Some of the most successful hackers are patient and calculated, waiting for just the right moment to strike in hopes of finding a treasure trove of potentially lucrative data.
The number and sophistication of targeted advanced persistent threats accelerated during the first quarter, according to a threat report released Monday by Intel's (NASDAQ:INTC) McAfee.
Spam also continued to make a comeback, with global spam volume growing for the first time in three years last quarter and the number of suspicious URLs increasing by 12% as cybercriminals moved away from pricey botnets as the primary distribution mechanism for malware.
Adam Wosotowsky of McAfee Labs says mass email attacks have become more expensive for hackers as the defenses on emails improve. Because of that, watch for malicious links being delivered to victims in savvy ways.
“The cost of sending email has actually gone up for botnets on the underground market because overtime we have gotten better at identifying blaring red lights,” he said.
If a hacker can instead be patient and target specific people or organizations, they can take the time to get the lay of the land and steal data that in the long-run will be much more profitable and cost-efficient then capturing logs via botnets and selling them on the black market.
“It’s a way to monetize their botnet without being so overt,” Wosotowsky said.
Pump and dump campaigns re-emerged on social media and email in the first quarter as criminals tried to make a buck by fooling would-be investors, and malware on Android software grew to uncomfortable levels, becoming a point of concern for the first time as people bought apps in different languages and used their phones as a mini-computer.
“Cybercriminals have come to appreciate that sensitive personal and organizational information [is] the currency of their ‘hacker economy,’” said Vincent Weafer, senior vice president, McAfee Labs.
Master boot record-related malware increased by 30% and new instances of password-stealing Trojans being repurposed to capture information grew from the subsequent period. State-sponsored cyber espionage has been at the helm of much of those attacks, led by password-stealing Trojans that have evolved into information-gathering tools hoping to unlock valuable intellectual property.
China, for example, is believed to have stolen sensitive U.S. weapons data through cyber espionage, accelerating its federal defenses by decades as it scored critical information about the nation’s missile defense, fighter jets and combat ships. The U.S. has started to recognize the threat, and a top Republican lawmaker called on President Obama to meet with Chinese President Xi Jinping this week to stop the theft of American intellectual property.
While there are various ways to infiltrate a system, one of the stealthiest is the use of rootkit software, which allows a bug to dig deep into the computer’s system below the radar of virus detection and cleaning technologies, virtually hiding the software's existence so bad guys can get to know the ins and outs of a computer and slowly steal information completely unbeknownst to their targets.
McAfee says rootkits "remain a troubling threat" and accelerated last quarter.
“Say you think your IP is worth $10 million, it’s easy for 10 people to spend a year trying to get your intellectual property,” Wosotowsky said. “Companies need to be aware that there are very sophisticated people who have a lot of patience," meaning they must have "many layers of security."
Meanwhile, Koobface, a social networking worm that targets Facebook (NASDAQ:FB) and Twitter, soared by three times in the first quarter compared with the prior period.
The finding comes as social-media hackings climb to unprecedented levels, with high-profile targets like the Financial Times, AP and Burger King (NYSE:BCW) among the recent attacks.
“Social networks continue to present a substantial opportunity for intercepting personal information,” Weafer said.
It has highlighted the imperativeness of adopting multi-step password verification systems like retina and fingerprint recognition while ensuring passwords are complex and lengthy, and many companies have began overhauling their systems in an effort to minimize the potential their information will be compromised.