Hackers no longer need to be technical wizards to set up an operation to steal people's banking information and then rob their accounts.
The number of hackers attacking banks worldwide jumped 81% from last year, according to figures released at the BlackHat security conference Thursday. Researchers from SecureWorks also reported that hackers going after the company's credit-union clients increased by 62% from last year.
So why are there so many more hackers this year than last? Joe Stewart, a senior security researcher at SecureWorks, told InformationWeek that highly technical and savvy hackers are no longer the only ones in the game.
Hackers no longer need to be technical wizards to set up an operation to steal people's banking information and then rob their accounts or sell their identifying information to an even bigger cybercriminal. Hacking toolkits and malware are for sale in the online underground. All hackers need are basic technical skills and the knowledge of where to go to buy what they can't build themselves.
"You go to a Web site and pay a $100 to several hundred dollars, and you can buy a turnkey exploit package," said Stewart. "You can buy the malware too, and then you're in business You put these components up on a Web site and immediately start infecting people. All you really need to know how to do at this point is set up a Web site."
This new ease-of-use is evident in the numbers.
SecureWorks reported that between June 2006 and December 2006, they blocked attacks from about 808 hackers per bank per month. From the beginning of this year through June, there's been an average of 1,462 hackers launching attacks at each of the company's bank clients. As for the credit unions, SecureWorks reported blocking attacks from 1,110 hackers per credit union per month. That number rose to 1,799 this year.
"The amount of stolen financial data we have found since the first of the year has been daunting," said Don Jackson, a security researcher with SecureWorks and the discoverer of the Gozi and Prg Trojans. "With the Gozi, Prg, and BBB Trojans alone, we found millions of dollars of data sitting in their stolen repositories. These data caches contained thousands of bank-account and credit-card numbers, Social Security numbers, online payment accounts, and user names and passwords, and we're finding new caches of stolen data every day -- evidence that more and more criminals are getting into the game."
RSA, the security arm of EMC, reported earlier this year finding a new and more dangerous phishing toolkit that made online fraud a point-and-click process. Researchers said it was a bad omen for consumers. The kit, which RSA dubbed "Universal Man-in-the-Middle Phishing Kit," was being sold for about $1,000 on various hacker sites, according to RSA executive Marc Gaffan.
[Interop ITX 2017] State Of DevOps ReportThe DevOps movement brings application development and infrastructure operations together to increase efficiency and deploy applications more quickly. But embracing DevOps means making significant cultural, organizational, and technological changes. This research report will examine how and why IT organizations are adopting DevOps methodologies, the effects on their staff and processes, and the tools they are utilizing for the best results.
2017 State of IT ReportIn today's technology-driven world, "innovation" has become a basic expectation. IT leaders are tasked with making technical magic, improving customer experience, and boosting the bottom line -- yet often without any increase to the IT budget. How are organizations striking the balance between new initiatives and cost control? Download our report to learn about the biggest challenges and how savvy IT executives are overcoming them.