Cyber crime is big business.
There are now dedicated cybercrime businesses employing hundreds and even thousands of people, and Cyber crime is now expected to cost the world economy in excess $2 trillion per annum by 2019.
Like any big business, organisations involved in cyber crime are extremely sophisticated and have effective supply chains, use middle men, and have incentivised sales forces & distribution channels. There are even operators out there offering CCaaS services (Cyber Crime as a Service) to commit everything from DDOS attacks ($10/hour) to SPAM-for-Hire ($200/day). Bad guys can purchase remote access to already compromised machines for as little as $13 per month, and “exploit kits” can be rented by the day, week or month. Then there’s a well developed (black) market ready to purchase any ill gotten gains.
A simple Google search can deliver current pricing for such things as detailed personal information, credit card details, social security numbers, forged documents and almost anything else that a value can be put on.
Cyber criminals know the entire internet inside out, including everything that connects to it and through it such routers, switches, servers, clients, operating systems, databases and applications. They can readily work out where any little “snippet” of information has come from, where it fits into the bigger picture, and how they can use it to assist with their exploits.
Cyber criminals have a broad range of toolsets and methods at their disposal to exploit any weakness and obtain what they’re after including:All of the above are used to obtain “snippets” of relevant info which can then be plugged into a wider arsenal of software and tools to create & assemble something that they can use.
It must be remembered that cyber criminals aren’t necessarily looking for some secret “document” or “email”, they’re looking for:
Their capability, the sophistication of their tools in identifying, reading and reconstructing data, finding weaknesses and their determination should not be underestimated.
Discarded / disposed of equipment potentially provides rich pickings for cyber criminals as they will often contain many of the “clues” they are looking for.
For example:
Consequently, there are well established markets for used equipment that hasn’t been appropriately sanitized.
Copyright © 2024 ITRecycla LTD. All Rights Reserved.