Increasing Dangers of Cybercrime

Companies should stop telling themselves that their network security systems are enough against any cyber threats looming in the Internet’s horizon nowadays. In fact, they should stop waiting for these threats to happen in their systems before they take any action against it. The risk of these cyber crimes isn’t a laughing matter and imminent doom is the only thing that awaits irresponsible and reckless companies.

Because of the constant change in our world today, the threats in the network systems of companies are further evolving and it may come from any kind of vector – mobile phones person to person networks, social media, Emails, web applications and so much more. To make matters worse, the security defenses and methods the companies employ like the regular penetration testing and anti virus software is being left behind. The technologies and skills these cyber criminals employ are sometimes far more superior than any other IT experts working as security administrators in different companies.

Due to their superiority when it comes to skill and tools used in hacking, creating sophisticated codes for malware, spear phishing and bot nets, committing cyber crime nowadays is as easy as pie. As a matter of fact, some cyber criminals don’t even need to lift a finger to do a thing; everything he wants to be done will be accomplished by the software he an unwilling victim downloads.

Aside from that, cyber criminals who are expert in writing different sophisticated software used in cyber crimes can even sell their software on a certain price to other criminals who lack the sophistication, skills and knowledge to make their own code. Thus, anyone who wants to hack a certain establishment will be able to use sophisticated software to accomplish everything he needs to be accomplished. The best example of sophisticated malware that is being sold in the Internet nowadays is the ZeuS malware. This dangerous malware is highly sophisticated and can be programmed to do different task depending on the type of attack a ZeuS user may want; ZeuS can also be used in building a much potent threat – bot nets.

Many security experts are getting more and more concerned about the evolution of cyber crime. Furthermore, the integration of these cyber crimes into an organized crime has created a greater scope of threat in many industries today. Criminals in cyber underground can share the sensitive information they have or work together to build a team to take down the tough security systems of some company. It’s an A-team of criminals adept in making codes, decrypting encrypted files, intelligence gathering deploying malware and scanning company systems for vulnerabilities they can exploit.

Nowadays, cybercrime has become a profession to some individuals and the levels of professionalism they have can be amazing. Potential clients will approach cyber criminals in these underground forums where clients can hire them to initiate attacks to specific targets – of course on a certain price. They will pay these crooks to launch DDoS attacks, steal or destroy sensitive information or others. But before clients hire these crooks, clients would often ask them to show their skills and how good they are in their trade.

Still, not all cyber criminals assemble teams to work together for a single purpose; individual cyber criminals can work on their own because of their bot nets. And what motivates them in making these crimes is the cash they could acquire from different companies like banks and other financial institutions. But some of those criminals aren’t focusing on financial institutions only; why would they hack on banking networks where there are securities that are tough to break or circumvent. They would rather hack the networks of some large scale businesses and institutions like restaurants, universities and hospitals. They can still get the needed information of their target without having to face difficult security systems.

These threats aren’t only used in stealing or making profit from different companies, sometimes these threats are used in attacking different governments. Espionage has become easy because of the Internet; any country could steal important information or make any destabilization plots against the target country.

Indeed, whether it is the government or other private industries, it is important to strengthen their defenses against cybercrimes. They should explore the vulnerabilities of their systems which can be exploited; it is easy to identify the vulnerabilities of network by completing a simple pen test. It can only be done by an expert in network security who has completed penetration testing training.

The International Council of E-Commerce Consultants (EC-Council) is a member-based organization that certifies individuals in cybersecurity and e-commerce. It is the owner and developer of 20 security certifications. EC-Council has trained over 90,000 security professionals and certified more than 40,000 members. These certifications are recognized worldwide and have received endorsements from various government agencies. They also offer trainings in penetration testing.

More information about EC-Council is available at www.eccouncil.org.

Breach Forensics – Preventing the Worse from Happening

In every incident response after a breach, the aftermath is indeed challenging in uncovering the crime, but from there the challenge becomes tougher. Whenever cyber criminals clear the digital vault, the only thing they have to do is to get away clean – that is very simple to most criminals in the cyber-underground society.

However, there are still a few things an incident handling team can do to prevent the worse thing from ever happening after data breaches and still track the footprints that were left behind.

There have been many data breaches that happened to different sectors in industry and even if the some evidences point out to a certain origin of the attack, it is not enough to initiate an arrest or point out the involvement. Sometimes these crooks use and control botnets to cover their tracks after the dark deed has been completed. Soon security experts will have to play a catch-up game with these crooks.

However, not all evidences are deliberately erased by the crooks and it happens a lot in many cyber crimes. Network admins would try to assess the depth and severity of the breaches and sometimes their access could accidentally or perhaps deliberately destroy some evidences that would quickly resolve the situation. You can compare it to an innocent bystander who could complicate the police investigation by accidentally stepping on the evidence. Sometimes the network administrator could have failed to recover the evidence that will determine how, when and where the attack happened. It is important for experts to properly collect and also maintain the evidences because the evidences are the only key in revealing not only the means of the attack and who is behind it but also reveal the scope of damage in the system.

According to experts, incident handling teams must undergo the right incident handling training to acquire the right skills in performing analysis on malware attacks or data breaches. Moreover, they must know how to determine a threat of a malware to a system by analyzing it in a sand-boxed environment, thus it is possible for them to determine ex-filtrations methods of a certain malware and aid their efforts in remediation. Since, malware are dynamic and can communicate on many hosts, the results of the analysis can be of help to create an excellent block list. This block list will be used to limit the amount of exposure of some applications and also detect malware ex-filtration. This is one of the best solutions on detecting any exiting data.

In the event that the infected systems have been finally identified, the network administrators must turn off those systems and map them in a specific way so that they can picture out how the structure has been modified. Then the infected system must be replaced with a cleaner and more secure structure. If the attacker has breached the database and is retrieving important data remotely, then administrators have to cut the connection of that server or database temporarily. By analyzing the network traffic, experts could pinpoint the domains, addresses or any ex-filtration points that are used to retrieve information. These addresses and domains must be added to the existing firewall so that the compromised system will prevented in making any outbound connection to these ex-filtration point. With this, it is possible to limit the loss of data and determine how the breach happened and also how to rectify it.

Analyzing the log is also important in breach investigation; however, log systems must not be in the default system so that evidences will not be overwritten and preserved. Thus it is important to set a proper retention policy and implement log aggregation or right management in any security event. But logs have a limit and that is because they only provide intelligence on how the systems generate them.

Log data is definitely one of the places an attacker will leave his or her mark. It is very obvious and any smart administrator would check the log data first because most of the time, the log data is the first place where attackers would try to hide his or her tracks first. An attacker may delete or perhaps modify log entries, entries that would indicate the breach on the system.

Important data will provide leads on the breach’s source, the construction of malware, ex-filtration point of data and the identification as well as the nature of the compromised data.

The International Council of E-Commerce Consultants (EC-Council) is a member-based organization that certifies individuals in cyber security and e-commerce. It is the owner and developer of 20 security certifications. EC-Council has trained over 90,000 security professionals and certified more than 40,000 members. These certifications are recognized worldwide and have received endorsements from various government agencies. They also offer trainings in penetration testing.

More information about EC-Council is available at www.eccouncil.org.