Cybercriminals are worried, but business is still good.
Welcome to Cyber Security Today. It’s Friday May 29th. I’m Howard Solomon, contributing reporter on cybersecurity for ITWorldCanada.com.
I’ve told you about several international police arrests of cybercriminals. Some online criminal websites, where stolen data and hacking tools are sold have also been closed. These efforts may be having an impact, says an IT security firm called Trend Micro. It issued a 66-page report this week noting criminal online markets are adding new security measures trying to protect themselves from cops. With even some criminals hacking each other, a new search site called DarkNet Trust has been created so attackers can try to verify who they’re buying from and selling to. In addition, it’s harder for them to make as good money from certain cybercriminal services because there’s so much of it being sold, and services are automated. For example the price of encryption services is now $20 a month; it used to be $1,000. Want to create fake likes for a criminal product on Instagram? You can buy 1,000 likes for 15 cents. One thousand Facebook likes cost as little as $3. That’s in part why there’s a lot of fake news and propaganda with seemingly lots of likes on the web. There are so many hacked Netflix accounts they’re going for as little as $2 apiece.
On the other hand, low prices for some things make it easier for more criminals to get into the game. Access to an automated botnet, which is a chain of hacked devices for spreading malware, can be as low as $5 a day. To buy the remote access malware for that botnet to distribute could cost another $5. Ransomware is a little more pricey On some criminal sites it’s rented for as little as $100 a month, or $700 a year, including unlimited use.
Which is why there’s no lessening in the number of data breaches. These generate fresh stolen credit cards, as well as account user names and passwords for more data breaches. The really big money is in selling quietly hacked access to huge companies, where the asking price can go up to $10,000.
The report also warns criminals are increasing their attempts to hijack smartphones of business executives to get access to their email accounts and corporate data.
Looking ahead criminals are want to move into new areas like creating and selling deep fake audio calls for sextortion or convincing an employee she’s talking to her boss and getting her to transfer money to an account controlled by a crook.
Artificial intelligence solutions are also being sought that can predict dice roll patterns to cheat online casinos. Some are trying to find ways to crack those extra login protection solutions you’re shown six photos and you have to pick out the ones that have a stop sign.
In short, business for cybercriminals is still good, despite a few arrests.
All of this means you, companies and governments have to remain vigilant for the threat of cyber attacks. Stolen usernames and passwords are a leading tool for hackers. So on your personal email, bank and social media accounts you have to add two-factor or multifactor authentication for logins. And make sure you don’t use easily guessed passwords. Organizations have to make sure all employee accounts are protected this way as well. There’s more you can do, but that’s a big start.
That’s it for Cyber Security Today. Links to details about these stories can be found in the text version of each podcast at ITWorldCanada.com. That’s where you’ll also find my news stories aimed at businesses and cybersecurity professionals. Cyber Security Today can be heard on Mondays, Wednesdays and Fridays. Subscribe on Apple Podcasts, Google Podcasts or add us to your Flash Briefing on your smart speaker.