Hacker ecosystem evolves

I am shocked - shocked! - at reports that the Chinese military has penetrated foreign government networks. What kind of a low-down, sneaky military would do that‾

In an amazing coincidence, the news was leaked just as the Chinese leader was due to meet his German and US counterparts.  Just as eyebrow-raising, the Chinese government denied it had engaged in any hacking at all. After a few days, it discovered that it too was a victim!
The government hackers at least give each other a purpose in life.

Now here's something really unexpected: a security company has discovered that internet threats are rising.

Unlike the military hacker threat, the threats revealed by the bi-annual Symantec survey are genuine and it seems verifiable. Symantec reports the emergence of a whole commercial criminal hacker ecosystem. Criminal gangs are selling hacking and phishing toolkits that do everything from providing corporate logos to software for managing stolen credit card numbers.
The prominent early example of this the Mpack, a toolkit widely sold in the underground economy since early this year for about $1,000. Symantec says its reliability and robustness indicates it was professionally-developed.

MPack - which is also a good example of the growing number of coordinated, multi-stage hacks - enables attackers to install malicious code on computers. They can then 'monitor the success of the attack through various metrics on its online, password-protected control and management console,' Symantec said.

The report also points to the growing number of 'underground economy servers' used by gangs to buy and sell stolen information - usually personal ID data, such as government IDs, credit cards and PINs.

Credit cards and bank accounts were the items most frequently advertised for sale on these servers, accounting for 43% of all listings. Credit cards are being sold for anything from 50 cents to $5, and bank accounts up to $400.

Most of this - both the host servers and the stolen data - is US-centric. However, Symantec says attackers are also developing a regional focus.

For example, the higher incidence of Trojans in the US is probably a result of the better perimeter protection by US enterprises and ISPs. A worm spread by an Indonesian language email is common to both Indonesia and India because of the strong business ties between the two countries, Symantec believes.

Lack of experience

The US is the country of origin of most attacks on Asian computers, accounting for 29% of all attacks, followed by China (18%) and Japan (9%). The high US figure is in part because it has the highest number of broadband connections -- about 20% of the world's total. China has approximately the same number, but Symantec speculates that Asian computers are an attractive target because they tend to be less well-protected.

China also had the biggest number of bot-infected computers - 78% of the Asia total, up from 71% a year ago.

Symantec said the incidence of bot infection is probably related to the level of broadband penetration and users' security awareness. Fast-growing China has the worlds' largest number of new broadband users, providing the combination of big numbers and inexperience that it irresistible to hackers and fraudsters.

 

Chinese computers account for 42% of malicious activity in the region, but also were the target of 74% of DOS attacks. (Sri Lanka generated the most malicious activity per user, followed by Bangladesh and Taiwan.)

The other emerging trend is the growth in multi-stage attacks. These typically begin with a benign, low-profile penetration from which subsequent attacks are launched - typically, taking the browser to a web page containing malicious code, or downloading a keystroke logger.  Most of these attacks are aimed at gaining access to personal data for the purpose of financial fraud.
For the record, the Chinese attacks on western government networks, as claimed by the Pentagon, were multi-stage, taking place over several months.

As to whether that was the PLA, or Chinese gangs, or US gangs pretending to be Chinese, or US cyber-war fighters channeling the PLA, or the PLA sowing confusion by feigning to be foreigners trying to be the PLA, no one knows - possibly including the PLA. 

Let's hope none of them has left their credit card details online.

Suggested Articles

Wireless operators can provide 5G services with spectrum bands both above and below 6 GHz—but that doesn't mean that all countries will let them.

Here are the stories we’re tracking today.

The 5G Mobile Network Architecture research project will implement two 5G use cases in real-world test beds.