(Or, How Money Makes the Web Go ‘Round)
May is an important month in the IT security industry because it’s the anniversary of one of the most fearsome viruses ever: the ILOVEYOU virus, also known as the Lovebug. Back in 2000, it was a very big deal because it created a new way of infecting people: through email. This started the era of email viruses that we’ve all suffered through since then. Yes, they’re technically worms, but that’s not important. What was important back then is that they wanted to use your computer as virtual graffiti (“Jaschan was here, screw you netsky!”).
That sounds very different from today’s viruses. Yes, we call them Trojans now, but that doesn’t matter either. Today, the threat is all about information theft. They want your credentials to make money, one way or another: your eBay password so they can sell imaginary stuff with your reputation. Your Facebook login to send bad links to your friends and steal their information. Your World of Warcraft account to sell your valuable online items. And your bank’s credentials to … well, you know what they want that for, I guess.
Here’s one important thing to remember: the more targeted the attack is, the better the data. Let me explain: if you’re broke and your eBay account has a reputation of -1, you’re not a great target for these criminals. Now, if you were a power seller the story would be very different. If these guys can get a database of power sellers or heavy Facebook users or corporate users or big company executives, the bad guys can tailor attacks specifically for these people and cause them to be much more effective. Do you get where I’m going? Financial motivation + really good social engineering + data breaches = explosive cocktail.
As Dorothy said in The Wizard of Oz, we’re not in Kansas anymore. Actually, if you’re in Kansas, be aware of all this because all the countries, states and operating systems are equally targeted. Criminals don’t discriminate – all Internet users are potential victims to them. Today’s persistent threats are all about laying low, staying in the user’s system, and collecting as much data about you as they can. Every bit of your personal information is of interest to online gangs. After all, it can all be monetized one way or the other.
It’s unlikely that we’ll see another dramatic change in motivation any time soon. Now that they have jumped onto the money-stealing bandwagon, they’re not going away any time soon. They’ll just adjust to whatever new technologies and methods appear in the market.
Scary? It is. Be safe, be aware and be careful out there! Logging off now. Be safe.
Leave a reply
