Underground cybercrime economy fuelling growth of data-stealing malware

An underground cybercrime economy driven by profit-seeking criminal networks has led to stealing of personal information from compromised networks and PCs, according to a security report.

Data-stealing malware has been in the limelight in Q1 2009, according to the latest data from TrendLabs, security company Trend Micro's global network of research, service and support.

Online banking credentials, credit card numbers, social security numbers and passwords are at risk. Trojans are the fastest-growing category of data-stealing malware that pose a serious threat to computer security. True to their name, they typically arrive disguised as something benign such as a screen saver, game or joke.

Based on TrendLabs research in 2007, 52 per cent of data-stealing malware were Trojans; in 2008, that number increased to 87 per cent; and as of Q1 2009, 93 per cent of data-stealing malware were Trojans.

As one of the most dangerous categories of web threats today, data-stealing malware showed tremendous growth in 2008 and is, therefore, an area of concern for consumer and business audiences alike.

According to Anti-Phishing Working Group statistics, the number of sites infecting PCs with password-stealing crimeware reached an all time high of 31,173 in December 2008 – an 827 per cent increase from January 1.

Data-stealing malware is usually the second or third component of a sequential multi-pronged web attack and encompasses malware such as keyloggers, screen scrapers, spyware, adware, backdoors or bots.

Trojans and Trojan spyware are the predominant type of data-stealing malware in all regions monitored by TrendLabs, including Australia, Asia, Africa, South America, North America and Europe.

Trojan infections are on the rise and according to Trend Micro data, the Trojan threat category has grown exponentially in every country across the globe over the past three years.

"As a threat category, data-stealing malware is experiencing tremendous growth because it serves the needs of financially motivated criminals who leverage the internet for what it does best – provides valuable information," said Jamz Yaneza, Threat Research Manager for Trend Micro.

Politics and cybercrime have finally intersected in news headlines; understandably so. In the US alone, the number of known breaches of government computers with malware more than doubled between 2006 and 2008, according to the Department of Homeland Security. Paul Ferguson, Advanced Threat Researcher at Trend Micro, said it is possible that cyber terrorists may have already planted malware within the US electrical grid that would allow them to remotely disrupt service.

Cybercrime has gained significant international mobility. In 2007, Estonian computer networks were crippled when serious distributed denial of service (DDoS) attacks against government and civilian sites were reputedly linked back to Russian operatives. At the time, Russia and Estonia were involved in a dispute over the Estonians' removal of a Soviet war memorial.

The French embassy's website in Beijing was inaccessible for several days after a full-scale cyber attack following President Nicolas Sarkozy's meeting with Tibetan spiritual leader, the Dalai Lama. Experts now widely believe instead that a Chinese hacking group staged the attack for nationalistic purposes.

"Virtually anyone with a computer and internet access can wreak havoc. In the US, hacker attacks have been documented on county or state government sites," said Ferguson. "Smaller organisations have a limited IT budget and few staff so they hire a third party to build a website. Over time, the site fails to be maintained or upgraded, exposing vulnerabilities that 'hacktivists' then leverage to express political views."

Ferguson also cited the recent example of data-stealing malware is the Conficker worm, which was recently in the news. Conficker, also known as Downup, Downadup, and Kido, is a worm that targets the Windows operating system and was first detected in November 2008. Once a machine is infected, the worm can download and instal additional malware from attacker-controlled websites.

This could include a password stealer or software to remotely control computers.

Ferguson said: "The worm was apparently designed to propagate as part of a botnet and can thus transmit data remotely if needed." Cyber espionage is also grabbing headlines. Every year, corporations suffer billions of dollars in intellectual property losses when trade secrets are illegally copied and sold to competitors on the black market for profit, or used for extortion. Business networks provide the perfect medium for cybercriminals capable of breaching their defences.

"Cybercriminals are using malware for financial gain and for geopolitical purposes," said Ferguson.

"We have even seen data-stealing malware attacks against US defence contractors – believed to be Chinese – launched to steal trade secrets. However, it's hard to connect the dots back to the people really pulling the strings because of the anonymous nature of the internet."

For years, security protections have been focused on protecting the endpoints– where most people access data. In today's multi-threat environment, a new strategy is needed.

A correlated approach is used to address the tendency for cybercriminals today to launch multi-pronged, combined attacks composed of a number of different web threats. It analyses e-mail, embedded links, file attachments, and hosted web files to identify new IPs, domains, URLs, and files that can be instantly added to reputation databases to quickly block new threats.

In other cases, criminals or disgruntled employees sneak data-stealing malware onto corporate networks and then customer data or confidential company information is silently transmitted outside the network – a new twist on industrial espionage.

Criminals have become adept at exploiting open entry points that are critical to employee's productivity – like port 80 used for web surfing and web mail. Instances of data stealing range from a single user losing personal data from a PC to thousands of records stolen in large-scale data breaches.

According to Gartner, 7.5 percent of US adults lost money as a result of financial fraud last year, mostly due to data breaches. The most recent large-scale data breach occurred last year involving Heartland Payment Systems, one of the five largest payment processors in the US. The breach occurred when hackers believed to be linked to a cybercrime syndicate managed to sneak a keystroke logger onto the company's credit card processing system. Although Heartland has provided no information about how the software penetrated the network or how many card numbers were stolen, at least 160 banks in the US, Canada, Guam and elsewhere are reported to have been affected. Heartland serves 250,000 business locations and conducts more than four billion business transactions per year.

Processing companies such as Heartland will continue to be a target for cybercriminals due to the value of the data they handle.

According to the 2009 Verizon Data Breach Investigations Report, 93 per cent of all electronic records breaches occurred in the financial services industry and 90 per cent had ties to organised crime.

In July 2007, a Pfizer employee removed files from the company exposing 34,000 people to potential identity fraud and was the third data breach to occur at the company in three months. The breach disclosed the names and social security numbers of affected employees and also included home addresses, telephone numbers, fax numbers, e-mail addresses, credit card and bank account numbers, and other information.

In some instances, data breaches occur because security protections are either too lax or are missing entirely.

Randal Vaughn, Professor of Information Systems at Baylor University, said: "Amazingly, companies that run their own web server do not always know what is running on it. An unskilled developer can easily write a web application with a vulnerability that exposes the company's entire network to malware."


Keep up with the latest business news from the region with the Emirates Business 24|7 daily newsletter. To subscribe to the newsletter, please click here.


  • Twitter
  • submit to reddit
comments powered by Disqus

Editor's Choice




How do you plan to contribute towards the ‘Year of Giving’?

Most Popular

In Case You Missed It ...

eSuggestion eComplain eComplain eSuggestion

Emirates 24|7

Your Feedback

Are you satisfied with your browsing experience?

Happiness Meter Icon