Skip to main content

ISF warns against the rise in profit-driven attacks

Staying with the organised crime theme today, I was interested to see the ISF (the Information Security Forum) noting that profit-driven attacks are increasingly replacing random individual hacker attacks.

The Forum reckons that this new type of attack - which is designed to steal valuable and sensitive information or customer data for major financial gain - is being orchestrated by criminal networks that bring together specialist skills and expertise.

Many networks, the Forum claims, even place sleepers within organisations to provide inside knowledge and access.

According to the ISF, profit-driven attacks have five phases:

Reconnaissance to identify targets;

Development to plan the attack and write malware;

Extraction of the data;

Exploitation by advertising and selling stolen information; and,

Laundering of the profits.

Normally, there is a different person or team running each phase, often operating from different parts of the world, making it extremely difficult to track and trace.

Each group takes a slice of the profits with the criminal ringleaders reaping the largest rewards - that can run into millions.

"It's not dissimilar to the process of robbing a bank," said Nick Frost, senior research consultant at the ISF.

"The difference is that this cybercrime is more sophisticated and harder to trace. Most attacks are able to circumvent generic security controls, while anti-forensic techniques are used to remove traces such as deleting system logs and advanced attack kits such as Limbo 2 Trojan are available online with non-detection-warranties," he added.

According to Frost, most organisations do not have the necessary controls in place to deal with these attacks and the financial profits from successful breaches are simply used to fund more sophisticated and malicious attacks, creating a vicious cycle.

So what's the solution?

Frost says that, to reduce the risks from profit-driven attacks, organisations need to focus on three key areas.

"Fundamental security measures such as patch management and access control need to be strengthened, along with often underutilised controls such as analysing event logs and implementing network sniffer tools," he said.

"But in addition, organisations should consider using third parties that monitor hacking forums to understand who is being targeted, the types of information in demand and current developments of sophisticated attack kits," he added...