all play very specialized roles, which means phishing can get a lot more convincing, malware can get a lot more sophisticated and specialized,” Cole said. “So, it’s a lot like a capitalist-driven economy, which drives specialization of labor.”