During the reporting period, Symantec monitored 44,752 unique samples of sensitive information publicly posted on underground economy servers, which accounted for 10 percent of the total distinct messages. Sellers often publicly post samples of their goods in the channels on underground economy servers. These samples serve several purposes: to prove that sellers actually have the goods in their possession; to show potential buyers the quality of goods they can expect; to enhance their credibility, and; to allow users to validate the information. The following table identities the top samples of information posted:
Credit card information was by far the most popular advertised and requested "product" during the study's time period. Symantec notes that credit cards are popular due to the many different ways they can be obtained and used for fraud, and because it's difficult for merchants to identify fraudulent transactions before a sale is completed. Bank account data was the second-most popular category of advertised goods; Symantec says this is popular because of the potential for high payouts and the speed at which money can be transferred. The company pointed out one example in which the balances of certain accounts were transferred online to "untraceable locations" less than 15 minutes after the information was obtained.
Unsurprisingly, all of this information is obtained and distributed through the use of phishing services, keyloggers, bank exploits, and botnets. Symantec noted that botnets were one of the most expensive attack tools during the observation period, where their services went for an average of $225. Phishing scam hosting services were pretty affordable, with prices ranging from $2 to $80, and the average price of a keylogger was $23. However, bank vulnerabilities at financial websites were definitely the "highest-ranked," with the services ranging from $100 to $2,999. Of course, this is also the highest risk, so it comes as no surprise that this method is expensive.
Those offering and advertising the services posted more than 44 million messages during the year-long period, and the US hosted 41 percent of the total number of underground servers worldwide. Symantec noted that they never stay in one place for long, however, with 98 percent of underground economy servers having lifespans of less than six months.
Symantec wraps up its report with a list of recommendations on how consumers can protect themselves, but there's almost nothing here we haven't heard before. Use Internet security solutions that include antivirus and firewall software. Make sure all of your security patches are up-to-date. Use strong passwords, change them often, and don't use the same passwords across sites. Don't open unrecognized e-mail attachments. Report intruders to your ISP and/or local police. And, of course, guard your identity with your life.
No comments:
Post a Comment