Computerworld yesterday ran a very interesting story "Hackers now offer subscription services, support for their malware" that is definitely worth a read. The story outlines how organized crime now runs selling, distribution and support of malware as any other business would with their products.
Here are some of the highlight quotes from the article:
"
""We've been seeing a growth of highly organized managed exploit providers in non-extradition countries" over the past year or so, said Gunter Ollmann, director of security strategies at IBM's Internet Security Systems X-Force team. For subscriptions starting as low as $20 per month, such enterprises sell "fully managed exploit engines" that spyware distributors and spammers can use to infiltrate systems worldwide, he said.
The exploit code is usually encrypted and uses a range of morphing techniques to evade detection by security software. It is designed to use various vulnerabilities to try to infect a target system. And many exploit providers simply wait for Microsoft Corp.'s monthly patches, which they then reverse-engineer to develop new exploit code against the disclosed vulnerabilities, Ollmann said.
"
"
While investigating a Trojan horse named Gozi recently, Jackson discovered that it was designed to steal data from encrypted Secure Sockets Layer streams and send it to a server in St. Petersburg, Russia. The Trojan horse took advantage of a vulnerability in the iFrame tags of Microsoft's Internet Explorer and had apparently been planted on several hosted Web sites, community forums, social networking sites and sites belonging to small businesses.
The server to which the stolen information was sent to held more than 10,000 records containing confidential information belonging to about 5,200 home users. It was maintained by a group called 76Service and contained server-side code for stealing data from systems -- as well as code for an administrator interface and a customer interface for data mining, Jackson said.
The front end allowed subscribers to log in to individual accounts, view indexed data and get results from queries based on certain fields such as IP addresses and URLs. Each customer-generated query had a price associated with it, Jackson said. The currency unit used on the site was WMZ, a WebMoney unit roughly equivalent to the U.S. dollar, Jackson said. A customer query returning three passwords for a small retailer might cost 100 WMZ, while a query for 10 passwords for an international bank might fetch 2,500 WMZ or more. Customers could also choose how they wanted their search results delivered -- as compressed files in e-mails or via FTP.
"
All of which points to increasingly sophisticated software, targeted at specific defense systems, being provided at low cost, with guaranteed results and in a fashion that is well supported. What chance does small and medium sized enterprises have against defending itself against this type of attack over the next one to three years? Very little, in my own opinion.
Their only realistic strategy is to assume they will be successfully breached and plan for multiple layers of stronger authentication defense, followed by the use of transaction authentication protecting their crown jewels. Then put filters on all outgoing traffic through the firewall to pick up sensitive information before it leaves the enterprise.
Guy
www.authenticationworld.com
guy.huntington@authenticationworld.com
del.icio.us