From The Editor | January 9, 2009

Sly Attacks, Silos of Information, Talent Poaching Covered In Cybercrime Report

It doesn't surprise anyone that when the economy slows, criminals become more active. In fact, today's wily cyber criminals are already morphing to swiftly take advantage of the unique fears accompanying this recession. That is one of the significant trends identified by McAfee in its annual Virtual Criminology Report. Dave Marcus, director of research and communications for McAfee Avert Labs, shared his thoughts on that report with me just before its December release. For Marcus, one disturbing part of the trend connected to the economic meltdown is 'muling,' or cyber criminals luring Internet users into participating in money laundering schemes. One example is a cyber criminal recruiting a person to process 'payments' and transfer funds internationally after taking out a small commission — in reality, laundering the money.

Another top trend is the startling capacity of cyber criminals to produce massive amounts of malware tightly connected to each day's news events. "The rate of change is staggering; a lot of people don't understand that the news of today is the malware of this evening," says Marcus. To illustrate the point, he recalls that as the presidential campaign wound down, many people found emails with links to president-elect Barack Obama's acceptance speech in their inbox the very next morning. It was a malware link — pure fraud.

The McAfee report also addresses a common frustration in law enforcement circles battling cybercrime — the silo effect. The lack of cooperation between nations means cyber criminals continue to operate across international borders with little fear of being prosecuted as information about their activities remains in regional silos. "The bad guys don't have boundaries, but the good guys do, and that only benefits one side of the equation," explains Marcus.

Lastly, while cybercrime is attracting smart, tech-savvy criminals, the effort to train and retain law enforcement specialists is stalling. "You have to have the right training and develop the right people in these situations, but then you also need the career development as well," says Marcus. "Good people get the training but then get poached, lured away by private investigation firms and vendors and such." The result? The frontline defenses against cybercrime are depleted. That lack of resources stings as law enforcement faces off with criminals capable of developing new malware at such a rate that the security industry finds itself analyzing and providing protection against a new piece of malware every 20 seconds.

There have been battles won: Traditional spyware and adware numbers are dropping. And for VARs working in the security space, there are opportunities. As governments try to better track and tackle security issues, the opportunity to provide training and upgraded analysis tools is there for channel partners comfortable in that vertical. There is also the opportunity to educate customers about the rapidly evolving security landscape and the need to secure networks and data. Remind your customers to install updates, to consider themselves a target, and be proactive in securing themselves and their businesses. If you are looking for specific statistics, download the McAfee report.