Beware the 'Shadow Economy'

Businesses should beware the shadow economy” of cybercriminals waiting to steal vital corporate and customer data, warns security software firm Finjan, which released its Web security trends report this week.

Cybercriminals have now achieved a level of sophistication far removed from the early days of nerdy hackers in search of publicity, warns Finjan. Instead, cybercrime “has become a major shadow economy ruled by business rules and logic that closely mimics the legitimate business world,” says the report. “With the transition of cybercrime from amateur hacker attacks to highly professional cybercrime business models, we see that the organizational structure of cybercriminals reflects this trend.”

Specifically, individual hackers or groups of hackers have been replaced by a hierarchical cybercrime organization, where each criminal has a well-defined role and reward system, bearing an uncanny resemblance to “La Cosa Nostra”.

Complete with "Boss," "Capo," and "Soldier" equivalents, the typical cybercrime organization bears a striking resemblance to the world of The Godfather or The Sopranos. Even "resellers" akin to the Mafia’s "associates" are used to trade stolen data, according to Finjan, fulfilling a similar role to a "fence" handling stolen goods.

As in the legitimate business world, these resellers use pricing models for different types of "product" -- in the this case, stolen credit card data. In one example provided in the report, prices range from just $15 for a standard Visa up to $70 for a Visa Platinum card.“Cybercriminals operate their profitable businesses utilizing easy-to-use sophisticated attacks while focusing on the management side of data handling,” says the report. “It makes them highly effective in stealing data while avoiding detection – it also makes any organization using the Web vulnerable.”

As a preventative measure, Finjan urges organizations to review their security practices, recommending a “layered” security approach and techniques such as real-time content inspection.

“A new security paradigm is needed to deal with the new and emerging threats,” adds Finjan, explaining that the security sector must also evolve to meet the need of businesses. “It has to learn from current events, predict future events based on current development, and act upon this information.”

Clearly the modern cybercriminal uses a laptop and a string of code (as opposed to a horse’s head) to strike fear into the heart of corporate America.

Have a comment on this story? Please click "Discuss" below. If you'd like to contact Byte and Switch's editors directly, send us a message.