Cyber crime is big business. And it is growing in scope and impact.
But what may not be obvious to the casual observer is that cyber crime is growing in its magnitude and sophistication because of two key factors: the consumerisation of crimeware, and the adoption of time-tested business processes to enhance the profitability of crime syndicates worldwide.
The disturbing trend in cyber crime is the "enterprise-class" approach crime syndicates take to grow their businesses. Today's syndicates employ hierarchies of participants with roles that mirror the executive suite, middle management and the rank and file. The executive suite oversees strategy and operations that initiate nefarious acts. Recruiters identify "infantry" that carry out large-scale attack schemes on a permanent hire or outsource (affiliate) basis. They also create and hand out malware and mold reward programmes to pay affiliates once successful attacks are carried out.
Given the ubiquitous adoption of cloud computing, social networking, BYOD, and mobile communications, cyber criminals now have unprecedented reach across and into more organisations, databases, desktops and mobile devices than ever before. Infrastructure advances and the enormous number of avenues for attacks are giving cyber criminals a smorgasbord of attack vectors to choose from.
To capitalise on these opportunities, cyber crime syndicates use recruiters to attract new "talent" via fully realised Web portals, many of which protect themselves with disclaimers such as, "We do not allow spam or other illicit methods for machine infection." This is a method of passing off legal responsibility to the hired "infantry" while providing the necessary malware needed to execute a full-fledged infection campaign.
Fanning the Flames
The drivers of these constantly evolving tools are extensive R&D organisations that create custom-order code to produce private botnets, fake anti-virus software and deployment systems. In turn, these are typically carried out for premeditated, targeted attacks - known as Advanced Persistent Threats (APTs).
Another key contributor to the expanding influence of cyber crime is the hosting provider. Simply put, criminals need somewhere to store attack content such as attack code, malware and stolen data. Taking a page out of Wall Street, crime syndicates are engaging in mergers and acquisitions to grow their botnets through the use of another organisation's botnet. A recent example is Zeus and SpyEye. Zeus, circa 2007, peaked in 2010 as the most prolific banking crime kit around. The crimeware kit would create new versions of powerful malware which had the capability to steal banking credentials, as well as hijack and manipulate secure online banking sessions. A rival botnet known as SpyEye emerged in 2010 and tried to take over what was clearly a successful market. The competition hurt profits for both, so in late 2010, the two authors merged source code, retired Zeus support and passed the torch to SpyEye.
Sign up for MIS Asia eNewsletters.