Cybercrime as a business is taking off

The report - The cybercrime black market uncovered - says that, although Panda does not have precise data, it believes that cybercrime has expanded along with the economic crisis.

Previously, says the report, it was in no way easy to locate sites or individuals dedicated to this type of business, yet now its relatively simple to come across these types of offers on underground forums.

"The global evolution of malware, and specifically the growth of IT threats designed to steal bank details, explain why the black market for selling confidential personal details has expanded", it says,

And, says Panda, the exponential growth in malware in recent years is an undeniable fact, as security companies have been affirming for some time now.

"A few years back we were reporting that some 500 new threats were being created every month whereas now, PandaLabs, our anti-malware laboratory, receives on average 63,000 new threats every day. And this doesn't account for everything that is created, just what reaches us", the report notes.

According to the Panda study, it is not just a question of exponential growth, but an increasing trend: "By 2009, our Collective Intelligence database contained almost 40,000,000 classified threats, and in 2010 we added some 20,000,000 more. That means we now have more than 60,000,000."

Five years ago, notes the report, there were only 92,000 strains of malware catalogued throughout the company's 15-year history, but this figure rose to 14 million by 2008 and 60 million by 2010, which gives a good indication of the rate of growth.

So what is driving this massive growth?

Corrons and his team say that cybercrime organisations now have a hierarchical structure whereby every action is performed by specialists.

"If you think about the different countries they are present in, you will get a clear idea of the number of people involved in these criminal activities, and who benefit from the anonymity provided by the internet", says the report.

Social engineering is then used, the report adds, to trick victims through the most popular distribution vectors, with email being one of the most channels frequently used, although now social media and fake websites are also being tapped.

Once the card credentials have been harvested, it's time to sell them on and, says Panda, prices vary according to the vendor, although the average is $150 for a complete card and a minimum order of five units.

There is, notes the report, an additional cost for the physical plastic: $30 white plastic, and $80 for colour printing.

"You also have to add to the cost of the information (the card number, PIN and other details) for which, as we've seen before, there are various offers. The sellers guarantee the quality of the card (the image below talks about 2,800 dpi) and that it will be identical to the bank original, even including the hologram", says the report.

So what can internet users and payment card holders do to help beat the rising tide of cybercrime?

The report recommends that users should never give your card to anyone and keep it with you at all times. Cardholders should also never sign a blank receipt.

"Never give your account number or passwords over the telephone, unless you are 100% sure about the reliability of the company or you have initiated the call to request a service", says the report.

Online, meanwhile, users should not respond to unsolicited emails, IM messages, SMS, or pop-ups that appear to come from a bank, credit card company, telephone company, online store or payment platform.

Finally, the report recommends that internet users should never use their debit card for online purchases, as it is far better to use a credit card for several reasons.

What’s hot on Infosecurity Magazine?