PC Data Breaches: Criminals Helping Criminals

Hackers go so far as to offer fraud-as-a-service for a few hundred dollars a month to help criminals gain access to computers to harvest personal data.
Data breaches are now a regular occurrence, and the grim fact remains that we will see more in the coming year. PC users too often take a devil-may-care approach to their Internet habits, and a closer peek into the increasingly sophisticated online criminal underground makes some wonder if they should just unplug from the grid.

Last week in Santa Clara, Calif., RSA provided a handful of analysts and reporters a jaw-dropping report on the sophistication of fraudsters. These crooks harvest users’ financial information through the use of Trojans and other malware. Press members read a real dialog between the fraudsters, which used an IRC (Internet Relay Chat) to sell their wares to each other and also shared information on which major banks were ``dead’’ to the criminal community—as in, they had beefed-up security.

How does the data breach system work? At the bottom of the food chain, the fraudsters offer to sell Trojans in different packages to the next group down the line. Ultimately, the crooks use the malware to hack into banks and financial institutions in an attempt to drain accounts.

Criminals go so far as to offer Fraud-as-a-Service for a few hundred dollars a month to help criminals gain access to computers to harvest personal data. RSA, a division of EMC, provides authentication security to the world’s largest banks to help guard against such activities—increasingly important technology especially as organized online crime poses clear threats.

This week Cisco helped illustrate the point further when it released the results of a worldwide survey, polling PC users and IT administrators. The upshot is that 20 percent of users change their security settings to bypass IT policy and access unauthorized Web sites; and seven out of 10 IT professionals said the use of unauthorized applications and Web sites was the reason for about half their companies’ data loss incidents. The list of worrisome activities goes on. (This survey sounds like the foreshadowing of an acquisition by Cisco of a data loss prevention (DLP) vendor.)

As a result of these trends, expect infrastructure, storage and security providers to step-up their data security offerings to address the growing threat to their enterprise customers. Traditional threat protection providers, including Symantec, McAfee, and Trend Micro, offer layered security protection including malware detection and DLP technologies. Pure play DLP providers include Vericept, Orchestria, and others. And some companies are taking unique approaches to the problem, such as Cyveillance, which provides proactive Internet monitoring in an effort to anticipate threats aimed at customers.

2009 should be a big year for data loss prevention, as we’ll see more consolidation, integration, and a move towards better ease-of-use. DLP is being coupled with encryption and endpoint security to guard against data loss at the device. DLP will be integrated into core technologies including endpoint, storage and network security. And we’ll start to see next-generation DLP products emphasize ease-of-use implementations, requiring less human intervention and more intuitive discovery through DNA-type analysis of unstructured data, such as those offerings by start-up nexTier Networks.

Criminal activities will continue, but so will the development of innovative technology.

Charlotte Dunlap is a senior analyst for the Enterprise Strategy Group.

Tags: authentication, Cisco, data security, policy, Storage

0 Comments (click to add your comment)
Comment and Contribute


(Maximum characters: 1200). You have characters left.