If cybercrime were a legitimate business publically traded on the stock exchange, its revenues would be the
envy of many of the Fortune 1000 as some experts predict its revenues would reach a trillion dollars.
The fact is that cybercrime is not like traditional crime—it doesn’t flourish in bad times—but rather
in all times, and particularly well during good economic times when corporations are flush. Moreover,
criminals themselves are more educated in their specific trade and, in too many cases, very adept at finding
weaknesses in computer networks of even the most seemingly well-protected organizations.
In 2013, we have seen attacks become more sophisticated, moving up the network protocol stack. It is no
longer simply hardware ports nor browsers/e-mail/infected files that are the main carriers of attacks, but hijacked
technologies on the Web (Java, Adobe Flash, Silverlight, etc.) that carry the threats. For example, cybercriminals are increasingly abandoning scareware methods such as Fake AV scams and moving over to more profitable
Ransomware scams which lock down a computer, device, or service and hold all the data hostage or even threaten court action if the user does not pay. These are devious attacks that are embedded deep into the computer or
device and it is nearly impossible for an average user to regain control over his own system and data.
Another more overt but concerning threat—and one that is growing in incidences—comes in the form
of DDoS (distributed denial of service) attacks. The sophistication of these attacks and their ability to par-
alyze Web sites is growing at
a dramatic pace. For example
in 2011, there were 1,596,905
DDoS attacks compared to
120,321,372 in 2012. These
attacks have grown in scale
as well as in number, well ex-
ceeding traffic volumes of 100
Gbps. One prolonged attack
on an Asian e-commerce site
involved a botnet of over
a quarter million zombie
computers, many reportedly
based in China. Criminals
use DDoS because it is cheap,
hard to detect, and highly
effective. DDoS attacks are
economical because they can
leverage distributed networks
of thousands of zombie
computers taken over by worms or other automated means. For instance, the DDoS attack MyDoom used
a worm to distribute the launching of flood attacks. Because these botnets are globally sold and available
on the black market, an attacker might buy the use of a botnet for less than $100 for a flood attack, or
contract specific attacks for as little as $5 an hour.
Financially-driven DDoS attacks are typically based on either extortion or competition. Extortion
schemes often profit by demanding significant ransoms from victim organizations in order to prevent
denial of service. Ideological attacks can be launched by governmental entities or grassroots “hacktivists.”
Hacktivists tend to seek publicity by obstructing high-profile organizations or sites symbolizing conflicting
political views or practices. Perhaps one of today’s most notorious examples of hacktivists is the loosely
affiliated group Anonymous, who have claimed responsibility (and publicity) for bringing down sites of
Cybercrime: Uncovering a Silent Threat
to Today’s Businesses
Figure 1: Attacks in North America using social media over 30 days.
Source: Dell Sonic WALL GRID