Online Criminals Move On To Corporate Espionage
from the plain-old-phishing-doesn't-pay dept
One of these days, someone will do a fascinating study or book on the evolving nature of online crime. It’s a constantly changing phenomenon that would be quite interesting to study. A few years ago, we noted that the ease with which script kiddies could jump into the phishing and online extortion market meant that margins were getting squeezed for older online organized crime groups who had focused on such practices in the past. Apparently, the big money now has moved away from standard phishing and into corporate espionage. Organized crime groups are figuring out ways to hack into company networks, suck up as much data as possible, and then sell it off to the highest bidder — whether it’s competing firms or foreign governments.
Filed Under: corporate espionage, cybercrime, espionage, organized crime, phishing
Comments on “Online Criminals Move On To Corporate Espionage”
technology grows, cybercrime grows
It seems the more I read about growing online or technological trends, the more I see about cybercrime trends. We’re all concerned about phishing – and it’s almost become second nature to some people to avoid spam-like emails but now how do you spread the word about Spear-Phishing and Vishing and all the other new attacks that lurk about?
The only thing we can do is diffuse the importance of being vigilant. I work for Passpack, which is an online password manager – we try to make it so that ‘the highest bidder’ has nothing to bid on anymore.
Here is a quick post on how privacy is evolving:
http://tinyurl.com/43m5s7
Louise
The key to understanding
The key to understanding crime generally, and the evolution of crime, is to appreciate it as a biological phenomenon. In this sense, criminals are parasites. Not just metaphorically, but in a very literal sense.
Any biological system that has input of energy, transformation of energy and output of energy, has the potential to be parasitized by organisms that exploit weaknesses in the system’s defenses.
This is not to justify crime or to say we shouldn’t fight it. Of course we should. But it behooves us to appreciate that with any new system that we devise, new ways of feeding from it will emerge.
Ha
And while everybody else gets all of the knowledge of how stuff works, America continually falls farther behind thanks to copyright and patent laws. News at 11 …
Thank you for blogging this. For about seven years now I’ve been following the trend of malware writers using non-signature Trojans in spear phishing attacks. Anti-virus software is completely ineffective against this business model. If you are not running HIPS and application control on your desktops, you are going to get whacked.
The future of fighting fraud
Check out this BBC article on cybercrime
http://news.bbc.co.uk/2/hi/technology/7729218.stm
Bruce Potter called this years ago
BP (from the shmoo group) talks about the spectrum of security threats, and how highly automated attacks by individuals or small groups with relatively low skill levels (viruses, trojans, etc.) are largely ineffective thanks to signature based tools like AV and IDS/IPS and therefore represent the low end of the threat spectrum.
the middle of the threat spectrum is represented by more specialized and targeted attacks (spear phishing, rootkits, malware, bots etc.) by teams of skilled programmers. this is the current state of the art for information security professionals. these teams require funding and recruiting and are probably backed by a corporation, criminal organization, or nation state.
the high end of the threat spectrum is the insider: a person with varying levels of security clearance and physical access. in the industry this is largely ignored or written off as detecting and defending against these attacks are not feasible if not impossible.
The Weakest Link
The weakest link in any organisation is always going to be at the point of interface between man and machine.
There’s no shortage of information out there on how to protect data and the key remains awareness, regular training and re-training.
In relation to data security and integrity my company, http://www.systeminterfacesolutions.co.uk, is dedicated to three words once coined by Tony Blair, ‘education, education, education’ – the difference is that we mean it.