Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Cybercrime

The Five A’s that Make Cybercrime so Attractive

Botnets, Trojans and Phishing…Oh my! The dedicated researchers at Symantec are at it again, scaring the living daylights out of companies and consumers with overwhelming evidence that the web is indeed a dark and foreboding place.

Botnets, Trojans and Phishing…Oh my! The dedicated researchers at Symantec are at it again, scaring the living daylights out of companies and consumers with overwhelming evidence that the web is indeed a dark and foreboding place. If you wade through the nearly one hundred pages of gloom and doom in Symantec’s recent Global Internet Security Threat Report for 2009 you’ll want to either stock up on more security protection software or give up on the idea that any web transaction is every really secure. And if Symantec’s new report isn’t enough to rattle you, check out similar regular reports from any of the other big security players—McAfee, RSA, Trend Micro or CyberSource’s 2010 Online Fraud Report.

So why is e-commerce so fraught with risk despite the huge amount of money, effort, and technology devoted to making the online world safe? that’s simple: Because crime in the virtual realm has a lot going for it compared with traditional crime in the physical realm. Why use a gun to commit a robbery when you can use credit cards and stolen identities? Every fraudster, scammer and organized cybercriminal knows the five Big A’s: The five big advantages of doing crime online.

1. Affordability: You don’t need much more than a computer and an internet connection to commit virtual crimes.

2. Acceptable Risk: Cybercriminals bear a low risk of being caught or prosecuted.

3. Attractiveness: The universe of opportunity to commit cybercrimes is virtually unbounded.

4. Availability: With the help of automation, cybercriminals can operate a 24 x 7 criminal enterprise.

The critical fifth advantageous “A” is one that fraudsters know a lot about because without it they’re out of business: Anonymity.

Advertisement. Scroll to continue reading.

The inherent anonymity of the Internet is a critical element that enables fraudsters to freely commit deception that leads to profit. As long as computers and people are vulnerable to hacking—both always have been, and always will be—cybercriminals will take advantage of the anonymity the Internet affords them.

There’s another “A” word that fraudsters are aware of that is a disadvantage to web fraud: Anomaly. Fraudsters manipulate computers to hide their tracks, and these attempts to mask the truth can trip them up. Take IP addresses for example. Lots of web sites—banks, social networks, internet retailers and many more—use your IP address to identify your computer and ancillary information, like its geolocation. Fraudsters use hidden proxies that conceal their true device location via an alternate IP address. By using a hidden proxy scammers can pretend to be in one location, frequently a U.S. city, when the device they are actually using to execute a fraudulent transaction is located in another country altogether. Our customers see this cloaking trick all the time. They’re able to go around hidden proxies to get the true IP address and geolocation which gives them another way to decide whether to trust—or block—the computer from their site.

I suspect fraudsters—mostly off-shore organized criminals—don’t read the state-of-information-security reports from the big security vendors, or if they do they use the information to advance their technology or adjust their tactics. In my next column I’ll shed more light on another powerful weapon of the cybercriminals that shows up in every security vendor report: botnets.

Botnets Proxies Security Cartoon

Written By

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

SecurityWeek’s Threat Detection and Incident Response Summit brings together security practitioners from around the world to share war stories on breaches, APT attacks and threat intelligence.

Register

Securityweek’s CISO Forum will address issues and challenges that are top of mind for today’s security leaders and what the future looks like as chief defenders of the enterprise.

Register

Expert Insights

Related Content

Cybercrime

The changing nature of what we still generally call ransomware will continue through 2023, driven by three primary conditions.

Cybercrime

Luxury retailer Neiman Marcus Group informed some customers last week that their online accounts had been breached by hackers.

Cybercrime

As it evolves, web3 will contain and increase all the security issues of web2 – and perhaps add a few more.

Cybercrime

A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...

Cybercrime

Satellite TV giant Dish Network confirmed that a recent outage was the result of a cyberattack and admitted that data was stolen.

Cybercrime

Zendesk is informing customers about a data breach that started with an SMS phishing campaign targeting the company’s employees.

Artificial Intelligence

The release of OpenAI’s ChatGPT in late 2022 has demonstrated the potential of AI for both good and bad.

Artificial Intelligence

The degree of danger that may be introduced when adversaries start to use AI as an effective weapon of attack rather than a tool...