(Or How Money Makes the Web Go Round)
May is an important month in the IT security industry because it’s the anniversary of one of the most fearsome viruses ever—the ILOVEYOU virus aka the Lovebug. Back in 2000, it was a very big deal because it created a new way of infecting people’s systems—through email. This started the era of email viruses that we all suffered from since then. Yes, they’re technically worms but that’s not important. What was important back then was that these wanted to use your computer as a virtual walls for graffiti (“Jaschan was here, screw you netsky!”).
That sounds very different from today’s viruses. Yes, we call them Trojans now but that doesn’t matter either. Today, threats are all about information theft. Cybercriminals want your credentials (your eBay password) to make money one way or another (so they can sell imaginary stuff using your reputation). They want your Facebook login credentials so they can send bad links to your friends and steal their information; your “World of Warcraft” account credentials so they can sell your valuable online items; and your online banking credentials so they can… well, you know what they want those for, I guess.
Here’s one important thing to remember—the more targeted an attack is, the more valuable the stolen data is. Let me explain. If you’re broke and your eBay account has a reputation of -1, you’re not a great cybecriminal target. Now, if you were a power seller, the story would be very different. If these guys can get a database of power sellers, heavy Facebook users, or corporate users or big company executives, they can specifically tailor their attacks to target these people, making these much more effective. Do you get where I’m going?
Financial motivation + Really good social engineering + Data breaches = Explosive cocktail
As Dorothy said in “The Wizard of Oz,” we’re not in Kansas anymore. Actually, if you’re in Kansas, beware of all these because all countries, states, and OSs are equally targeted. Cybercriminals don’t discriminate—all Internet users are potential victims to them. Today’s persistent threats are all about laying low, staying in the users’ systems, and collecting as much data about users as these can. Every bit of your personal information interests online gangs. After all, this can all be monetized one way or another.
It’s unlikely that we’ll see another dramatic change in motivation anytime soon. Now that cybercriminals have jumped onto the money-stealing bandwagon, they’re not going away anytime soon. They’ll just adjust to whatever new technologies and methods emerge in the market.
Scary? It is. Stay safe, stay aware, and be careful out there! Logging off now.