Hacking is now a “big business,” often financially backed and operated by organized multi-national crime rings, with operations spanning multiple countries and even continents. Their value proposition is amplified by the interconnected nature of today’s environment along with the increased propensity of individuals sharing personal information online via social media and blogs.
The estimated annual cost associated with global cyber-crime is $100 billion and the global cyber security market is expected to grow to $120.1 billion by 2017. However, a survey by the National Cyber Security Alliance found that 77% of small and medium-size businesses believe they’re safe from hackers, viruses and malware even though most of them take no formal measures against cyber threats. Also, many larger organizations only allocate a fraction of their IT dollars on measures that protect against cyber threats. The recent attack on the New York Times website is a reflection of how many organizations are vulnerable to cyber-crime.
In this two-part blog post, we’ll take about how modern criminal hackers work and how you can protect yourself.
Motives for hackers range from personal to political but a significant portion is financially driven where the cyber-criminal modus operandi includes:
- Data theft (identity, credit cards, etc.)
- Extortion (denial-of-service, blackmail, etc.)
- Malware distribution (drive-by-downloads, etc.)
The market where these cyber criminals engage and interact is typically not a physical market, but a virtual underground market sometimes referred to as the Internet Black Market. This is where they buy, sell, barter, or trade for pieces of you including your name, address, social security number, date of birth, answers to security questions, credit card information, passport information, and more. Every attribute has an intrinsic value and the more complete the information the higher the return criminals expect to gain. Identity data is then used to either establish a fake (synthetic) identity or re-use someone’s real identity as part of the fraudulent transaction.
If data represents the what, then crimeware represents the how. Crimeware is a class of malware designed specifically to automate cybercrime which is also readily available on the black market. Malicious code, key loggers, web attack toolkits, botnet kits, phishing kits, and a myriad of other tools are all available for download and immediate execution. These tools reflect a greater need to protect your identity with more than just passwords – here is a recent article on password protection and layered security.