During Kaspersky Lab’s annual Security Analysis Summit held in Budapest, Hungary, the Enterprise and Online security experts focussed on cyber-criminals and where their riches come from – often at very low risk to the perpetrators.
Stefan Tanase, Senior Security Researcher at Kaspersky Lab’s Global Research and Analysis Team for Eastern Europe, Middle East and Africa explained that cyber-crime works roughly on three levels. “It becomes increasingly difficult to reach the brains of the operations, as they are usually hidden behind many layers in the operation,” he told delegates.
The most common structure for cyber-crime is:
The coders are very skilled in what they do, and are the ones responsible for creating malware tools. According to Kaspersky Lab, it is a pretty good guess that coders are from countries that have a good educational system but don’t have opportunities to use their skills productively. Coders create the tools used in attacks, and sell these tools to other cyber-criminals. Coders don’t go to jail, as they only make the tools and don’t use them.
The cyber-criminals are the ones that can connect the dots in the system. They buy the malware tools on underground markets and trading spaces, and possess the skills to put everything together in order to carry out their attacks. Criminals are often willing to take most of the risk in their operations.
The last part of the cyber-crime circle is the end-user victim. Victims are used as scapegoats for operations as malware from coders are often used to access the victim’s internet connection and load infections. They are also used as exit nodes in large botnet networks.
Cyber-crime is a huge business and most malware coded today are financially motivated. Trojans and Worms created by coders are programmed to collect and upload information to a Command and Control server. Criminals then convert this data into readable format before trading it on underground markets. “Cyber-crime has become very complex today as there are so many people involved,” Tanase said.
But how do end-users become involved in the world of cyber-crime? While they don’t usually realize it, Tanase explained, “most of the ‘Work From Home’ offers found in classifieds often trick people into thinking that they have legitimate jobs, but they are actually illegal as they are just used to move funds for criminals from one account to another – so it’s really money laundering.”
At the end of the chain where the money eventually stops, is the kingpin. “It’s a very profitable business and low risk to them as they have the coders and the criminals doing the actual work for them,” Tanase said.
According to Tanase, cybercrime is becoming very profitable and Cryptocurrency (such as Bitcoin), is now widely used in cybercrime as the monetary system is virtually untraceable.
“Cyber criminals are fully embracing Bitcoin that the moment. We are seeing a huge increase in malware that steals Bitcoin wallets or steal PC power to mine Bitcoins. 20% of malware are Bitcoin wallet stealers, and there is one Bitcoin malware for every 3 other pieces of malware,” Tanase explained.
He added that it is extremely easy for them to make money, and users don’t realize just how easy it is. There is one thing that motivates them: they make more money by making threats and viruses. The malware is either stealing money directly by accessing your account, or by providing services to other criminals by using your computer as a mule.
They steal money directly from thousands of users using botnets to steal Credit Card numbers and account information – “it’s like pickpocketing thousands of users”.
Awareness is key- “There needs to be more awareness. I don’t think the awareness that we are doing is working, but that doesn’t mean that we need to stop. If we stop, it will become worse than it is now.”
Tanase added that banking malware is also on the rise, and stressed that Authentication does not mean a secure transaction. The Two-Factor authentication used by many banking institutions are sufficient but banks need to do more.
When a computer becomes infected, the malware installed on the machine has the same rights as the user. “The situation has gotten worse over the last couple of years since the Zeus code leaked in 2011 – it is the main malware to blame for these cyber-attacks for financial gain. It uses web injections and remembers all the “Remember Password” settings. It spreads through Social Engineering and software exploits,” he explained.
Tanase concluded by saying that malware is no longer just about Windows, it fast is becoming an Android and iOS problem as well.
Charlie Fripp – Consumer Tech editor