CyberSecurity Institute

The service simply required attackers to inform it of which site they wish to launch a DDos attack against, decide how much they are willing to pay, and initiate the service.

This is just one example of a vast array of services and tools that make up a tumescent online marketplace wannabe cybercriminals can use to gather components of a cyberattack – or outsource the process altogether, the study found.

Stolen bank login information commands a higher price than credit card numbers, with prices ranging from two to 10 per cent of the account’s balance.

Meanwhile, so-called “bulletproof” hosting providers – firms which knowingly provide web or domain hosting to cybercriminals – can charge between $50 and $400 for their services per month.

Troels Oerting, head of EC3 European Cybercrime Centre – who wrote the white paper’s foreword, said: “Today’s cybercriminals do not necessarily require considerable technical expertise to get the job done, nor, in certain cases, do they even need to own a computer.

A marketplace offering cybercrime tools and services provides would-be criminals with an arsenal that can either be used as a component of a cyberattack or a handy way of outsourcing the process entirely.”

Link: http://www.channelweb.co.uk/crn-uk/news/2279505/ddos-attacks-on-sale-for-usd2-an-hour

vents—Some of the bigger stories surrounding email and web threats over the past six months include malware campaigns leveraging the Boston Marathon bombings, the continuing rise of mobile malware, and DSD: a distraction technique used by cybercriminals as they’re emptying your bank accounts.

“If you notice a deluge of spam in your email inbox, it’s best not to try to monitor your email, but instead go directly to your account(s) activity because the people behind this spam blast have somehow obtained your personal account information and email address,” says Touchette. “In order to hide purchase receipt emails or balance transfer confirmation emails, the attackers, just before they make the illegal transactions, turn on this deluge of spam email in order for these very important emails to get lost in the flood.

As for server side vulnerabilities, some of the biggest exploits so far in 2013 have included cross-site scripting, cross-site request forgery, broken authentication systems, Ruby vulnerabilities, universal plug and play problems, and an Adobe issue with ColdFusion.

Metrics—In addition to the familiar data regarding email spam and viruses, this report includes some baseline data about web-based malware that AppRiver will track over the months ahead. As web-based malware and “drive-by downloads” become more widespread, this data will expose trends and patterns that can help improve security for users.

The Cyber World—This section of the report discusses major cybercrime arrests like that of Hamza Bendelladj for leading a major Zeus botnet, along with Hacktivism activities, and the evolution of cyber espionage from simple murmurings to mainstream conversation with attention-grabbing incidents such as Stuxnet, targeting a very specific system for enriching Uranium in a very specific location, not to mention the talk of cyber exchanges between the U.S. and China.

Link: http://www.heraldonline.com/2013/07/02/4994746/appriver-releases-mid-year-global.html