It is a multi-billion dollar industry. Today's IT attacks are regional, targeted, going after specific people and companies in the world, and entirely driven by profit, according to David Rand, CTO of security firm Trend Micro.
"Yesterday's hacker was typically aged 15 to 34, had no girlfriend and was living with his parents. This is no longer true today," Rand told the audience at the SIFMA trade show.Hackers used to break into computers just to prove a point. "But today, hackers are professional, motivated, have lots of cash and are doing it for the cash. It's all about the money and the money is huge. It's all profit driven. That's a remarkable change in the last ten years," he said.
Rand said that in today's underground economy, users' stolen account information is currently priced at $1000-$5000, a credit card number with pin is valued at $300, birth certificate information goes for $150, while a credit card number with security code and expiration date is currently valued at $7-$25.
Rand pointed to a dramatic shift to web-based threats. Users are clicking on a malicious URL in an email or an instant message, and redirected to compromised Web sites. "Often software or freeware is bundled surreptitiously with malware," Rand said.
He cited the example of a malicious site claiming to show a Web video of Saddam Hussein's execution. But when users clicked on it, they unwittingly downloaded spyware.
Last week, the FBI and the Department of Justice said they had identified over one million potential victims of botnet cyber crime.
A botnet is a collection of compromised computers under the remote command and control of a criminal "botherder." Most owners of the compromised computers are unknowing victims. They have unintentionally allowed unauthorized access and use of their computers facilitating crimes like identity theft, denial of service attacks, phishing, click fraud, and the mass distribution of spam and spyware. Infections today are designed not to interrupt normal business, Rand said. They stay hidden to users as long as possible. "They install updates but they're clever - they don't even ask you to reboot, so you never notice. They're more clever than legitimate software makers," he said.
In the last two years, there have been more than 300,000 new versions of malware - more than in the last 15 years as a whole, Rand said. Melanie Rodier has worked as a print and broadcast journalist for over 10 years, covering business and finance, general news, and film trade news. Prior to joining Wall Street & Technology in April 2007, Melanie lived in Paris, where she worked for the International Herald ... View Full Bio