Cyber Criminals Using Online Attack Kits to Steal Data

cyber criminalsCyber criminals are now using online attack kits to steal data. The cyber criminal does not need to have advanced hacking skills today to steal someone’s personal banking information. In a few simple steps, they can download a so-called “attack kit” and online theft is just a matter of a few clicks away.

Symantec, an online security company, has now reported that 61 percent of all online attacks are launched through attack kits. The most prevalent being Mpack, Neosploit and Zeus. In the past, only a small numbers of highly skilled cyber criminals possessed the knowledge necessary to create a threat from scratch. That has all changed. The attack kit exposes known vulnerabilities on an unsuspected victim’s PC. The attack kit then provides the tools needed for the cyber criminal to steal sensitive data and information. Attack kits are also known as “crime-ware.”

The attack kits are highly successful at stealing people’s financial information. As such, their demand has increased dramatically, and so has the price. Over six years ago, a popular attack kit apply titled “WebAttack” sold for only $15 on the underground black market forums. Today, the “Zeus” attack kit can sell as high as $8,000.

Cyber criminals know where to attack, according to Symantec. They most often target adult websites and video streaming sites searching for vulnerabilities, the way a hawk searches for a mouse in a field. They also target the misspelled or mistyped website equivalents. Music, games, technology and file sharing sites are less likely to be targeted. Symantec has found that cyber criminals using online attack kits to steal data has significantly advanced the evolution of cyber crime into a multi-million business.

The cyber criminal searches through the illicit world of underground message boards and forums searching to make clandestine purchases of attack kits. According to the FBI, payment for attack kits is usually arranged through money transfer services like Western Union.

Cyber crime has been such a problem today that Hewlett-Packard sponsored a hacking contest were they awarded $850,000 in prizes. Hacking teams gathered to find security vulnerabilities in web browsers and in video programs. Over a two-day period, they identified 35 vulnerabilities that were disclosed.

The damage from cyber attacks can cost companies millions, mostly in lost hours. One company cited an example of where they were hacked by a guy who claimed to work for a competitor, who demanded $300 to stop the attacks. They company refused, and the hacker continued for days.

Security experts have also seen the increase in cyber crime by what they call “hacktivists.” These hackers target websites as a form of protest, as opposed to financial gain.  Analysts have also noted the increase of the use subterfuge to distract IT staff, while the hackers carry out a more selected target.

With cyber criminals using online attack kits to steal data with relative ease, the future for cyber crime is discomforting, according to security experts. The FBI currently has a cyber crimes “Ten Most Wanted List.” The FBI is offering a $50,00o reward for information leading to the arrest of Andry Nabilevich Taame, for the unauthorized infection of malware to four million computers.

By  John J. Poltonowicz

Sources:

Network World
Bloomberg Business Week
Financial Times
FBI Cybercrime Ten Most Wanted List

Leave a Reply

Your email address will not be published.