Cyber Criminals Operate On A Budget, Too

  /     /     /  
Publicated : 22/11/2024   Category : security


Cyber Criminals Operate On A Budget, Too


New report shines light on how attacks have gotten more advanced but still basically use some of the same old, same old, tools



Most cyber attacks today are waged by cost-conscious criminals who mostly repurpose malware and other techniques to get the most bang for their buck, a new study finds.
Attackers dont need to write the next Stuxnet or other advanced piece of malware to hit their mark -- about 99 percent of attacks are based on incremental tweaks to existing malware and methods in their attacks, according to Websense, which published its new
2014 Threat Report
today. The report analyzed more than 4.1 billion live attacks detected by Websense last year.
Advanced attacks, in Websenses parlance, are any attacks that try to get past existing traditional defenses. The mastermind criminals of the APTs and the Stuxnet world require huge amounts of investment to come out with advanced attacks. But we [say] the bar is so much lower [for most attacks], with 99 percent of attacks doing all damage simply by making incremental changes in malware, says Charles Renert, vice president of Websense Security Labs.
Most attackers are using exploit kits today rather than crafting their own malware:  The volume of attacks employing these kits is about 1,000 to 1, Renert says. Theres a mass market out there for tools, he says, and attackers are looking for relatively inexpensive ways to exploit their targets.
Websense detected some 67 million attack attempts via exploit kits last year. Blackhole was the most popular kit in use for much of 2013, but after its alleged creator Paunch was arrested in October, Magnitude and Redkit have been battling it out for the No. 1 slot, according to Websense data. Redkit, as of January of this year, had nudged out Blackhole for the top slot.
The Websense report says:
Within a week of Paunchs arrest, Websense researchers noted a dramatic increase in the variety of techniques used by the cybercriminal community. Malicious email links that previously redirected to Blackhole exploit kits, for example, began pointing to the Magnitude exploit kit. Further, for a short time direct email attachments were the predominant attack mechanism. Cybercriminals thus have proven that the loss of Blackhole will not deter them from their goals.
But the most elite of the attackers dont bother with exploit kits. If youre really sophisticated, you dont use exploit kits because they leave markers, such as the apparatus being deployed, the techniques being used, says Renert.
So the bulk of attacks are really just repurposed versions of the same old, same old. Our contention is theres not a lot of new stuff being invented, Renert says. They use the stuff thats cheapest to create for the highest value, and that is slight incremental improvements [in their attacks]. They are having a tremendous deal of success.
{Image 1} 
Take Zeus, for example, which originally was all about targeting financial information and credentials. Today, new iterations of the malware kit are going after the services market mostly, followed by manufacturing and then finance, Websense says. Zeus variants also were spotted going after government, education, retail, healthcare, and utilities.
Not surprisingly, Java is still a huge target for the bad guys, mainly because its current versions are riddled with security holes, and users are not consistently updating the application. According to Websense, one month after a new version of Java had been released last year, just 7 percent of users had applied it, and 31 percent of systems run versions of Java that are out of date by a year or more.
Websites, meanwhile, are a major threat landscape. Some 85 percent of malicious links on sites or in email-borne attacks, were located on legitimate websites that had been compromised, according to the report. Renert says redirection is a common method used by attackers today.
Meanwhile, 30 percent of malware samples found by Websense last year used custom encryption to steal data.
According to Websense, cybercriminals are zeroing in on specific populations, geographies, user communities, and individuals. 

Last News

▸ 7 arrested, 3 more charged in StubHub cyber fraud ring. ◂
Discovered: 23/12/2024
Category: security

▸ Nigerian scammers now turning into mediocre malware pushers. ◂
Discovered: 23/12/2024
Category: security

▸ Beware EMV may not fully protect against skilled thieves. ◂
Discovered: 23/12/2024
Category: security


Cyber Security Categories
Google Dorks Database
Exploits Vulnerability
Exploit Shellcodes

CVE List
Tools/Apps
News/Aarticles

Phishing Database
Deepfake Detection
Trends/Statistics & Live Infos



Tags:
Cyber Criminals Operate On A Budget, Too