Just how concerned should users be with insider threats in a struggling economy? Maybe a lot more than they think, according to a report by Cisco Systems.
In their 2009 Midyear Security Report, Cisco’s researchers had a conversation with a botmaster who turned to cybercrime when the paychecks stopped coming in. His earnings are modest – he sold off 10,000 machines under his control to buy antibiotics for his sick child – but he said there was real money to be made in using the bots for phishing attacks. A guy he knew was able to clear $5,000 to $10,000 a week that way, he said.
There’s nothing revolutionary of course about the idea of the economy affecting crime. So perhaps not surprisingly, Cisco predicts in the report that as unemployment rises worldwide online crime will be on the upswing. That means laid-off or disgruntled employees with IT skills may drift into criminal activity.
This may be particular true as the technical barriers required for cyber-crime are lowered. For example, in today’s cyber-underground, there are places criminals can go and literally buy subscriptions to fraud services.
Last week, a former Goldman Sachs employee was accused of downloading proprietary code and attempting to steal before heading to another job. In April, a former information technology analyst at the Federal Reserve Bank of New York was busted by the FBI after investigators reportedly found a flash drive attached to the employee’s computer with applications for $73,000 in loans in the names of stolen identities.
Meanwhile, there is growing evidence that cyber-criminals are teaming up.
“Some of the sophistication that’s occurring with the criminals is now they are actually working together and levering the criminal attacks more jointly,” said Marie Hattar, VP of network systems and security at Cisco. “We saw that recently with some of the SMS attacks leveraging the Conficker worm as a way to get access to information.”
But not all the news for the first half of 2009 was bad. As Hattar points out, it’s not just the criminals that are working together.
“Just like the criminals are getting smarter…the bright spot is we saw vendors and the industry in general – the good guys – creating working groups like the Conficker Working Group getting together to solve some of these issues,” she said.