[LINK] Crimeware - going to Number One with a Bullet

[Stephen Jenkin]

These quotes are O/S agnostic. There's a crime wave out there on the Wild
Wild Net :-)  Try not to get yourself targetted...

In AusCerts' 2005 ACCSS (Aus. Computer Crime and Security Survey)  p24
"Cyber attacks motivated by illicit financial gain rising in volume and
sophistication", they mention that the hackers turned 'pro' at the end
of 2004. [not sure who said that]

>From p22 ACCSS 2006, "This activity is characterised by a substantial
increase in trojan attacks for the purposes of facilitating identity (ID)
theft and illicit financial gain and a corresponding reduction in serious
virus and worm outbreaks. Increasingly, as part of these attacks, rootkits
or trojans with rootkit functionality are becoming more commonplace."

and

"AusCERT assesses the decline in large scale indiscriminate worm and virus
attacks is due to a change in motivation by many attackers. The desire for
illicit financial gain is driving the production and release of malware
that is aimed at stealing online access credentials (username and
password) and other personal information. It is also driving the
compromise of large numbers of computers to create botnets, which can then
be sold, used to facilitate distributed denial of service (DDoS) extortion
attacks, to support online ID theft attacks or to distribute spam"

Which leads to current time:-

>From SANS @RISK, Vol V, Iss. 32 [14-Aug-06]

<http://www.sans.org/newsletters/risk/display.php?v=5&i=32>
"The huge number of critical new vulnerabilities disclosed by Microsoft
on Tuesday *do not* appear to reflect increased failures by their
development process.  Instead, the numerous discoveries of Microsoft
programming flaws are a result of the recent upsurge in organized
criminal hacker activity that has already shown up in 450% increases
in bank losses due to cyber fraud (since the first half of 2005),
broad penetration of US government (and other governments') computers
as well as those of military contractor systems. The number of people
engaged in cyber crime as a full-time "profession" in Eastern Europe
and, especially, in Asia is skyrocketing."

>From SANS Newsbites, Vol VIII, Iss 64 [11-Aug-06]
<http://www.sans.org/newsletters/newsbites/newsbites.php?vol=8&issue=63>

"This was probably the biggest week in history in terms of public data
breaches. That's just the tip of the iceberg. The big banks are reporting
5 to 8 fold increases in losses to cyber fraud. Federal agencies and
government contractors are finding systems all over that have been
penetrated with root kits and very sensitive data stolen. cyber crime is
increasing at an increasing rate because it is profitable and because it
provides nation state advantages. Many companies are trying to fight back
by buying security tools and praying nothing happens. That is foolhardy at
best and criminally negligent at worst. Their people cannot ensure a
perimeter is secure, cannot find a malicious network trace; cannot run
hacker tools to find weak penetration points; cannot harden a Windows or
UNIX system. It's embarrassing how easy we make cyber crime."


Steve Jenkin, Info Tech, Systems and Design Specialist.
0412 786 915 (+61 412 786 915)
PO Box 48, Kippax ACT 2615, AUSTRALIA

sjenkin at canb.auug.org.au http://www.canb.auug.org.au/~sjenkin