Cybercrime
How does the cybercrime industry work?
Malware or viruses adopt different formats and carry out increasingly sophisticated attacks that are difficult to identify.
The aim can be to obtain personal data, encrypt files and then demand ransom, or simply to cause discomfort for a while.
Smart devices of all kinds, such as cell phones, computers, surveillance cameras and connected vehicles, are being attacked.
It is estimated that one and a half million people in the world fall victim to a computer attack every day.
According to information published at the Eset Forum specializing in cyber security, this year alone around 49% of companies have been infected by malware; 15% have been victims of phishing and 16% of ransomware in the Latam region.
The data comes from a survey of more than 4,000 companies in Latin America. Did you know that cyber attacks can also be measured in economic costs?
Behind these crimes there is not one hacker, not two, not three. There is a whole industry that works in a network. So it's a network that moves on the dark web, where many of the jobs are charged in cryptocurrencies.
At the lowest level of the pyramid is the script kiddie. A derogatory term to describe those who use other people's programs or scripts to breach systems.
They don't develop malware, but use files or data obtained from forums or by other means to carry out their attacks.
At a more advanced level are hackers with some technical knowledge.
Some even have a degree in computer science. They, for example, are in charge of publishing exploits. These are programs that take advantage of a security hole in an application or system.
In fact, there are companies like Zerodium that buy exploits to develop security solutions based on this information.
The illegal way of selling data to cybercriminals who use it to carry out attacks.
The price varies greatly depending on what is on offer. On the black market, executables can cost 50 dollars. But a source code can be worth as much as 500 or 1,000 dollars, according to Eset's malware researcher.
When it comes to the exploit market, it's focused on day zero, which are the vulnerabilities that aren't fixed.
It's a smaller market than you might think and generally doesn't target the average user because a zero day takes time to make.
Antivirus exploits cost around $40,000 and those for Apple's operating system reach $1.5 million.
Botnets are also rented out for between $170 and $350 per hour to send spam or carry out DNS attacks such as the one that occurred at the end of 2016, leaving the world's main websites without service.
Botnets are usually armed, the market is more about building tools that allow them to infect quickly and with vulnerabilities that are already known.
They are not people who work alone, but in networks, where there is a whole infrastructure, including technical support and marketing, to sustain this cybercrime industry
The tool itself can be used for good or bad. I work for a company that develops vulnerabilities.
These are sold and used to carry out penetration tests where there are modules to attack and which are used by companies to test their own security.
With which we should not target the developers of vulnerabilities, but those who use them maliciously, the code itself is not the problem.
What is defacement?
Defacement or simply deface, as it is popularly known. It is the act of disfiguring the appearance of a website, usually with the aim of conveying an activist message.
Commonly considered a kind of electronic pixação, the practice has become increasingly common among the hacktivist scene. But it's a bit of a challenge to pinpoint when this art was born or when the term was coined.
Most of the time, a deface does not result in the theft of sensitive information, nor does it cause serious disruption to the affected system. Therefore, the person responsible for the victimized page can reverse the changes within a few minutes.
To do this, criminals often exploit loopholes in the site's coding, taking advantage of vulnerabilities in the web server on which it is hosted. In other words, they can even steal passwords from systems like WordPress to edit the homepage manually.
We can divide the hacker defacers who specialize in this practice into two main groups. Firstly, the vandals, who simply do it for fun or to leave their mark on a high-traffic website.
Hacktivists, who do so with the aim of protesting against government policies or showing support for a specific social cause.
The practice of defacement is so common around the globe that there is even a website dedicated to storing mirrors of defaced sites.
Like Zone-H, created in 2002 in Estonia and which compiles defaces by the nickname of the hacker responsible for the graffiti.
All the deeds submitted to the platform are checked by an internal team which, on validating the intrusion, adds that domain to the cybercriminal's CV.
Cybercrime: 5 most used attacks
Stay tuned, because now you're going to discover with me the most common cybercrimes in the world.
Phishing attacks
Although it is a well-known attack and has been used for years, recent propagation campaigns have new features. For example, phishing sites now use security certificates.
Around 35% of the phishing attacks recorded were hosted on sites with the HTTPS protocol.
A figure that represents a significant increase compared to almost 5% of cases of counterfeit sites with SSL certificates.
One of the possible reasons for this increase is due to recent changes in web browsers.
Google Chrome, for example, has been identifying sites that use HTTP as "Not Secure" since July of this year.
On the other hand, the initiative of some certification authorities to issue certificates free of charge has allowed more sites to have security certificates. So this includes fraudulent sites.
It's important to mention that phishing campaigns have started to use alternative propagation routes to traditional email. Such as messaging apps, in an attempt to reach more potential victims.
At the same time, these malicious campaigns also include homograph attack features. This makes it more difficult for users to identify apocryphal sites.
Therefore, the security practices that were previously recommended in relation to phishing are still valid. Although they are no longer sufficient, due to the new characteristics of this type of attack.
Now it's not enough to check the URL, the security lock or the use of HTTPS. It would also be a good idea to check the common name of the site in the security certificates, to compare it with the domain of the site in question.
Crypto Jacking
It's a threat that we began to identify at the beginning of August 2017, the principle of which is to hijack the processing capacity of a third-party computer. In short, it's all about making money from cryptocurrency mining.
One of the ways of infecting devices is through scripts that are executed in the user's browser. In other words, all the user has to do is visit a website that contains the code for their processor to be used to mine a cryptocurrency.
Crypto jacking is illegal when the user's processing resources are used without their consent.
Malware
Malicious codes continue to be one of the main threats, although they are also used to carry out attacks. Furthermore, according to Security Reports, malware infections are the main cause of incidents in Latin American companies.
ESET Research Labs receive more than 300,000 unique malware samples every day. This gives an overview of the problem.
Especially when we consider that threats of this type are developed for practically every operating system in use today.
To give another example, ESET's laboratories identify, on average, around 300 Android malware samples per month.
Cyber extortion
A number of scams have appeared circulating by e-mail with the aim of deceiving users by supposedly obtaining information that compromises them.
In several of these campaigns there was a specific element, such as specific information, that made the user believe it wasn't a prank.
One example is the campaign in which cybercriminals sent an email with the user's password as part of the subject line. All in an attempt to prove that they had their personal data and that the extortion detailed in the text of the email was real.
It is estimated that this particular campaign raised around half a million dollars.
Another example of this type of scam had the peculiarity that the email reached the user from their own account. This led to the assumption that the attacker had access to the potential victim's account.
Through an intimidating message, the attacker made the user believe that he had their data. He asked for a payment in Bitcoins so that he wouldn't reveal the data he supposedly had.
Recently, more campaigns with the same mode of operation have been identified and, although it seems hard to believe, they continue to be effective for attackers.
Exploitation of vulnerabilities
Finally, the last type of attack considered in this presentation is related to the exploitation of vulnerabilities. It is therefore a method commonly used by attackers, with some interesting data to review, such as that presented below.
In this context, the exploitation of some vulnerabilities is also on the rise. For example, the detection of Eternal Blue, an exploit used during the spread of Wanna Cry, is increasing.
Ransomware and other types of malware try to take advantage of vulnerabilities in outdated systems. So always stay alert.
New attacks and new features in known attacks
After reviewing some of the characteristics and data of attacks that have been identified frequently in recent months, it is important to clarify two points.
Firstly, it's only a small number of attacks in a wide range.
The second issue to consider is that in none of the cases were the terms threat and attack used synonymously. However, in some of the points reviewed in this publication it is possible to identify that they can play both roles.
Both threatening and attacking.
An attack is an attempt to destroy, expose, alter, disable, steal or gain unauthorized access to an asset. While a threat is defined as the potential cause of an unwanted incident, which could result in damage to a system or organization.
In this sense, the elements described above can be classified as threats, but they can also be used as a form of attack.
Finally, it is important to highlight the way in which computer threats are evolving and the various attacks that seek to compromise assets.
That's why, from a security point of view, the use of protection technologies and the application of good practices. Finally, the constant task of being informed about what is happening in the field of cyber security.
How to prevent
The privacy risks that arise when adequate precautions are not taken are often unknown. Therefore, awareness and education on this subject are essential.
According to studies, 21% of users tested ignored active phishing warnings in their browsers.
Meanwhile, a study by Microsoft Research estimates that 0.4% of Internet users enter their passwords on verified phishing sites.
As a basic precautionary measure, it is advisable to have an antivirus installed, a firewall and to make regular backups. However, only half of Latin American companies have these three solutions in place.
And if you want to have more knowledge to prevent or work in cybersecurity, you can start with the Acadi-TI/EC-Council CSCU.
Conclusion
What did you think of learning more about cybercrime? We need to prevent it. And therein lies a great opportunity to develop a highly lucrative profession.
With this knowledge you'll be a professional who earns thousands of dollars a month and will have your linkedin buzzing with opportunities because cybersecurity is the fastest growing area in the world.
So conquering your high professional and financial performance will change your life!
And if you want to be part of the elite of the cybersecurity market, join us and come without an Acadian.
