Three ways cyber criminals make money from hacking you

Tools


It seems like new reports of cyber criminals and botnets are surfacing every week, often with the revelation that they are making off with large sums of money to boot. Security vendor Trend Micro this week came forward with the results of its covert investigation of a young Russian cybercriminal. From the activity observed from the command-and-control server, Trend Micro estimated that a staggering $3.2 million was looted over a six-month period.

So how do black-hat hackers gain from their crimes? Below are three possible methods.

Stealing financial information

It's a fact that more end-users and businesses than ever are performing Internet banking from their computers. Moreover, buying things online by means of credit cards or PayPal are common occurrences to most. Unfortunately, this trend coincides with the ready availability of useful commercial crimeware such as Zeus and SpyEye, malware specifically designed to steal financial information and credentials.

Theft of Internet connections

In following the money behind the TDSS/TDL-4 botnet, two Kaspersky researchers conducted an exhaustive analysis. A component that turns compromised PCs into unwitting proxy servers was uncovered, which was linked to an alleged storefront peddling an Internet anonymity service for a cool $100 per month. And in this case, the potential that victims will be graced with visits by law-enforcement agents is also very real.

Exploitation of processor cycles

It would appear that the TDSS botnet has received an update that forces infected computers to mine Bitcoins, according to a report posted last week on The Register. For the uninitiated, Bitcoin is a peer-to-peer virtual currency heralded for its anonymity and designed so that it can be sold or bought via the Internet without having to go through a payment processing service.

By listing down some of the ways that black hats are exploiting compromised computers, I hope to draw attention to the profit motivation of cybercriminals. With so much at stake, it is obvious that businesses cannot expect to defeat cybercrime without injecting additional resources to protect themselves.

As usual, I look forward to hearing your thoughts on the fight against cybercrime, especially if you have anything to add to my list above. - Paul Mah (Twitter @paulmah)