The implications of cybercrime's biggest ever bust

Powered by SC Magazine
 

Recent arrests in the hacking of nine U.S. retailers and Countrywide Home Loans is just the tip of the iceberg of what's to come, according to experts in the security industry.

The recent arrests of 11 people involved in hacking nine U.S. retailers, and two men who stole data from Countrywide Home Loans, is just the tip of the iceberg of what's to come, according to experts in the security industry.

“The recent arrests demonstrate the essential cooperation between law enforcements around the world to fight cybercrime,” Yuval Ben-Itzhak, Finjan's chief technology officer, told SCMagazineUS.com on Wednesday. “As these criminals managed to cash out millions of dollars, other criminals will follow the pattern. We will continue to see this trend in 2009 as well.”

According to Ben-Itzhak, Finjan's Q2 Trends report indicated that its discoveries were clearly the tip of the fraud iceberg. The fact that nine major retail chains have been hacked and payment card details of 41 million cardholders were obtained, confirms this once again.

“The scale of this fraud is quite breathtaking, and illustrates the professional approach that these fraudsters take. It might be all business to them, but such a fraud leaves a lot of damage, hassle and misery for victims in its wake,” he said. "For companies such as the ones victimised, safeguarding their networks and financial and business data has become a top priority.”

The Countrywide arrests point to a different, but equally disturbing, emerging landscape in identity theft: the corporate insider.

“The criminal insider takes data with the sole purpose of using it, often reselling it to third parties,” explained Paul Davie, COO of Secerno. “Without examining how vulnerable their data is from insider attacks, most companies are leaving critical shortfalls in place that could be costly from both an operational and brand perspective.”

However, Davie said he sees a parallel between the two sets of arrests. In each scenario, the databases were likely not being monitored correctly.

“It's a matter of legitimate use versus normal use,” he said. IT officials need to have a good understanding of how their database is to be used so they are able to quickly notice any abnormal patterns.

Another issue, Davie added, is the continuing blurred line between who is an insider and who is considered external.

“Is a consultant internal or external?” he asked. “What about a third-party company which has access to the information?”

Alain Mayer, CTO of Red Seal, agreed, telling SCMagazineUS.com that one of the biggest challenges is the complexity of networking.

“The perimeter in today's IT infrastructure is shrinking. Extranets, wireless access points and other un-trusted zones dominate the threat profile,” Mayer said. “In such an environment, internal segmentation is crucial.”

See original article on scmagazineus.com

Copyright © SC Magazine, US edition


The implications of cybercrime's biggest ever bust
 
 
 
Top Stories
Earning the right to innovate
Breaking down the barriers to innovation is a long, but rewarding process, says Bank of Queensland Group CIO, Julie Bale.
 
A call for timely reporting
[Blog post] Businesses need incentives to keep customer data secure.
 
Doubts cast on Queensland's ICT Dashboard
Opposition, former Govt CIO say it can't be trusted.
 
 
Sign up to receive iTnews email bulletins
   FOLLOW US...
Latest Comments
Polls
What is delaying adoption of public cloud in your organisation?







   |   View results
Lock-in concerns
  26%
 
Application integration concerns
  3%
 
Security and compliance concerns
  29%
 
Unreliable network infrastructure
  9%
 
Data sovereignty concerns
  22%
 
Lack of stakeholder support
  3%
 
Protecting on-premise IT jobs
  5%
 
Difficulty transitioning CapEx budget into OpEx
  3%
TOTAL VOTES: 858

Vote