Every day, cybercriminals develop new ways to use malicious code (malware) to avoid detection while infecting networks, software and devices–from enterprise level to personal. Non-targeted attacks still make up the majority of malware, which increased by 26 percent in 2014. There were also more than 317 million new pieces of malware created in 2014, which means nearly one million new threats were released each day. The findings are part of last year’s Symantec Internet Security Threat Report Vol. 20.
Symantec also found that some web-attack toolkits sold on the black market were designed to be used in the cloud. With so many potentially vulnerable environments, criminals are quick to exploit emerging platforms.
What is the underground economy and what’s on sale on it? And more importantly, how do enterprises protect themselves?
The Underground Economy
“It’s the underground economy,” says Kevin Haley, Director, Symantec Security Technology and Response. “Everything you need already exists and can be purchased cheaply. Because of the tools available to attackers there are few limits on how many threats they can create, attacks they can manage.”
The underground cybercriminal economy continues to thrive. Criminals can now buy malware, attack kits and vulnerability information in this black market. While some of these markets have existed for quite a time, Symantec threat investigators found an increasing sophistication and professionalism in selling “Trojan” viruses, malware distribution and the selling of credit card information.
What’s for Sale?
In the underground marketplace, stolen data, credit cards, passports, compromised online accounts, custom malware, attack services and infrastructure, fraudulent vouchers, and much more are bought and sold. These examples aren’t the only goods and services on offer on underground marketplaces.
Also for sale are:
- Scans of real passports ($1 to $2), which can be used for identity theft purposes
- Stolen gaming accounts ($10 to $15), which can yield valuable virtual items
- Custom malware ($12 to $3,500), for example tools for stealing bitcoins by diverting payments to the attackers
- 1,000 followers on social networks ($1 to $12)
- Stolen cloud accounts ($5 to $8), which can be used for hosting a command-and-control (C&C) server
- Sending spam to 1 million verified email addresses ($70 to $150)
- Registered and activated Russian mobile phone SIM card ($100)
Point of Sale Malware Attacks
Cybercriminals are always hunting for credit card data. While there are ways to steal this information online, Point of Sales (POS) is a tempting target. This can include malware on retail check out registers or stealing the data from a customer database. An estimated 60 percent of purchases at retailers’ Point of Sale (POS) are paid for using a credit or debit card.
Download our Attacks on Point of Sales Systems whitepaper for details on how POS attacks are carried out, and how to protect against them.
How to Protect Your Organization
While many organizations take steps to defend their networks, it is often the end-user that unwillingly lets malware into an enterprise. Education on good cybersecurity is vital and a company-wide concern. Be sure to incorporate security software that scans all inbound email communication, and blocks all unsolicited outbound communication.
What follows are a few best practices for all employees to help deter malware:
- Only open email/IM attachments from a trusted source and that are expected
- If a person on your Buddy list is sending strange messages, files, or web site links, terminate your IM session
- Scan all files with an Internet security solution before transferring them to your system
- Only transfer files from a well known source
- Keep security patches up to date
Actionable Cybersecurity Intelligence
Threat intelligence is a vital component for any organization to understand the potential threats against their network. Symantec is uniquely positioned to share actionable cybersecurity intelligence on the rapidly evolving threat landscape.
Stay proactive in the fight against malware to keep your enterprise protected.
For more insights, read:
Underground black market: Thriving trade in stolen data, malware, and attack services
POS malware: Potent threat remains for retailers
{Editor’s note: This piece was originally published 4/20/2015 and has been updated with new findings}