Modern cybercrime has grown and evolved so much that it is now comparable to other organised illegal activities such as drug and weapons trafficking in terms of monies gained and laundered.
No matter how worthless users’ personal data or online accounts may seem, they are a potential goldmine for cybercriminals.
Kaspersky Lab’s experts have seen a rapid growth in cybercriminals’ interest in user data, with the number of malicious programs designed to steal any type of users’ personal data having increased by more than 100% since 2009.
In addition, the number of new banking Trojan signatures introduced into Kaspersky Lab’s databases exceeded 25,000 in 2010, which is more than five times higher than in 2006.
Dmitry Bestuzhev, head of the global research & analysis team in Latin America, has analysed supply and demand in the computer black market and found that a cybercriminal wanting to enter the business of stealing users’ personal data generally requires start-up capital of around $6 000.00.
The bulk of this sum is spent on hosting – the cybercriminals need to spend approximately $3 600.00 a year to rent server resources; this also includes enough money to make sure the provider turns a blind eye to their illegal activities.
Purchasing a set of malicious programs to exploit vulnerabilities in popular software costs the illegal business owner, on average, another $1 300.00. Automatic modifiers of malicious programs (such as the notorious ZeuS or Spy-Eye) cost around $750.00 and appreciably simplify the cybercriminals’ activities, as do multi-scanner services (US$480) which identify which security solutions can detect a specific malicious program.
The low cost and high returns of starting rackets such as this keep the cybercriminals’ interest focused on the data that users store on their computers. The more people who use a specific social network or online resource, the more attractive it is to fraudsters. Thus, PayPal, Amazon, Yandex and MasterCard were the most frequently attacked companies, while Facebook, MySpace, Windows Live and LiveJournal were the most frequently attacked social networks in 2010. Stolen Facebook accounts can cost up to several hundred dollars on the black market.
Even when cybercriminals cannot directly profit from the stolen personal data, the situation is still dangerous for the user.
“These days, it is increasingly common to see cooperation between regular criminals and their online compatriots. Regular criminals buy scanned images of stolen passports and driving licenses from cybercriminals in order to use them for their own illegal ends,” says Besstuzhev.
Stefan Tanase, senior security researcher with the Global Research and Analysis Team has pointed out that millions of computers out there, including office PCs, are infected every day and end up as part of botnet operations that send spam or launch DDoS attacks, with the cybercriminals having full access to these machines. It is therefore only a matter of time before the criminals search these infected computers for private information.
Tanase’s recommendations on how users can protect their personal data include:
* Use proprietary security solutions;
* Use your computer or smartphone in a secure environment – try not to use public computers;
* Enable encryption of data and transmission channels;
* Regularly back up your data;
* Do not share sensitive information over peer-to-peer networks; and
* Make sure your children are aware of online safety rules.