Criminal Profit-Driven Attacks Present Increased Threats for Businesses and Government
According to the Information Security Forum (ISF), targeted and organised, profit-driven attacks are replacing random individual hacker attacks and presenting increased threats for businesses and government. This new breed of attack, designed to steal valuable and sensitive information or customer data for major financial gain is being orchestrated by criminal networks that bring together specialist skills and expertise. Many even place sleepers within organisations to provide inside knowledge and access.
According to the ISF, profit-driven attacks have five phases: Reconnaissance to identify targets; Development to plan the attack and write malware; Extraction of the data; Exploitation by advertising and selling stolen information; and finally Laundering of the profits. Normally, there is a different person or team running each phase, often operating from different parts of the world, making it extremely difficult to track and trace. Each group takes a slice of the profits with the criminal ringleaders reaping the largest rewards - that can run into millions.
"It's not dissimilar to the process of robbing a bank," says Nick Frost, senior research consultant at the ISF. "The difference is that this cybercrime is more sophisticated and harder to trace. Most attacks are able to circumvent generic security controls, while anti-forensic techniques are used to remove traces such as deleting system logs and advanced attack kits such as Limbo 2 Trojan are available online with non-detection-warranties."
"Most organisations do not have the necessary controls in place to deal with these attacks and the financial profits from successful breaches are simply used to fund more sophisticated and malicious attacks, creating a vicious cycle," adds Frost.