Perhaps that title should read, getting rich may be more difficult if your honest, but cybercrime is paying well.
Back in the 1930’s a bank robber by the name of Willie Sutton was asked, “why do you rob banks?” His answer supposedly was, “that’s where the money is…”
As to what actually motivated Sutton to hold up banks, as he said in Where the Money Was: “Why did I rob banks? Because I enjoyed it. I loved it. I was more alive when I was inside a bank, robbing it, than at any other time in my life. I enjoyed everything about it so much that one or two weeks later I’d be out looking for the next job. But to me the money was the chips, that’s all.” Read more at Snopes.
As of October 11, Malware Must Die had identified a total of 53 distinct web addresses involved in bot attacks, 25 of them located in the U.S. The attacks have been traced back to a total of 23 countries. This is from an article in SecurityWeek, I recommend you follow this link for further details.
“These attacker IPs are the combination between (known) Mayhem bots we monitor and unknown sources (including the suspected possibility of new panels/CNC/bots),” Malware Must Die wrote in a blog post.
“Many of today’s enterprises have adopted public cloud-based services that run on systems that can be infected by Mayhem, but the enterprise has no visibility into whether servers have been patched, no ability to dictate patch schedules, and no visibility into whether exploits of Mayhem have resulted in theft of their data or user credentials,” Rich Campagna, VP of products at Bitglass, told SecurityWeek.
The latest trends suggest the business of cybercrime is doing rather well adapting to the higher security landscape of digital domains and creating new methods for extracting financially rewarding data. ShellShock is one such exploit that lends itself well to repackaging legal and popular apps (application software) with a way to finding vulnerability in servers as well as many Apple OS products. Data exploits into gaining illegal access at J.C. Penny, Home Depot, J.P. Morgan are merely the tip of an iceberg in cybercrime.
One of the 10 Digital World Commandments — “Know thy cloud vendor” It’s critical to know your web host services vendor or your cloud vendor, and has patched for Shellshock & Heartbleed vulnerabilities.
Another Digital World Commandment — “Thou shall avoid Loading Apps unless you know their source” The path to making a significant living for some people is to develop an application which becomes highly popular (goes viral) then attracts enough attention from a large company to buy them out. It’s happened quite a few times, which has also attracted the attention of criminals to take the original app and bundle it with an exploit and then promote this combined program on the Internet. It may even be given away so that it gets a wider distribution. After all, the offending party doesn’t care about earning revenue through software sales. Their payoff is when you load the new app on your smart phone or digital device of your choosing. Then when loaded, the exploit goes to work behind the scenes to further compromise the security of your device. Gathering financial information is big business, especially if you live in a country that won’t prosecute or extradite you.
Professionals may be interested in the following resources:
- A tracking tool for cyber-crime.
- Internet security research firm – Team Cymru (latest vulnerabilities)
- What is Shellshock? – Why should you care? – What should you do?
- Why Strong Network Security Is a Must in the Wake of the Shellshock Bug