Bank Systems & Technology is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them. Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.


03:08 PM
Connect Directly

Study: Cyberattacks Initiated by Professional Criminals

More than half the cyber-attacks conducted in 2004 were carried out by criminals interested in only one thing: money, a security intelligence firm said.

If money is the root of all evil, then hackers are evil incarnate. According to a security intelligence firm, more than half the cyber-attacks conducted in 2004 were carried out by criminals interested in only one thing: money.

iDefense, a Reston, Va.-based supplier of security intelligence to both corporations and government agencies, delved into its private database of more than 100,000 malicious code attacks to publish analytical findings publicly for the first time, said Ken Dunham, the company's director of research.

Using that database, iDefense tallied a record 27,260 attacks in 2004. Over 15,000 of those, or some 55 percent, were specifically designed to covertly steal information or take over computers for criminal purposes, including identify theft and fraud, said Dunham.

"We counted over 9,000 backdoors alone," said Dunham, the component now dropped by most mass-mailed worms to allow hackers later access to compromised machines.

"This is a business," said Dunham, "with organized criminal groups around the globe continuing to mobilize resources to develop, sell, and launch Internet attacks."

Among the ways these crooks are making money, iDefense's analysis showed, are swiping credit card and bank account data, then selling them based on a tiered-value system where platinum-grade cards, for instance, are priced higher, with a corresponding higher attack ratio against targets to acquire those kinds of cards.

Other money-making schemes include assembling networks of infected machines to send spam, launch follow-up malicious code assaults, or threaten denial-of-service (DoS) attacks to extort payment from Web sites.

This criminalization trend exploded in 2004.

Last year, the number of attacks with an IRC (Internet Relay Chat) component skyrocketed by 1000 percent over 2003, Dunham said. Malicious code attacks that utilize IRC typically automatically collect data--including personal financial information--and send it to the hacker's private chat space, where he can process, filter, and analyze the data.

Attacks using a backdoor or relying on other remote access tricks to infiltrate a system also jumped during 2004, and showed a 420 percent increase over the previous year.

"Organized crime rings capturing personal information for fraud and extortion activities are a driving force in the growth of malicious code threats," said iDefense in a statement. "Unlike 'phishing' attacks, where users are tricked to provide personal financial information, these approaches are often unseen by the victim."

And even the attacks that make the media are only the tip of the iceberg, said Dunham. "There's a huge number of obscure little 'bots that are attacking specific enterprise networks. Bots, which are a low-level blip on most people's radars, are shooting through the roof."

The future looks grim, said Dunham, with more and more attacks motivated by money. "We saw an exponential increase last year, and I see no evidence that that's slowing." He cited the recent weeks' attacks by a large number of P2P and instant messaging worms--including Bropia and Kelvir--as proof. "We're seeing an incredible number of multiple variants, all launched in a very short duration."

iDefense also found that quantity wasn't the only thing increasing in malicious code. Attacks are now much more likely to breach traditional defenses such as firewalls, anti-virus software, and intrusion detection tools.

"With literally hundreds of Trojans out there, some used to attack only one company's network, AV vendors can take days, weeks, and even months to do analysis and produce a defensive signature. Like any company, AV firms must strike a balance between profitably and resources," Dunham said.

iDefense may release other reports based on its accumulated attack evidence, which Dunham described as analogous to a law enforcement agency's fingerprint system.

"We want to know the heartbeat of the [hacker] underground," said Dunham.

And by the numbers, it seems that heart beats to the tune of a cash register.

Comment  | 
Print  | 
More Insights
Register for Bank Systems & Technology Newsletters
Bank Systems & Technology Radio
Archived Audio Interviews
Join Bank Systems & Technology Associate Editor Bryan Yurcan, and guests Karen Massey and Jerry Silva from IDC Financial Insights, for a conversation about the firm's 11th annual FinTech rankings.