Tuesday, April 29, 2008

Internet Crime Transforms into Mature Business

Source : Click

Pack up the image of the lone hacker. Internet crime is highly organized -- outsourcing complex work and using sophisticated pricing, like bulk discounts for stolen credit cards.

If you still view the Internet as a kind of Wild West where colorful rogues and small bands of outlaws try to damage or invade personal computers -- you're not only way behind the curve, but may be putting yourself and your business at risk. Internet crime has evolved not just into a mature and sophisticated industry, but also into a global network that has its own underground economy, specialties and infrastructure, Symantec reports in its latest Internet Security Threat Report.

What should be particularly worrisome to legitimate businesses is a shift in tactics. Rather than targeting computer networks, which have strengthened defenses considerably, Internet criminals now try to get to individual computers and customers of Internet services and sites with Web-based attacks. One reason: Few Web sites address their vulnerabilities, and the few that do, react slowly. "Of 6,961 site-specific vulnerabilities in the first six months of 2007, only 330 had been fixed at the time of writing," Symantec reports.

Once these vulnerabilities have been exploited, attackers can then zero in on individual users. "Symantec has also observed that attackers are particularly targeting sites that are likely to be trusted by end users, such as social networking sites. ... Attackers targeting trusted sites can also steal user credentials or launch mass attacks because they may allow attacks to propagate quickly through a victim's social network," the report warns. And as information is picked up, it is bundled and sold on servers that help this black market flourish and grow -- often priced according to demand and value. Information to verifiably high-value accounts fetches more than just generic bank accounts, for example.

Attackers are proving intensely resourceful and adaptive. Code threats have increased dramatically, apparently because criminal organizations now hire software specialists to churn out malicious code so they can constantly remain ahead of efforts to defend against attacks. And they have physical mobility, too. "Malicious groups are actively anticipating and planning for the need to adapt on the fly -- including the deployment of back-up servers to which they can turn when law enforcement agencies or ISPs threaten to shut down existing operations," the report says.

Symantec is also warning that the coming presidential elections will provide scammers an opportunity to exploit and target political and campaign Web sites. That will be explored in a separate Kiplinger Recommends feature next week.