The security landscape has changed markedly during recent years. In the past, malware creation was primarily the domain of pimply-faced teenage malcontents intent on earning a reputation; today, malware has evolved into crimeware it's created by organized criminals intent on earning a buck. The malware industry has, to put it simply, become commercialized. Like other software, malware can now be bought online and tools such as MPack mean that coding is no longer as essential skill for a wannabe hacker, the profession has become open to one and all.
And now we're witnessing the next step in the evolutionary process: crimeware-as-a-service (CaaS). To launch an attack, it's no longer necessary to go to the trouble of purchasing and configuring a malware kit and then attempting to poison web servers in order to compromise end-user systems. Instead, a criminal can simply subscribe to a CaaS service - the service provider will do all the dirty work and the purchaser will be provided with a distilled feed of whatever information has been ordered (banking details, credit card numbers, etc., etc.). This C2C (criminal-to-criminal) business model means that it's now easier than ever to steal information.
So, the stakes have been raised. Yesterday's hackers wanted to disrupt your operations whereas today's want to steal your data or money or both. Crimeware can be enormously profitable. The fact that there is so much money up for grabs coupled with the increased accessibility of crimeware kits and services is almost certain to drive an increase in the number and frequency of attacks.
Too many smaller businesses are somewhat complacent about security - "Hey, a hacker would be more likely to go after the Bank of America than me, right?" Wrong! Hackers will gor for the softest and easiest targets and, unfortunately, that tends to be small businesses which usually do not have the same level of security as their counterparts in the enterprise-space.
What does this mean for you? Simply that if security hasn't been one of your priorities, it needs to become one. The articles in this channel provide a wealth of information as to how to secure your systems against today's sophisticated cybercriminals - so start reading!
Published
by
Brett Callow
(4,676
pts
)
on
May 23 2008, 03:00 PM
to
Computer Security Blog