Spam spurt fuelled by booming underground economy

Junk mail trebles as crooks barter for IDs


The expanding underground economy is fuelling an identity price war, with unskilled crooks now able to buy full personal identities for pennies, according to the latest edition of Symantec's Internet Threat Report.

The study, published on Tuesday, reports that credit card details, names, addresses and date of births of targeted individuals can be bought for as little as 50 pence. However, the range of prices varies widely, with more prized identities fetching up to £40.

The sale price of credit card details on the underground economy also varies a great deal, from 40 pence to £20. Bank account credentials, meanwhile, sell for as much as £675.

Symantec's study takes a wide-ranging overview of malicious activity, threat activity and cybercrime. Its findings come from data collected by millions of sensors across the world, research and active monitoring of hacker communications.

The security firm added 1.6 million new malicious code signatures to its databases in 2008, 60 per cent of the total number of malicious code signatures ever created by Symantec, in response to the rapidly growing volume of malicious code attacks. Web-based attacks remained the favoured approach to delivering malware.

Of all the vulnerabilities discovered in 2008, 63 per cent affected web applications, up from 59 per cent in 2007.

Botnets remained a security menace, with 90 per cent of all spam distributed through networks of compromised PCs. Symantec recorded an average of 32,188 active bots per day in the EMEA region last year, a 47 per cent increase from 2007, when an average of 21,864 active bots were detected on any one day. Worldwide the security giant tracked an average of 75,000 bots in any one day last year, an increase of 31 per cent on 2007.

Last year Symantec identified 5,147 distinct new bot command-and-control servers in EMEA, of which 40 per cent went through IRC channels and 60 per cent used the web.

Spam volumes all but trebled last year, Symantec reports, increasing from an estimated 119.6 billion messages in 2007 to 349.6 billion in 2008. Phishing fraud also increased with 55,389 phishing website hosts last year, a 66 per cent increase on the 33,428 phishing hosts detected by Symantec in 2007.

"The illegal world of Internet crime is no longer perpetuated by spotty teenagers, it is attracting intelligent adults, very often, in some of the world's developing countries such as Brazil and India," said Guy Bunker, chief scientist at Symantec.

"This booming Underground Economy really is bucking the global recession trend. With over 100,000 malicious codes born every working day, it's not just the technology and code that's getting clever. It's also the approach and the strategy behind each attack." ®


Other stories you might like

  • Cisco warns of security holes in its security appliances
    Bugs potentially useful for rogue insiders, admin account hijackers

    Cisco has alerted customers to another four vulnerabilities in its products, including a high-severity flaw in its email and web security appliances. 

    The networking giant has issued a patch for that bug, tracked as CVE-2022-20664. The flaw is present in the web management interface of Cisco's Secure Email and Web Manager and Email Security Appliance in both the virtual and hardware appliances. Some earlier versions of both products, we note, have reached end of life, and so the manufacturer won't release fixes; it instead told customers to migrate to a newer version and dump the old.

    This bug received a 7.7 out of 10 CVSS severity score, and Cisco noted that its security team is not aware of any in-the-wild exploitation, so far. That said, given the speed of reverse engineering, that day is likely to come. 

    Continue reading
  • What to do about inherent security flaws in critical infrastructure?
    Industrial systems' security got 99 problems and CVEs are one. Or more

    The latest threat security research into operational technology (OT) and industrial systems identified a bunch of issues — 56 to be exact — that criminals could use to launch cyberattacks against critical infrastructure. 

    But many of them are unfixable, due to insecure protocols and architectural designs. And this highlights a larger security problem with devices that control electric grids and keep clean water flowing through faucets, according to some industrial cybersecurity experts.

    "Industrial control systems have these inherent vulnerabilities," Ron Fabela, CTO of OT cybersecurity firm SynSaber told The Register. "That's just the way they were designed. They don't have patches in the traditional sense like, oh, Windows has a vulnerability, apply this KB."

    Continue reading
  • Symantec: More malware operators moving in to exploit Follina
    Meanwhile Microsoft still hasn't patched the fatal flaw

    While enterprises are still waiting for Microsoft to issue a fix for the critical "Follina" vulnerability in Windows, yet more malware operators are moving in to exploit it.

    Microsoft late last month acknowledged the remote code execution (RCE) vulnerability – tracked as CVE-2022-30190 – but has yet to deliver a patch for it. The company has outlined workarounds that can be used until a fix becomes available.

    In the meantime, reports of active exploits of the flaw continue to surface. Analysts with Proofpoint's Threat Insight team earlier this month tweeted about a phishing campaign, possibly aligned with a nation-state targeting US and European Union agencies, which uses Follina. The Proofpoint researchers said the malicious spam messages were sent to fewer than 10 Proofpoint product users.

    Continue reading
  • CISA and friends raise alarm on critical flaws in industrial equipment, infrastructure
    Nearly 60 holes found affecting 'more than 30,000' machines worldwide

    Updated Fifty-six vulnerabilities – some deemed critical – have been found in industrial operational technology (OT) systems from ten global manufacturers including Honeywell, Ericsson, Motorola, and Siemens, putting more than 30,000 devices worldwide at risk, according to private security researchers. 

    Some of these vulnerabilities received CVSS severity scores as high as 9.8 out of 10. That is particularly bad, considering these devices are used in critical infrastructure across the oil and gas, chemical, nuclear, power generation and distribution, manufacturing, water treatment and distribution, mining and building and automation industries. 

    The most serious security flaws include remote code execution (RCE) and firmware vulnerabilities. If exploited, these holes could potentially allow miscreants to shut down electrical and water systems, disrupt the food supply, change the ratio of ingredients to result in toxic mixtures, and … OK, you get the idea.

    Continue reading
  • Halfords suffers a puncture in the customer details department
    I like driving in my car, hope my data's not gone far

    UK automobile service and parts seller Halfords has shared the details of its customers a little too freely, according to the findings of a security researcher.

    Like many, cyber security consultant Chris Hatton used Halfords to keep his car in tip-top condition, from tires through to the annual safety checks required for many UK cars.

    In January, Hatton replaced a tire on his car using a service from Halfords. It's a simple enough process – pick a tire online, select a date, then wait. A helpful confirmation email arrived with a link for order tracking. A curious soul, Hatton looked at what was happening behind the scenes when clicking the link and "noticed some API calls that seemed ripe for an IDOR" [Insecure Direct Object Reference].

    Continue reading
  • Azure issues not adequately fixed for months, complain bug hunters
    Redmond kicks off Patch Tuesday with a months-old flaw fix

    Updated Two security vendors – Orca Security and Tenable – have accused Microsoft of unnecessarily putting customers' data and cloud environments at risk by taking far too long to fix critical vulnerabilities in Azure.

    In a blog published today, Orca Security researcher Tzah Pahima claimed it took Microsoft several months to fully resolve a security flaw in Azure's Synapse Analytics that he discovered in January. 

    And in a separate blog published on Monday, Tenable CEO Amit Yoran called out Redmond for its lack of response to – and transparency around – two other vulnerabilities that could be exploited by anyone using Azure Synapse. 

    Continue reading

Biting the hand that feeds IT © 1998–2022