Cybercriminals modernise, but stick to vintage exploits

By

Cybercriminals are combining older exploits with modern business management techniques to make money, according to a new Cisco security report released this week.

For example, according to the report which was released this week, some recent cyberattacks are using dated exploits of vulnerabilities that were discovered in 2006. Though only a small number of unpatched PCs may exist in an enterprise, criminals can still find and break into them.

“If you have even 0.1 percent of your PCs that are not being patched, there are criminals who are working very hard to break into them,” Patrick Peterson, Cisco fellow and chief security researcher, told SCMagazineUS.com. “If someone misses an update, they are likely to get owned.”

In addition, criminals also demonstrate increasingly strong business acumen. They collaborate, prey on peoples' fears and interests, and make use of legitimate internet tools such as software-as-a-service, according to the report.

“These guys are collaborating and finding complementary ways to partner,” said Marie Hattar, vice president of network systems and security solutions marketing, in a blog post. “Not only that, they're also getting smart about search-engine optimisation techniques.”

Botmasters increasingly rent networks of compromised computers, form alliances, or just exploit each other, according to the report. And many botmasters borrow the best practices and strategies of the real business world.

“Criminals have been working on their cyber MBAs,” Peterson said. “They seem to have been going though the same kinds of training you would see at the Harvard Business School. They're restructuring and reorganising their businesses to be more efficient, more dangerous and more profitable.”

Other findings in the report include: Web 2.0 applications, prized for their ease of use and flexibility, have become lures for criminals; criminals target people who use online banking with well-designed, localised text message scams — and leave virtually no trail; and there is an increasing use of “spamdexing,” or packing a website with topical keywords or search terms. That way, users searching for a specific search term may click on the malicious links, which have risen above the legitimate results.

“With criminals being so quick to identify weaknesses both in online networks and in consumers' psyches, businesses need to adopt ever more advanced ways to fight cybercrime and remain vigilant across all attack vectors," Peterson said in a statement.

See original article on scmagazineus.com


Got a news tip for our journalists? Share it with us anonymously here.
Copyright © SC Magazine, US edition
Tags:

Most Read Articles

India's alarm over Chinese spying rocks CCTV makers

India's alarm over Chinese spying rocks CCTV makers

Hackers abuse modified Salesforce app to steal data, extort companies

Hackers abuse modified Salesforce app to steal data, extort companies

Cyber companies hope to untangle weird hacker codenames

Cyber companies hope to untangle weird hacker codenames

Victoria's Secret pulls down website amid security incident

Victoria's Secret pulls down website amid security incident

Log In

  |  Forgot your password?