Cyber crime is no longer the exclusive domain of nerds with advanced coding and hacking skills. Thanks to simple and affordable, DIY downloadable crimeware, even novices can jump into what has turned into a global industry.
This is a far cry from the days when hacks were motivated more by the thrill of the kill than monetary gain, with even Steve Jobs and Steve Wozniak (Apple’s co-founders) allegedly on their rolls. It’s in the last decade, with the widening reach of the internet, that cyber crime turned virulent, as viruses like Melissa and I Love You clogged inboxes and spawned a multi-billion-dollar anti-virus software industry. And now, with the DIY attack kits, cybercrime is evolving into an extremely profitable, distributed global entity.
These malware toolkits aren’t just professional, marketable, and easy to deploy, they’re even being sold on a subscription model with after sales support.
Mpack, Neosploit, ZeuS, Nukespoilt P4ck, Phoenix … there’s an array of choices for script kiddies (those with minimal coding skills). “These kits come with features like encryption and hardware-based licensing, which one would find in enterprise-grade software,” says cyber sleuth Prasanna V, principal consultant of information security with Packet Verify. They enable users to launch pre-written threats against computer systems, and also customise them.
The United States, Russia, China, the UK, Germany, Brazil and Eastern European countries like the Ukraine are considered the hotbeds for development of such kits, and the damage they’re causing is already evident. According to a report by Symantec Corp, there was a 93% increase in web-based attacks in 2010 compared to the previous year, driven primarily by the prevalence of attack toolkits.
The modus operandi:
Most of the toolkits share a few common behavioural patterns, say Dr Madhupani and Dr Srinivas, technology experts with Cyber Security Works. “These can include capabilities to penetrate into browser processes, take screenshots of the victim’s machine or control it remotely, hijack e-banking sessions, add pages to a website and monitor them or steal passwords that have been stored by popular programs/browsers.” Users are lured through phishing websites, spam emails, download websites, freeware, or malicious codes inserted in legitimate programs.
What’s more worrying is that malware attacks from toolkits are difficult to monitor and curb because of both technological and legal factors. The cyber laws in most countries are largely inadequate to deal with the scale and reach of the crime. For example, a tool kit can enable a cyber criminal in Nigeria to spoof an Indian bank to send phishing emails to trick users in India. The network of cyber crime is spread so wide that it demands a coordinated effort by law enforcement agencies from all over the world that, as of now, is nonexistent.
On the technical side, “toolkits enable hackers to continuously generate new mutated malware variants, each targeting a different victim, making traditional discovery and fingerprinting of these threats nearly impossible,” says Ajay Goel, managing director, Symantec for India and SAARC.
On your guard:
So what can you do to protect yourself? For starters, realise that security does not start and end with an antivirus kit or a firewall, quips Prasanna. “Do not perform any financial transactions from shared systems like cyber cafes. Avoid connecting to free Wi-Fi hotspots. Scan USB before using. Stay away from suspicious websites and emails, limit the amount of personal information you give out on social networking sites like Facebook or Orkut,” he warns. “Finally, set the ‘automatic update’ option ON in all applications.”
Cyber Security Works issues another guideline: “Treat information the way you would treat your money.”
LINK TO OUR HOME PAGE :