Internet Threat UpdateBad Guys Getting Better, Aiming Higher
Information Security Media Group took the opportunity to talk with Dean Turner, Director, Symantec Global Intelligence Network, about Symantec’s latest Internet Security Threat Report. He shared some of his insights re: the most important changes in the threats being seen on the Internet, and the focused threats that are specifically targeting the financial services industry and its customers.
See Also: Automating Security Operations
ISMG: What are some of the most important points for financial institutions to take away from Symantec’s Internet Security Threat Report?
Dean Turner: First and foremost, financial institutions need to be aware the threat environment is primarily dominated by attacks designed to steal or leak data or confide information, and almost all have a financial motivation behind them. The nuisance attacks or data destruction that we saw five or 10 years ago, while they still take place, they’re a pretty small segment of what we see going on.
For instance, with targeted attacks, we’ve seen that after the ‘home user,’ financial institutions are the second largest group topping the list for those attacks. When we’re talking about building security infrastructure at those institutions, they’ll want to keep in mind who is being targeted.
The methods they’re doing this through are mainly Trojans that rely on social engineering to trick people into installing them, and then there’s the rather ubiquitous phishing that is out there.
ISMG: What are some of the other threats that are being used against financial institutions. What about MPack and other toolkits out there?
Turner: MPack is such a multipurpose tool. We’ve seen it used on social networking sites for the most part. But does that mean it won’t show up on a financial institution’s website? They likely are being targeted, but financial institutions are less likely to admit that they’ve been compromised.
If you take a look at the most popular things that are being traded on the underground economy, it is clear that such things like credit card numbers and bank account numbers are the most popular things out there. They accounted for nearly 43% of all of the items we saw advertised on the underground economy.
We’re seeing credit cards being advertised from anywhere between 50 cents and $5. Bank account numbers run anywhere from $30 to $400. Eighty-five percent of all credit cards we’re seeing advertised on these underground auction sites come from U.S. based banks. If we broke it down by market share, it closely matches the market share of each of the credit card brand.
ISMG: With 85% of these credit cards being auctioned, what does this say about the security of these numbers and where they were stolen from?
Turner: Well, we need to keep several things in mind. First, financial institutions are aware that these cards are being targeted. They take some very strong security precautions to protect the information. I think it says less about the institutions, but more about the market’s supply and demand. It only takes one or two large breaches to divulge a large amount of information, for example, in the case of TJX -- more than 45 million credit and debit card numbers were lost in that theft.
The problem is you have to walk a fine line between not sounding like you’re spreading FUD (Fear Uncertainty and Doubt) or sounding like Chicken Little saying ‘the sky is falling,’ because that is certainly not the case. We don’t want to give consumers the impression that this is the case -- that they should be abandoning their credit cards or not shopping online, because it is one of the safer online activities you can do.
ISMG: What has changed out there in the online world, and what are you at Symantec finding most dangerous?
Turner: What we’ve seen in terms of the overall threat landscape is that this has become a pretty professional enterprise. Also factored into this, in terms of going after data theft and data leakage, is the use of tools like MPack. Add to this the fact that 42 % of all the phishing websites we saw out there were due to only 3 or 4 phishing tool kits. When we look at the underground economy, we know that a good MPack kit will cost around $1,000.
The Russian Business Network, (RBN) (cited by security experts as “the baddest of the bad” hacking groups) has been pretty open about their involvement in these types of crimes and the tools they use. Make no bones about it; this [MPack] was not some commercial software that was co-opted by criminals for their use. These criminals developed this toolkit specifically for this purpose, and the RBN has been very open about it in interviews. They developed it, and they know it’s illegal. But it’s like a ‘Catch Me If You Can’ type scenario. Only difference is, they’re not on the run -- they’re hiding in plain sight.
For more details, or to read the complete report: Internet Security Threat Report