The biggest problem is the availability of tools that make it easy for the average person to launch spam campaigns, including those that employ phishing to steal personal information.
Having identified spam as a gateway cybercrime that leads to much more serious infractions, such as phishing and identity theft, the U.S. government is promising to crack down on purveyors of unwanted e-mail. That's not going to be easy as new tools flood the market that make it easier to launch spam campaigns.
These investigations aren't limited to the Justice Department, and they often require the help of international law enforcement. Greg Crabb, U.S. postal inspector program manager for the U.S. Postal Service's international affairs group, told the summit that he worked with Interpol and international law enforcement officers from more than a dozen different countries on what he dubbed "Operation Gold Phish" and soon found the investigation leading law enforcement into the "malware economy," he said. There, he encountered cybercriminals like "Barracuda," who sold $300 computer viruses that could be included with spam to steal identity information from of a victim's infected computer.
The greatest evolution in the cyber headache better known as spam is this availability of software that makes it easier for the average user to launch spam campaigns, including those that employ phishing to steal personal information, Andrew Klein, senior product marketing manager with SonicWall, said at the FTC forum. The results of this trend have been eye-opening. A Dutch spammer that Klein referred to as "Mr. X" -- who's since been thrown in jail -- was renting out up to 700 computers that were capable of generating spam campaigns of up to 9 billion e-mails. Two other jailed spammers -- Jeanson James Ancheta and Christopher Maxwell -- were renting botnets out for $300 to $700 per hour.
A community of malware providers has sprouted up such that a spammer can buy a spyware kit online for $17 to create a payload for his spam, and that kit will come with technical support. "You can't get that from Microsoft or any company, my company included," Klein quipped. "These phishing kits have been around for years, but the breadth of what's available is really impressive."
Jens Hinrichsen, product marketing manager for RSA's online threats managed services group, told the forum that he's seeing a disturbingly similar trend. "Double click, and a newbie fraudster can within two seconds create a phishing attack that's ready to go," he said. "We're really seeing a lot of price compression in terms of the tools available."
RSA is seeing about 200 different organizations being imitated by phishing campaigns each month, according to RSA statistics for June. "Of that number, about 35 of those organizations had never been targeted by phishers before," Hinrichsen said, adding. "Of those 35 institutions, about 12 were federal credit unions. Phishing's not going away anywhere soon."
Building A Mobile Business MindsetAmong 688 respondents, 46% have deployed mobile apps, with an additional 24% planning to in the next year. Soon all apps will look like mobile apps – and it's past time for those with no plans to get cracking.
InformationWeek Tech Digest, Nov. 10, 2014Just 30% of respondents to our new survey say their companies are very or extremely effective at identifying critical data and analyzing it to make decisions, down from 42% in 2013. What gives?