These days we all hear about “hackers” and the unscrupulous deeds they undertake. Everyone agrees that they need to be stopped or at the very least neutralized. They have come a far cry from just being annoyance and now are a real security threat. Today’s attackers are motivated, highly focused and much more determined than the hackers of five years or even 12 months ago
The following is based on a report from TrendMicro, a leading global security company.
How is it that hackers survive?
The key element of the cyber underground is its secrecy. Hackers are hiding everywhere they can, meaning that a threat could be just around the corner for all of us.
When we think of the cybercriminal underground, there is one country that immediately comes to mind: Russia. Russia is the global capital of cybercrime, thanks to its incredibly powerful underground – a vast network of cyber criminals that has grown over the years. But there are differences between the European and North American Underground.
“The North American underground does not rely on limiting access for sustainability. It does not close its doors to novices. On the contrary, it encourages cybercriminal activity. Instead of a highly secretive arena whose dealings take place in the shadows, the North American underground is mostly an open forum – or as open as an underground operation can be.
So while the Russian underground is cloaked in secrecy and requires a degree of undercover work in order to learn about, the North American underground is more out in the open. Some of its services are promoted on platforms like YouTube. The fact that the North American underground has a greater degree of visibility makes it ripe.
The differences in the cyber underground illustrates how effective hackers can be at organizing in an under-the-radar way. It’s this same silent-but-deadly approach that makes them such a threat to their victims, whether those are organizations or individual computing users.
According to Trend Micro report, here are some of the places that hackers like hiding the most:
- Inside Dropbox accounts: People use Dropbox to easily store significant volumes of personal data. But the service may be playing unwitting host to more than your files, since as Beta News reported, hackers – a group of hackers called admin@338 – currently suspected to be tied to the Chinese government – are carrying out malicious attacks whose command center can be tied to Dropbox accounts. The fact that cyber criminals are able to use Dropbox for their malicious purposes should give you an idea of the legitimate service that they are able to stealthily harness for their own criminal ends.
- On adult websites: It should come as no surprise that hackers love to target pornographic websites. Most of the malicious activity that we associate with porn sites happens via efforts that require some action on the part of the individual – i.e. downloading – in order to unleash. Downloads that contain malware are one of the most common malicious types linked to sites, but these require decisive action on the part of the computing user – i.e. making the conscious decision to download something.
The rising concern today involves malvertising. Malvertising is becoming increasingly common on porn sites, and more and more popular on legitimate sites every day. This malware type “skips embedding malicious code on a website and instead puts it in the system serving ads to the website.” That can be a problem for visitors to these sites who think that just because they do not download something that means they’re not at risk.
With threats mounting for all companies, there no longer is time to debate bolstering security measures. Everyday life has become a keyhole to cybercrime. So consider this:
Stolen account credentials is one of the most common hacker targets. Hate having to shell out the $7 or so dollars a month for your Netflix account? Or do you want Hulu Plus without those pesky fees?
Cyber criminals cater to these individuals – who also don’t mind committing an “innocent” crime – by offering them stolen account credentials. The idea behind these is that you pay a small sum for the credentials and then get unfettered access to the compromised individual’s account – provided, however, that the compromised user does not alter his or her password. The going rate for access to a stolen Spotify account is $2. If you want access to a verified PayPal account, however, that will cost you $9, since of course you can do more damage with that kind of access. Of course, you could always settle for a middle ground between these two services by getting illegal access to a Netflix account, the going rate for which is $5.
The North American underground has an ever growing presence, and hackers are lurking just about anywhere. They wait for an opportune time before they carry out their next attack, which is why it’s imperative for individuals and organizations to beef up their defenses and always operate in a proactive defensive mode.