shadow_tr
decorative image of words

What do Cyber Criminals Want?


Posted: 11/08/2013

People are so inundated with warnings regarding email, viruses and malware, that any understanding of what cyber criminals are after and what the victim has to lose can get lost in the translation. Motives can be clear when it comes to certain technological scams, while in other instances, there seems to be little gained by an attacker. The truth of the matter is that cyber criminals always win when the victim loses.

Today’s cyber criminal is after identity resources, such as social security numbers, credit card information and login credentials. These can be used to impersonate or steal directly from the victim. Physical resources of the victim can also be used to the gain of the cyber criminal as a compromised device or account can be used to perpetuate criminal activities.

Phishing Scams

Phishing emails are an attempt to gain access to a victim’s resources by using social engineering techniques, such as being familiar to the victim or using language that will spur the victim into reacting before thinking.

Some phishing messages may have a threatening tone to scare the victim into responding. An example message could contain, “If you don’t provide your login ID and password immediately, your account will be deleted!” Others might add to their legitimacy by attempting to represent themselves as a familiar party such as Tulane University, a financial institution, or an email provider. These phishing emails will often contain links to a website where, once entered, the victims credentials are in the hands of the cyber criminal.

The negative consequences can include the use of the victim’s email account to send hundreds or even thousands of additional emails. Email credentials can also be used to gain access to other accounts such as the victim’s bank or credit card websites.

Tulane Technology Services or any other department will NEVER, under any circumstance, ask for login information, via email or web form. Parties asking for this type of information via email are very likely a fraud.

Viruses

A computer virus is an invasive piece of software that often takes advantage of an exploit in a computer such as the operating system or an installed application. Like biological viruses, they often had adverse effects on the victim device creating noticeable symptoms [sluggishness; software errors; missing files], but it’s what happening underneath and unseen that is the scary part.

One of the most common uses of virus software is to take control of computers. This can be done en masse in the form of a ‘bot,’ which will likely use the systems to perform attacks on higher-level targets of the criminals.  A group of these bots form a powerful chain of infected computers known as a “bot net”. If a victim is part of an institution that may have valuable information or resources, the compromised device may be used to piggyback into a network to attack more sensitive computers. Once infected, a computer becomes an open doorway for additional infections and malware.

Malware and Ransom-ware

Malicious software is less subtle than a computer virus is that it is often dependent on the target downloading and installing the software outright. Often, these applications will be posing as seemingly legitimate free services or widgets to enhance the victim’s computer. They may even be labeled as professional mainstream software that is available free on a website in a foreign country. Once malware is installed, it has the same access as the user of the computer. When it is finished setting up, malware has free reign of the device and can be devastating.

A common malware scam is to hold a computer’s data for ransom in exchange for a credit card payment to solve the issue. Some of these are easy to get rid of, as they use older techniques to keep the operating system from behaving normally. Some malware even state that the computer has a virus and they are a legitimate software company that can fix the issue. Recently, there has been a spread of cryptographic ransom-ware that locks away all of the data on a computer in unbreakable code, while storing the key that unlocks the data remotely. If the data was not backed up somewhere trusted, in this scenario, then the victim will likely have to pay up or lose the data forever. The more successful the ransom-ware, the more payments the cyber criminals will receive and the more time they will take to make it more robust.

Author: Paul Sieberth is an Encryption Analyst and provides Digital Forensic Services as a member of Tulane's Information Security Office
Follow Us: @TulaneInfoSec

Technology Services, Tulane University, New Orleans, LA 70118 -- TSNOC: 1-866-276-1428 -- help@tulane.edu