Internet attacks increasingly driven by profit and crime

That’s the warning from the Information Security Forum (ISF), which suggests that attacks are increasingly designed to steal valuable and sensitive information or customer data for financial gain. Many criminal networks even place sleepers within organisations to provide inside knowledge and access, it says. “It’s not dissimilar to the process of robbing a bank,” says Nick Frost, senior research consultant at the ISF. “The difference is that this cybercrime is more sophisticated and harder to trace. Most attacks are able to circumvent generic security controls, while anti-forensic techniques are used to remove traces, such as deleting system logs, and advanced attack kits, such as Limbo 2 Trojan are available online with non-detection-warranties.” He explains that there are usually five phases. First is reconnaissance to identify targets; then development to plan the attack and write malware; next extraction of the data; the exploitation by advertising and selling stolen information; and finally laundering of the profits. “Most organisations do not have the necessary controls in place to deal with these attacks and the financial profits from successful breaches are simply used to fund more sophisticated and malicious attacks, creating a vicious cycle,” warns Frost. “To reduce the risks, organisations need to focus on three key areas,” he addst. “Fundamental security measures, such as patch management and access control, need to be strengthened, along with often underutilised controls, such as analysing event logs and implementing network sniffer tools. “But in addition, organisations should consider using third parties that monitor hacking forums to understand who is being targeted, the types of information in demand and current developments of sophisticated attack kits.”