Cyber Criminals Using Online Attack Kits to Steal Data

[Audrey McNeil <audrey () riskbasedsecurity com>]

http://guardianlv.com/2014/03/cyber-criminals-using-online-attack-kits-to-steal-data/

Cyber criminals are now using online attack kits to steal data. The cyber
criminal does not need to have advanced hacking skills today to steal
someone's personal banking information. In a few simple steps, they can
download a so-called "attack kit" and online theft is just a matter of a
few clicks away.

Symantec, an online security company, has now reported that 61 percent of
all online attacks are launched through attack kits. The most prevalent
being Mpack, Neosploit and Zeus. In the past, only a small numbers of
highly skilled cyber criminals possessed the knowledge necessary to create
a threat from scratch. That has all changed. The attack kit exposes known
vulnerabilities on an unsuspected victim's PC. The attack kit then provides
the tools needed for the cyber criminal to steal sensitive data and
information. Attack kits are also known as "crime-ware."

The attack kits are highly successful at stealing people's financial
information. As such, their demand has increased dramatically, and so has
the price. Over six years ago, a popular attack kit apply titled
"WebAttack" sold for only $15 on the underground black market forums.
Today, the "Zeus" attack kit can sell as high as $8,000.

Cyber criminals know where to attack, according to Symantec. They most
often target adult websites and video streaming sites searching for
vulnerabilities, the way a hawk searches for a mouse in a field. They also
target the misspelled or mistyped website equivalents. Music, games,
technology and file sharing sites are less likely to be targeted. Symantec
has found that cyber criminals using online attack kits to steal data has
significantly advanced the evolution of cyber crime into a multi-million
business.

The cyber criminal searches through the illicit world of underground
message boards and forums searching to make clandestine purchases of attack
kits. According to the FBI, payment for attack kits is usually arranged
through money transfer services like Western Union.

Cyber crime has been such a problem today that Hewlett-Packard sponsored a
hacking contest were they awarded $850,000 in prizes. Hacking teams
gathered to find security vulnerabilities in web browsers and in video
programs. Over a two-day period, they identified 35 vulnerabilities that
were disclosed.

The damage from cyber attacks can cost companies millions, mostly in lost
hours. One company cited an example of where they were hacked by a guy who
claimed to work for a competitor, who demanded $300 to stop the attacks.
They company refused, and the hacker continued for days.

Security experts have also seen the increase in cyber crime by what they
call "hacktivists." These hackers target websites as a form of protest, as
opposed to financial gain.  Analysts have also noted the increase of the
use subterfuge to distract IT staff, while the hackers carry out a more
selected target.

With cyber criminals using online attack kits to steal data with relative
ease, the future for cyber crime is discomforting, according to security
experts. The FBI currently has a cyber crimes "Ten Most Wanted List." The
FBI is offering a $50,00o reward for information leading to the arrest of
Andry Nabilevich Taame, for the unauthorized infection of malware to four
million computers.

_______________________________________________
Dataloss Mailing List (dataloss () datalossdb org)
Archived at http://seclists.org/dataloss/
Unsubscribe at http://lists.osvdb.org/mailman/listinfo/dataloss
For inquiries regarding use or licensing of data, e-mail
        sales () riskbasedsecurity com 

Supporters:

Risk Based Security (http://www.riskbasedsecurity.com/)
YourCISO is an affordable SaaS solution that provides a comprehensive information security program that ensures focus 
on the right security.  If you need security help or want to provide real risk reduction for your clients contact us!