Posts Tagged ‘cybercrime’

According to the Cisco 2009 Midyear Security Report, internet criminals are becoming more sophisticated, using increasingly targeted attacks. However, Cisco predicts that increased collaboration between organizations, like what we saw with Conficker, and new security policies may make it more difficult for attacks to infiltrate and spread.

The Midyear Security Report provides an overview of Cisco security intelligence, including information about new threats and trends, for the first half of 2009. Highlights from the Report:

• Criminals are exploiting traditional vulnerabilities because they believe security experts and users are paying little attention to these types of threats.
• Compromising legitimate websites to propagate malware remains a highly effective technique
• Web 2.0 applications have become lures for criminals
• Criminals are now targeting online banking customers using well-designed, localized text message scams
• The Obama administration has made strengthening U.S. cybersecurity a high priority, and plans to meet threats by using technological innovations and partnering with the private sector. Other countries are following suit.
• Compared to 2008, the number of vulnerabilities and discrete threats has not risen as quickly.

Given the interest in insider threats, the report also details a possible increase in this threat given the current economic instability. This section of the report simply reiterates other studies and articles on the topic, simply providing context for what could be a growing security trend.

Download the report here.

Via eweek

McAfee launched a new web series this week entitled H*Commerce: The Business of Hacking You at StopHCommerce.com

H*Commerce, Hacker Commerce, is the “business of making money through the illegal use of technology to compromise personal and business data.” The new series will air 6 episodes, one episode being added every two weeks. Each episode involves real people doing normal online activities who are then attacked by cybercriminals. Each episode focuses on real stories in a documentary-style.

Here is the first webisode, “Unexpected Beginnings”, telling the story of Janella Spears, who lost more than $440,000 as the result of an email scam. The video explores the effects this cybercrime had on Janella and her family as well as Janella’s education in how to clean her system, handle hackers and stop cybercrime scams.

McAfee also recently launched a Cybercrime Response Unit designed to help victims of cybercrime.

Earlier in December, McAfee released their 4th annual Virtual Criminology Report, which outlines trends in global cybercrime. The report indicated that cybercriminals quickly shifted tactics to take advantage of emotional “hot ticket” items such as the economic recession. Botnets alone are capable of sending 100 billion spam messages per day, an infrastructure that is making it easier and more lucrative for cyber criminals to stay hidden.

Banking scams emerged soon after banks started to struggle during the start of the recession. Cybercriminals are taking advantage of the fear and uncertainty of this by asking users to “update account information” before their bank merged, for example. Targeted scams emerge as early as a day after news breaks, as they did also during the presidential race this year. In addition to a shift in tactics, the report indicates that criminals are becoming more aggressive:

“With almost all of today’s malware being financially motivated, even cybercriminals are looking for more business in tough economic times and are really stepping up their game.”

Analysts say these trends point out that cybercriminals are getting faster and smarter than ever before. Also tapping into fear that’s the result of the economic downturn, there has been an increase in scammers luring customers into “internet sales” jobs that are end up assisting cyber criminals in things such as money laundering. Some examples of various recent scams of these sorts can be found on the Avert Labs blog.

As with all security problems, with both consumers and the corporate environment, the solution to these issues comes by combining education with technology:

“Technology alone cannot solve the problem. Education alone cannot solve the problem. Both combined, however, can enable us all to use the Internet the way we want.”

In addition to these measures, the report strongly encourages governments to step up in fighting cybercrime. Law enforcement at every level has been ad-hoc and incapable of coping with cybercrime, with issues in cross-border law enforcement making the issues worse.

Download the McAfee Virtual Criminology Report here. And, along similar lines, the Anti-Phishing Working Group has published their quarterly report, indicating that the use of malware on websites to steal passwords and other sensitive information is at an all-time high.

The FBI is also reminding people to be aware of holiday-themed scams criminals are using to steal personal information and/or money. Be aware of greeting e-card scams, spoofing and phishing scams. They remind you not to respond to unsolicited email, not to click on links or attached files, to keep private information to yourself, and to verify with the business the email is supposedly from, just in case.

Corporations, government agencies and academic institutions have formed together to study issues surrounding cybercrime, terrorism, narcotics trafficking and identity management. Together they have formed the Center for Applied Identity Management Research (CAIMR).

CAIMR is hosted by Indiana University and is a non-profit corporation of thought leaders who share a common interest in identity management. Their mission is to “study identity issues impacting commerce, government, and national security, their social implications, and the processes, technologies and policies designed to deal with them.” However, despite all that, the goal is to develop real world solutions to these issues. The outcomes may be in the form of industry or law enforcement best practices, technologies, policy adjustments or training and educational materials.

CAIMR notes that the goal is to be able to adapt more quickly to evolving identity fraud and cyber crimes, understanding the constraints and challenges faced by each set of stakeholders. Gary R. Gordon, scholar in identity management at Indiana University School of Law, will be executive director at CAIMR.

Four initial areas of study will be:

1. Public safety: identity theft, cybercrime, fraud, sexual predator detection, etc.
2. National security: cybersecurity, human trafficking, terrorist tracking, etc.
3. Financial and corporate fraud: mortgage fraud, data breaches, insider threats, healthcare fraud, etc.
4. Individual protection: identity theft, fraud, etc.

Partners in CAIMR include the US Secret Service, VISA, Wells Fargo & Company, and many more.

Via network world, security watch

There are two pieces of news to report in terms of various consumer data protection acts at the state and national levels.

This month, President Bush signed into law a bill that will make it easier for prosecutors to go after cybercriminals, and for identity theft victims to be compensated. The Identity Theft Enforcement and Restitution Act of 2008 [HR 5938], which passed the Senate in July, would remove the $5000 damages floor that was previously required for prosecutors to charge individuals under the federal cybercrime laws.

Identity Theft Enforcement and Restitution Act (HR 5938) would:

• Give identity theft victims the ability to seek restitution
• Ensure cyber criminals posing as businesses can be prosecuted
• Make it a felony to employ spyware or keyloggers that damage 10+ computers
• Extend cybercrime definitions to include cyberextortion cases
• Allow prosecution when cybercriminal and victim live in the same state

In other legislative news, the Massachusetts Office of Consumer Affairs and Business Regulation has released a new set of rules requiring companies to encrypt personal data on laptops and monitor employee access to data. These new rules apply to credit card information and Social Security Numbers. Companies and government agencies are required to comply with the new regulations by January 1, 2009.

In August, Governor Patrick signed an identity theft prevention law that requires the reporting of data breaches to the Office of Consumer Affairs and Business Regulation. Since then, 320 breaches have been reported, affecting 625,365 Massachusetts residents. A report outlining the incidents has been released here [PDF].

Via i’ve been mugged, 2, boston globe, washington post ; Image: clip art