Page 47 - index
P. 47
In recent years, SpyEye, Zeus and mega botnet Cutwail have also wreaked serious havoc.
The point is that the landscape is constantly changing in order to meet the needs of the
attackers as well as respond to the obstacles the security pros put in their way.
Introducing the Malware Kit
A decade ago, personal gratification may have been realized when spammers successfully
executed a mass email attack. But today’s objective is much more sinister and involves
money- your money.
Unfortunately, today’s cyber attackers need little training to initiate malicious threats. Once
upon a time, technical knowledge was required to create and run malware operations. But
today, malware toolkits (‘kits’) are easy to find and use on underground forums.
Malware authors make malware kits in order to make money. Kits are sold to individuals
who have the desire to commit cybercrime, but lack the ability to do so.
Most malware kits are affordable, sometimes hitting the black market for a few thousand
dollars each and then drop down to a couple hundred dollars once the newness of a
particular brand fades. Some kits even come with the added benefit of a support feature that
grants the purchaser access to the kit author so that any questions related to the kit and its
proper function can be answered in a timely manner. What’s more, some authors offer
upgrade versions so that their payloads attached to email campaigns can remain undetected
by even the most current anti-virus solution, guaranteed.
Kits are often made with novice users in mind. One simply needs to input data (such as a
victim’s email address), compose a generic email body, and give it a destination to report
back to. After that, the user clicks, “Go” and the kit will do everything by exploiting
vulnerabilities in other websites on which to host malicious code and a place to store their
newly obtained stolen private personal information.
Enter the Breach
Targeted user threats like the ones discussed above have become almost passé to cyber
criminals who are anxious for a quick score of private personal information in one fell swoop.
It appears that some of the most sought-after targets today are those that house millions of
pieces of stored data in one place. Such targets include large department stores, e-
commerce warehouses or any large entity that has credit card, password and/or other data
stored on servers that potentially lack proper storage security procedures.
The general public is quickly learning the importance of data security. Still, many
organizations fail to take heed and find themselves in the middle of a media blitz when
consumers discover that their data has been handled in less than savory manners. Such
data breaches cost much more in disaster recovery than they would have if proper security
protocol was in place in the first place.
47 Cyber Warnings E-Magazine – July 2014 Edition
Copyright © Cyber Defense Magazine, All rights reserved worldwide
