Since at least 2005, if not well before that, the very nature of the security threat has fundamentally changed. The popular image of the backyard hacker developing software to take down remote systems for kicks no longer applies. The major threats come from highly organised criminal groups whose goal is not necessarily to destroy your PCs, but to harness the capabilities of the internet to spy on your business, steal your data, trick your staff and hijack the processing power of the networked computer systems for their own ends. They?d like to gather the credit card details of your clients, trick you into revealing passwords and data that they?d find useful or saleable, and perhaps even steal your data and blackmail you for its return.
The side effect of this is that criminal hacking has become highly professionalised, with virus developers being paid by the hour by develop systems that are very much targeted at eking profit out of businesses and individuals.
According to McAfee?s 2007 Virtual Criminology Report, cyber criminals are employing increasingly sophisticated methods of breaching computer security systems. They?re using VoIP services, elaborate phishing schemes that target specific individuals, email viruses with topical headlines, social networking services like FaceBook and MySpace, and techniques as simple as dumpster diving to get their hooks into businesses large and small. As security software has developed, so have the hackers, and it requires systems more sophisticated than a basic firewall and an old-style signature-based antivirus package to stop them.
The report also notes that, in the near future, mobile devices are going to become a major target for hackers as well. Smartphones and PDAs, which are essentially small computers, now have always-on Internet access and could be vulnerable to all the same kinds of attacks as PCs. Given their capacity for email, they can also be used for phishing and similar attacks.
How organised crime is profiting from the internet
Cyber criminals have developed many ways to profit from cyber attacks. Here are some examples:
- Collecting financial data (including credit card numbers and pins) and selling the results to the highest bidder
- Hijacking email addresses for use in spam
- Collecting company information for use in extortion attempts
- Force-installing adware on systems for a fee
- Running various confidence scams using email and websites
?Organised crime is seizing the potential of the digital space we live our lives through today for financial gain. The increasing take-up of broadband and new technologies such as voice over internet (VoIP) services present new opportunities for hi-tech criminals.?
Greg Day, McAfee Security Analyst