Third of our three part series on the Anatomy of a Crimeware Syndicate, as delineated by Derek Manky, Senior Security Strategist at Fortinet. In part one we discussed the fundamental infrastructure and hierarchy of a crimeware syndicate. Part two talked about the threat landscape and major botnet takedowns. Now part three looks at specific threats facing organizations and outlines what tools can be used to combat them.
You often get what you pay for, and crimeware markets are no exception. Attackers looking for crimeware can expect to pay more for tools equipped with sophisticated features, but price is also contingent upon availability and effectiveness at achieving attack objectives. Here are some of the features and corresponding prices you might expect to pay these days, according to Fortinet Senior Security Strategist Derek Manky, if you’re in the market for crimeware:
. Botnets: Features include broadcast command & control, keylogging, download and spam. For example, Zeus/ZBot runs $700 for an older version, $3,000 for the new, as well as Butterfly, which is sold for about $900.
. Simplified botnets: Features include the ability to download and execute malicious code, used primarily for rentals/crime services. An example of this botnet is Bredolab, Software can be acquired starting at $50.
. Remote access Trojans (RATs): Features include targeted attacks, with screen shot and Webcam feed capabilities. Examples include Gh0st Rat, Poison Ivy, Turkojan, running for about $250.
. Exploit Kits: Features enable exploiters to attack users via websites. Examples include GPack, MPack, IcePack, Eleonor and generally range between $1K-$2K.
. Crypters, Packers & Binders: Features enable an attacker to obfuscate binary code, piggyback code and generally avoid detection, costing anywhere from $10-$100.
. Source code: This is free and generally available to anyone. Often this information is leaked from private / controlled versions of code in cases where hackers attack other hackers.
Once the malicious software is installed, it can wreak all sorts of havoc on users’ systems. Manky says that among other things, malware may download additional malicious code onto a victim’s machine; steal credentials and data from critical accounts such as bank, credit card and social networks; and proxy or host malicious traffic on behalf of the crimeware syndicate. More stealthy malware could encrypt business sensitive data for ransom or track users’ search habits to deliver advertisements.
So what can users do to protect themselves against the very real possibility of being attacked? As most organizations know by now, there is no “silver bullet’ or “one-stop shop” approach. The only way to comprehensively protect your IT environment against malicious threats is by taking a multi-layered approach Manky says–implementing relevant solutions and understanding what functions they serve. The following security solutions are essential for any organization:
Intrusion Prevention: blocks zero-days and other exploits
Application Control: protects against malicious services/ web applications
Web Filtering: defends against more elusive threats such as botnet command and control, fast flux/malhosting and SEO attacks
Antispam: blocks spambots and incoming campaigns
Antivirus: stops a variety of malicious code crimeware, Trojans, bots, and ransomware, among others
Leave a reply