Friday, February 5, 2010

Cyber Crime and its Killing Ground: The Social Networks

How do you feel when you start to log-in to your internet banking site? Does it feel like you are entering a secure and safe environment, fully protected from the slings and arrows of outrageous criminal scammers?

Or, does it feel more tentative, like a bold Leap of Faith, a step into the unkown where one slip will bring your whole world crashing down?

Cyber crooks are rigging Social network sites with booby-trapped blog commentary, chat rooms, email messages and websites, according to a Websense report released Thursday.

Analysis of online threats during the second half of 2009 showed that 81 percent of email was rigged to deliver "malicious" code and 95 percent of comments posted to blog or chat forums were spam or links to nasty payloads.

SEO
Search Engine Optimization (SEO) poisoning attacks were a favoured tactic, piggybacking on hot topics such as celebrity deaths or major disasters to lure people to websites designed to infect computers.

"It is pretty scary," said Websense security research manager Stephan Chenette. "Attackers have been moving in the same direction as Bing and Google with real-time search results."

The rival Internet search engines have been improving results pages to feature fresh content such as Twitter posts in real time.

Botnets
Hackers use armies of infected computers referred to as "botnets" to host a plethora of bogus websites and swiftly lift links high into Internet search results based on hot topics at any given moment, Chenette said.

"They use botnets nowadays to give them control over search engine rankings," Chenette said of hackers. "The are jumping on the band wagon of any big event; at a drop of a dime they can instruct botnets to run websites and raise those links high in searches."

Malware
Websense found that 13.7 percent of the time trick websites rigged with "malware" were included in the top 100 results for searches conducted using words from Yahoo! Buzz or Google Trend hot topics tracking services.

"Attackers are following every real-time event that is happening and changing, minute-by-minute, their rankings in Google search," Chenette said. "Attackers are as real time as any real-time search engine."

Threat Seeker Network
Websense gathered its data from a Threat Seeker Network that every hour scans more than 40 million Web sites for malicious code and nearly 10 million emails for nefarious content.

Scareware
A popular malicious payload is a "scareware" program designed to frighten people into paying to fix computer problems that don't exist.

Viruses
Computer viruses also typically install code that lets hackers commandeer control of machines, adding them to botnets.

The number of malicious websites more than doubled from the second half of 2008 to the same six-month period last year, according to Websense.

Trusted Websites
Making matters worse, hackers are also increasingly planting viruses on websites people have grown to trust.

Approximately 71 percent of the websites found by Websense to have malware were legitimate websites that had been compromised without the operators knowledge.

"It's almost as if you can't trust the sites you know," Chenette said. Hackers are also combining tactics.

For example, recent cyberattacks on some 30 firms including Google combined using trick emails and malicious software to invade company systems.

Summary
The cyber criminals are not going away, they are improving and refining their techniques and technology. The price of freedom on the internet is still vigilance in the form of virus checkers and firewalls but the most important thing is good inside information and intelligence.

Keeping up with the threats and attacks can be very difficult and the best way forward for individuals and companies alike is to stay informed. You can receive updates and alerts from the good guys via a number of 'safe' sites but remember that 'safe' is a dynamic concept in the virtual world.

Treat it like a military operation;
  • establish a good strategy - put some forethought into what you are trying to achieve
  • stay informed - Establish a good incoming stream of intelligence
  • stay alert - post sentries by using your local or regional network of contacts
  • seek consensus - Early adopters are the most vulnerable to scams. Never be the first to get conned.
  • learn from others' misfortunes - Do some forensic checking after events
  • build your barricades high - Put the better tools in place; Virus checking, firewalls, malware detection, etc
The key to countering the cyber criminals is to use the very same social network that the criminals are trying to penetrate. You must prepare to position your defense before you can defend your position.

Comments and feedback on your own experiences are always welcome.

No comments:

Post a Comment