This Week in Cybercrime: Hackers Say “If You Can’t Beat ‘Em, Evade ‘Em”

Plus: Zero-day Java hacks added to multitool of exploits, judging cybercrime’s true economic effect, and Toyota computer system looted by former contract employee

3 min read

This Week in Cybercrime: Hackers Say “If You Can’t Beat ‘Em, Evade ‘Em”

Evasion techniques that let cybercrooks bypass companies' antivirus software, firewalls, intrusion prevention systems, and other first lines of defense are becoming more prevalent, says a article citing a study released on 29 August. The study, from FireEye, a security vendor focused on advanced persistent threats, says that in the first half of 2012, the incidence of advanced malware successfully evading signature-based detection such as blacklisting technology and AV software was 225-percent as great as for the previous six-month period. One such evasion tactic, says FireEye, is the use of "throwaway" domains in spearphishing e-mails, in order to keep technologies that rely on domain reputation analysis from sniffing out the sender’s intentions. According to, the number of domains used fewer than 10 times rose 45 percent from the second half of 2011. "These numbers make clear that cybercriminals are changing their malware more quickly, and reproducing malware and morphing it in an automated fashion," the report said.

On 29 August, Computerworld reported that hackers have added two new zero-day exploits that take advantage of Java vulnerabilities to Blackhole, a veritable Swiss Army knife of exploits. Blackhole is designed to try each of its malware tools until it finds one that will work against a particular computer. The head of research at security firm Websense said that by that morning, his team had found more than 100 unique domains serving the Java exploit. He predicted that numerous sites would be successfully attacked using these new exploits over the next few days. According to Computerworld, Michael Coates, director of security assurance at Mozilla, maker of the Firefox Web browser, is urging Firefox users to disable the browser's Java plug-in because Oracle has not issued fixes. Others, including the United States Computer Emergency Readiness Team, seconded Mozilla’s suggestion or recommended uninstalling Java entirely.

What is the global economic impact of cybercrime? A NetworkWorld article reports that U.S. government officials including the president have parroted reports pegging the figure at US $1 trillion. But in a recent ProPublica report, several security experts and analysts call that trillion-dollar-cybercrime estimate grossly inflated. They remind the public that any estimate from a security vendor should be taken with a grain of salt. It is understood that IT security firms stand to gain from an atmosphere where the perceived security risks and costs are greater. "I don't beat them up for it," Jason Healey, director of the Atlantic Council’s Cyber Statecraft Initiative, told NetworkWorld. "Experts have long had trouble agreeing on estimates that are within even two orders of magnitude of each other," says Healey. Why? For one, industry reports are not peer reviewed the way articles in academic and professional journals are. And even the most even-handed reports suffer from the fact that, as the authors of a cybercrime assessment done at the behest of the UK Ministry of Defense noted in the paper, "There are over 100 different sources of data on cybercrime, yet the available statistics are still insufficient and fragmented; they suffer from under- and over-reporting.”

SecurityWeek reported this week that Toyota has filed a lawsuit against an ex-contractor for sabotaging the company’s supplier network and downloading confidential information. According to Toyota’s court filing, Ibrahimshah Shahulhameed, who was working for the automaker at a facility in Kentucky, gained access to the company’s online supplier network after he was fired on 23 August; he spent that night downloading trade secrets and other proprietary information then sabotaging the network. Toyota’s computer security officials told SecurityWeek that they weren’t immediately sure how much damage Shahulhameed had done; his sabotage efforts were seemingly meant to cover his tracks. For a moment, Toyota officials were afraid that Shahulhameed, who SecurityWeek says is in the United States on an H-1B visa, would escape punishment for his actions. After he was released on $2500 bond, he told corporate investigators that he was planning on returning to his native India. But he subsequently agreed not to travel during the court proceedings.








The Conversation (0)