In the wee hours of the morning this past weekend, two young men broke into a suburban house down the road from me. One home invader straddled the 17-year-old resident, waking him and demanding his money. Saying he was getting the cash, the teen grabbed his pocketknife and fought off the two robbers who fled in a car chauffeured by a getaway driver. The trio, two of whom needed medical attention, were later captured a town over, to the relief of the teen, his parents, and the rest of our tightly knit community.
Waking up to see police cars and a CSI van parked among my neighbors' SUVs and minivans was a frightening experience, one that reminds me to set my alarm, ensure doors and windows are locked at night, and we don't broadcast our vacation plans on Facebook. Likewise, the recently released "Fraud-as-a-Service: A Look at the Fraud Business in 2012" report by RSA, the Security Division of EMC, should be a shocking cue to CSOs, CIOs, IT professionals, and solution providers.
In its report, RSA returns to a phrase it first coined in 2008, bringing readers into a world of cybercrime bazaars and online trading forums where criminals sell and exchange our private, personal information for their profit. Like any other as-a-service, fraud-as-a-service (FaaS) taps the flexibility of hosted software services and infrastructure services to go online, increase automation, and become less complex, according to the report. Ironically, purveyors of FaaS use security in the form of digital certificates and personalized access URLs to prevent law enforcement, security developers, and other unwanted users from entering these areas of the "deep Web," RSA writes.
Like any other retailers, sellers of stolen data vie with each other for valuable customers, the RSA report says.
A five-year retrospect on FaaS reveals that the type of services sold today have changed very little; the more noticeable changes came in the shape of scalability, service relevancy, higher availability, better deals, customer support and buyer guarantees.
Criminals sell an array of items, typically things that help to enable fraud. For phishing, for example, items may include scam pages, spamming services, email databases, junk traffic, email cracking tools, and SMS spoofers. In the world of bot-masters, items could be malware spam, Trojan kits, HTML injectors, malicious code, and encryption services, according to the report.
Often included: customer support via instant message, FAQ page, and Web form. One criminal enterprise, the team developing the Citadel Trojan, even has a mandatory CRM with a monthly, fixed-price membership, that's used to support, ticket, and advise members.
The Citadel has advertising space for criminals wishing to push their merchandise to that very targeted audience; it offers a meeting place where fraudsters can garner new partnerships and lets users provide ideas for the Trojan's next feature or plug-ins.
In other words, these guys are very serious about and dedicated to attracting and retaining their criminal customers.
And that means we must be extremely serious about building multiple levels and types of security around our data so it doesn't end up for sale on a cyber-bazaar one day.
Alison Diana 9/4/2012 10:01:27 AM User Rank Blogger
Re: Attacks Will Happen
True, @Ronnie. No one can guarantee they are 100% secure--and saying so is a recipe for disaster and a dare. But tracking applications that notify security administrators in the event of a break-in and help mitigate damage are one great tool to have in their arsenal. The trick, I think, is to use every possible combination of resources that you can.
I hate to say it no matter how much you board up and secure your home if a robber wants in they will get in, but the question is will you be ready? The same can be said for a cybercrime, it will happen and when it does will you notice and be able to get to fixing it immediately? The best line of defense is not having your information out there but the thing is that is almost impossible once you put it out there it will always be out there. If you don't bank online that would greatly help, not using the internet to access any of your bills or anything else like that online but in this day and age that is almost impossible. So companies need to really have all the consumers and customers' information safe guarded by protection, firewalls and better encryption. There have been some big companies in the past that have had those databases broken into and even the government n has had it broke into as well and they should have top of the line security.
Like I said, they never think it can happen until it happen's to them. In our old neighborhood we warned our neighbors constantly. The people across the alley from us said "we have a dog, he won't let anyone in"...the first time they left the house and took the dog with them, they came home to a missing big screen TV.
It is the same with a lot of people and their computers. My neighbor was having PC issues and when I looked at it for her the first thing I noticed was that her free trial security software was expired. After digging around a little I found she had disabled the firewall and her security softwrae trial had been expired for almost a year. I asked her why she never got new security software and why she had turned off the firewall etc., she said it was because it made her computer run slow when she played Farmville on Facebook!
Needless to say, we should have called the Orkin Man to fumigate all the bugs she had in that box. More viruses than I have ever seen. The PC had to be practically erased and reloaded to fix all the issues it had.
Alison Diana 8/31/2012 9:37:25 AM User Rank Blogger
Re: Brazen Cyber-Criminals
And I'm sure that, even for those friends and family members that saw how this robbery hurt you so much, the impact lessened (for them) over time and many of them have eased up on the burdens of security. It is, unfortunately, human nature. Friends of ours just moved near us from Long Island, NY, and I am astounded that they leave their front and back doors open, windows unlocked, etc.--things they'd never do in NY. We, on the other hand, haven't changed our security measures, perhaps because we have a child (or are more paranoid?!). We've warned them that this isn't a crime-free Utopia (witness the first graf of my article), but to no avail.
Thank you Alison, it was terrible, and it took a long time to recover from. Not just in the matter of replacing the items that were taken, but it took an emotional toll on our family.
Unfortunately, like in my situation, most organizations think it will never happen to them, until it does. I "preach" security to everyone I know, and this includes securing themselves in the cyberworld as well as the real world.
Alison Diana 8/30/2012 10:02:43 AM User Rank Blogger
Re: Brazen Cyber-Criminals
First off, I am so sorry you were robbed, Stacey. That must have been a truly horrible experience, especially as they took your personal information. I feel awful for you. This must really give you even more insight into the importance of security for organizations. You did the right things: Keeping valuable papers in a fireproof, locked box. When you hear about organizations that ignore security by not implementing encryption, by not securing mobile devices or networks, it is scary and wrong.
Being robbed is one of the worst feelings ever, especially when private information is stolen. I have had my home robbed before (luckily, we were not home when it happened), and they stole my fire proof box with all of our personal records like birth certificates, car titles, receipts, etc. I kept hoping they would send it back, but it never happened.
It is hard to protect your property in the "real-world", but it is even harder in the "cyber-world". So many people use the internet, and not all of them are well educated on security and the need to be vigilant in protecting your personal information. This makes the FaaS job much easier for the bad guys.
Businesses must pay attention to the security of its networks. It is important to stay informed about the latest threats and to be proactive in defending against them.
Alison Diana 8/29/2012 9:37:40 AM User Rank Blogger
Re: Who Can You Trust Online?
Even though many nations work together to combat cyberfraud and cybercrime, the few rogue nations that remain outside this bloc provide a safe haven for those who choose to operate outside international laws. This - combined with the difficulty of finding, tracking and prosecuting these people - make it a real challenge for law enforcement across the globe. And, of course, these criminals use leading edge security tools to protect themselves from the good guys--a real slap in the face to the people at RSA et al who develop security solutions to keep everyone safe from people like these creeps.
Anthony, I'm not sure I follow what you are saying. There are laws against fraud, in the US anyway. As to your point about mitigating the risk... I think we always try to do that but unfortunately you can't block something when you don't know where its coming from...you can block it after for future protection but there will always be new "loop holes" that the bad guys discover.
Forget mobile devices. The next big tech trend could be wearable computing, technologies integrated into dresses, shirts, jeans, shoes, and glasses, that share data via the cloud. Take a tour through our slideshow and check out the latest IT styles!
Cloud service provider Zumasys wanted to be proactive, not reactive, in its support to customers. So it found a monitoring solution it could use internally and resell to clients.
SMBs in the United Kingdom have been somewhat slow to adopt cloud in a meaningful way, in part due to a lack of awareness about the technology's cost benefits. Service providers can turn this around through education and personalized attention.
Through its unified storage offerings, Storage Made Easy simplifies knowledge workers' access to data spread across organizations' multiple databases and storage devices.
Ever wonder what other companies' datacenters look like? This slideshow gives you a sneak peek at how some operations use today's latest server, networking, virtualization, and cloud technologies within their datacenters.
To save this item to your list of favorite 21st Century IT content so you can find it later in your Profile page, click the "Save It" button next to the item.
If you found this interesting or useful, please use the links to the services below to share it with other readers. You will need a free account with each service to share an item via that service.
Tweet This
