Upping The Ante: Cyber-Criminals Turn On Each Other

Over the last two years, we’ve seen the adoption of cloud computing, social media and virtualisation technologies further blur the network perimeter.  At the same time, new cyber-criminal methods such as ransomware and cyber-crime-as-a-service have successfully lured in unsuspecting users and threatened the enterprise at large.

As we all know, cyber-crime has become a true business, sharing many of the same structures and processes of bona fide companies.  But how will cyber-criminal business models evolve in 2011?  And how will these changes directly affect enterprises and the general public?

The development and distribution of affiliate programs will be a prominent recruitment vehicle for attackers in 2011.  These and other operations will be delegated from members higher up in the cyber-crime food chain – essentially meaning the structural layers of criminal organisations will be less transparent; making it harder for authorities to catch the ringleaders.  Cyber gangs will also become much more effective in “advertising” any job vacancies, ensuring their operations always remain lucrative and don’t lose momentum.

Cyber-gang warfare

As their operations’ methods become more sophisticated, there will be increased competition and the development of inter cyber-gang warfare.  Cyber-criminals are more territorial about their malware empires, to the extent that ‘bot killers’ have been created and implemented to eradicate other criminals’ malware threats that lie on a given individual’s computer.

This competition between cyber-criminals boosts the value of already infected machines.  In 2011, this competition will result in a price increase for criminal services such as bot rentals, which are used to load malicious software onto a system and machine maintenance to maximise an infected machine’s uptime.

Attackers will take professional steps to ensure that malware infections are robust; we’ll see their methods of doing so becoming more intelligent, by using the equivalent of service level agreements and quality of service assurances at the malware production stage.  This will be in order to produce tailored malicious code that will ensure their threats remain undetected by legitimate anti-virus and security software programs.

The industry fights back

Recently, the number of groups prepared to fight and crack down on the growing issue of cyber-crime has increased.   For example, in regulation we’ve seen European authorities team up and form the European Electronic Crime Task Force, aimed at bolstering defenses against attacks on government computers.  The security industry meanwhile has also created task forces such as the Conflicker Working Group, which is aimed at patrolling and flagging any malicious code targeting operating systems.  For 2011, European and international countries will continue to collaborate and partner in an effort to generate a global, authoritative movement to combat the cyber-criminal operations that are growing in number.

The good news is that we’ve already started seeing crime fighters getting tougher on cyber-criminals.  For example, the Zeus takedown last year led to the successful prosecution by both UK and US authorities.   However, with law enforcement predicted to increase, cyber-criminals will do everything they can to keep their underworld organisations afloat.

In light of these challenges, it’s essential that you don’t get caught out.  Make sure you have the best security solutions, in line with your business or personal needs, and that you are prepared for the threats 2011 is predicted to bring.

Derek Manky is project manager of cyber security and threat research at Fortinet’s Fortiguard Labs. He is also author of Fortinet’s monthly Threat Landscape Report.