Hackers no longer need to be technical wizards to set up an operation to steal people's banking information and then rob their accounts.
The number of hackers attacking banks worldwide jumped 81% from last year, according to figures released at the BlackHat security conference Thursday. Researchers from SecureWorks also reported that hackers going after the company's credit-union clients increased by 62% from last year.
So why are there so many more hackers this year than last? Joe Stewart, a senior security researcher at SecureWorks, told InformationWeek that highly technical and savvy hackers are no longer the only ones in the game.
Hackers no longer need to be technical wizards to set up an operation to steal people's banking information and then rob their accounts or sell their identifying information to an even bigger cybercriminal. Hacking toolkits and malware are for sale in the online underground. All hackers need are basic technical skills and the knowledge of where to go to buy what they can't build themselves.
"You go to a Web site and pay a $100 to several hundred dollars, and you can buy a turnkey exploit package," said Stewart. "You can buy the malware too, and then you're in business You put these components up on a Web site and immediately start infecting people. All you really need to know how to do at this point is set up a Web site."
This new ease-of-use is evident in the numbers.
SecureWorks reported that between June 2006 and December 2006, they blocked attacks from about 808 hackers per bank per month. From the beginning of this year through June, there's been an average of 1,462 hackers launching attacks at each of the company's bank clients. As for the credit unions, SecureWorks reported blocking attacks from 1,110 hackers per credit union per month. That number rose to 1,799 this year.
"The amount of stolen financial data we have found since the first of the year has been daunting," said Don Jackson, a security researcher with SecureWorks and the discoverer of the Gozi and Prg Trojans. "With the Gozi, Prg, and BBB Trojans alone, we found millions of dollars of data sitting in their stolen repositories. These data caches contained thousands of bank-account and credit-card numbers, Social Security numbers, online payment accounts, and user names and passwords, and we're finding new caches of stolen data every day -- evidence that more and more criminals are getting into the game."
RSA, the security arm of EMC, reported earlier this year finding a new and more dangerous phishing toolkit that made online fraud a point-and-click process. Researchers said it was a bad omen for consumers. The kit, which RSA dubbed "Universal Man-in-the-Middle Phishing Kit," was being sold for about $1,000 on various hacker sites, according to RSA executive Marc Gaffan.
Building A Mobile Business MindsetAmong 688 respondents, 46% have deployed mobile apps, with an additional 24% planning to in the next year. Soon all apps will look like mobile apps – and it's past time for those with no plans to get cracking.
Join InformationWeek’s Lorna Garey and Mike Healey, president of Yeoman Technology Group, an engineering and research firm focused on maximizing technology investments, to discuss the right way to go digital.