New Developments

Trojans Are No. 1 Weapon for Online Attacks

Last year, criminals broke into computers at the U.S. Department of Energy's Oak Ridge National Laboratory, stealing more than 12,000 Social Security numbers and birth dates, while the Brazilian police arrested 41 hackers for using a Trojan to make nearly $5 million by stealing bank account information. These are two of the countless cases where online thieves have taken advantage of security vulnerabilities for profit. To help organizations understand how online crime works, Moscow-based IT security firm Kaspersky Lab published a new white paper, The Cybercrime Arms Race, which provides information that can help internal auditors, IT managers, and senior executives understand how online attacks work.

The paper, written by Kaspersky's Founder and Chief Executive Officer Eugene Kaspersky, begins by discussing today's online crime landscape and business principles. According to Kaspersky, "contemporary cyber crime is like any other business. It behaves according to traditional business principles such as profitability, ease of use, risk management, and emerging markets."

As he continues to explain, profitability is the most important criterion for online thieves to thrive: "Cyber crime is extremely profitable. Large sums have been stolen successfully in one-shot deals, as well as by acquiring small sums in large quantities. For example, in 2007 alone there was an average of one cyber crime reported per month."

Another key factor in the proliferation of online attacks is that of depersonalization. As the white paper describes, criminals who specialize in online attacks never see their victims or the corporations they choose to attack. Hence, it is easier for them to steal information or money. In addition to this anonymity is the wide selection of online resources available, such as Trojans and botnets solutions, which make it easier for online crime to survive. "The level of technical expertise required to run a cyber crime business continues to decrease in similar proportion to the increase in the number of Internet-savvy people," states Kaspersky in the report.

According to the report, business areas that are especially vulnerable to attacks include:

• Organizations providing Internet-money and online banking activities.
• Data storage facilities and applications located on remote external servers.
• Online games where thieves can steal passwords and virtual property for resale at a significant profit.
• Internet-based stock exchange agencies.
• Web 2.0 tools, such as online social networking applications, that rely on the easy downloading, publishing, and other information-sharing techniques, thus making every participant vulnerable to malware infections.

The rest of the white paper concentrates its discussion on how online attacks work. As Kaspersky writes, today's thieves use Trojans as their No. 1 weapon of choice to build botnets, steal passwords and other confidential data, and encrypt data to blackmail unsuspecting victims. "One disturbing characteristic of today's attacks," he adds, "is the newer goal of maintaining a presence on the infected machine. Cyber criminals are using a number of techniques to achieve this goal."

These techniques include the use of discrete attacks that target specific organizations and provide significant return on investments. Another common technique is the sabotage of security programs to prevent detection. Malware sabotage often occurs through the termination of security processes, deletion of code, or modification of the Windows host's file to prevent antivirus program updates.

"In addition, malware often removes malicious code that is already installed," Kaspersky says. "This active competition between malicious programs highlights the rich opportunities that are available to malware writers and the criminals that sponsor them."

To read the full white paper, visit the Computerworld Web site.

Site Search: