An annual global report on cybercrime is revealing that cybercriminals are using the global economic recession in malware attacks and as a tool for distracting governments from tracking and investigating their growth.
The McAfee Virtual Criminology Report, an annual global study on organized crime and the Internet released Tuesday, states cybercriminals are continuing to win the war on cybercrime as the number of unique malware attacks grows and as governments continue to ignore the issue.
In 2007, McAfee Avert Labs found 150,000 pieces of individual threats, said David Marcus, security director at McAfee Avert Labs. This year the amount of malware has increased 345 per cent to 1.4 million, and the labs are receiving 3,500 new threats each day.
“We are seeing more malware than ever before and the biggest driver is the shift in economy,” Marcus said. “As soon as we started seeing mergers in the news, we started seeing information about it in related scams.”
Criminals are also capitalizing on the shakiness of the economy by sending out phishing and spam campaigns designed to lure desperate individuals searching for job assistance online into clicking malicious links or are fooling users into becoming “money mules.”
“Money mules” are individuals recruited to launder cybercriminal gains under the guise of international sales representatives or shipping managers, said Marcus. Problematically, this illegal operation usually ends up in the “money mule” being caught rather than the central profiteer of the operation.
The websites have a professional-looking image, high quality verbiage and use the correct coding needed to filter though search engines and place high in the rankings. Individuals looking to regain a few extra dollars lost in the stock market may get sucked into these ‘get rich quick’ scams.
The report also notes an increased trend of users being asked to place malicious code on their websites in exchange for quick, easy cash.
All of the malicious code is written for economic gain, Marcus said. Ninety-five per cent of all malware McAfee sees is password stealing Trojans, which gather valuable personal information, such as banking information and passwords to be sold down the road.
Marc Fossi, manager of development at Symantec Canada, said phishing scams are increasingly web-based and are coming from legitimate web pages. Cyber criminals are replacing content on trust websites with their own malicious content – fooling individuals into sending personal information to criminals rather than retailers.
The fact that the economy is being abused should not come as a surprise, Fossi said.
“There is nothing particularly new about these attacks. In the past various attackers have taken advantage of headlines as a social engineering trick. They grab onto what’s on the public mind and take advantage of that.”
Typically, these phishing scams are global issues, Fossi said. There won’t be any unique threats for Canadians because we all use the same software and visit the same websites, but the messages in spam will be tailored to include Canadian banks, etc. The economy is a perfect event to latch onto because it affects people everywhere, he said.
A key problem in the wake of increased economic recession-related cybercrime, as reported by McAfee’s report, is the lack of laws protecting Internet-users against attack.
Despite the economic cost of cyber attack and risk to national security, governments are floundering when it comes to viewing cyber security as a top issue, focusing their attention on the recession or terrorism concerns instead.
Governments also need to recruit police officers and investigators with IT skills, Marcus said. There is no well-defined career path for fighting cybercrime and the good ones are poached for private companies.
“When we combine poor police investigations, undertrained judges and weak legislation on the issue, we create a climate that is much more conducive to cybercrime.”