Wednesday, August 6, 2014

Cyber crime is an industry and its raw material is our data

Criminal groups operating on the Internet have become an industry which is feed by our personal information for many of its activities. Many of these gangs work similarly to small businesses in which each component has a specific function.

For example, this kind of working dynamics was adopted by the Russian cyber criminal group which has stolen the largest number of user credentials known to date. While some of them program, others subtract user’s data. Thus, they have managed to amass 1,200 million usernames and passwords combinations and more than 500 million email addresses. To do this, they have used botnets of infected computers. Taking advantage of these "zombie computers" they have been able to check what websites were vulnerable to SQL injections and thus they extracted information from their databases. Among the 420,000 affected sites, there are both sites from Fortune 500 companies or from small business.

Why is it so dangerous that an offender knows your user credentials? For example, if a cybercrook has obtained your Paypal username and password, even if you had activated two-factor authentication, if your account was integrated with the "adaptive payments" feature, the attacker could exploit a vulnerability in Paypal that allows him to bypass two-factor authentication and send money, change your account settings or even modify your password.

But how the hell can a complete stranger, who perhaps is at the opposite corner of the world, get your usernames and passwords? A widely used technique is the phishing technique, ie, sending fake emails posed as notifications from any service you use and leading you to websites where criminals requests you such data. This type of cyber attacks accounted more than $ 400 million in global losses last June.

Malware is another essential tool for cybercriminals. For instance, banking Trojans are able to capture your credentials for accessing online banking services, just like it does the recently discovered "Kronos" banking Trojan. Other viruses such as "POWELIKS", which has also been discovered recently, are able to be installed in the Windows registry without hosting any files on the system. This makes them much more difficult to be detected. Specifically "POWELIKS" has the ability to install spyware or banking Trojans and integrate the infected device in a botnet to perform denial of service attacks.

However, with the growth of cybercrime industry another sector closely related to it is being developed. This is cybersecurity. Armies of analysts and security forces investigate and prosecute Internet malicious actors. Part of its work is to discover potential threats before they are exploited by any criminal. Thus, a researcher at IOActive has warned about the possibility of that a hacker accesses the communications of an aircraft through its public Wi-Fi network. Although this attack is difficult to replicate outside of a laboratory, the mere possibility that an airplane is hijacked taking advantage of this flaws should alert manufacturers like Cobham, Harris, EchoStar's Hughes Network Systems, Iridium Communications or Japan Radio Co.

If you do not want that your personal information becomes the food of the cybercrime industry, the best you can do is to keep yourself regularly informed about all its dangers. Therefore, we invite you to follow us through our social channels (find the links at the sidebar) or here.


Post a Comment