The group has accumulated hundreds of megabytes of stolen financial information, said Dunham, and sells it on the black market. Last week's attack was ultimately meant to deliver key loggers and Trojan horses to compromised users' machines to steal account information and credit-card numbers.
Nor is the group going to stop. "Even if they sell a credit-card number for just $1 to $3 a pop--and they have hundreds of megabytes of data--you do the math," Dunham said. "A million dollars in Russia is a lot of money. And they're able to recruit new members because they have an illicit business model that works."
In other words, expect more such attacks. "The potential for future attacks is real," Friedrichs said. "We could see them in a couple of days or a couple of weeks."
Until the unpatched vulnerability is fixed by Microsoft, users can rely on a combination of safe surfing practices and some technical workarounds to make sure they're secure.
Large, trusted commercial sites, said Symantec's Friedrichs, can be assumed to be patched against the IIS vulnerability, but smaller sites may not. "Use common sense when you surf," he advised.
By combining resources and expertise, the AI-Enabled ICT Workforce Consortium will offer a blueprint for how industries can adapt to an AI-dominated future.
IT leaders should heed the guidance of cybersecurity insurance providers who think businesses should prioritize security education, incident preparedness, regular internal audits, and ongoing vulnerability scanning and patching.
There are many network courses that can address your present job's priorities and help you gain the needed skills to keep pace with industry changes and new technologies.
