Trends in Crime Toolkit Development

Introduction

Cybercriminals are people who use digital devices to commit crimes in cyberspace. The current prevalence of cybercrime is a major threat to information security. Initially, cybercriminals were hackers (often professional technical coders) who trespassed into the cyber world by implementing simple malware to conduct attacks. These attacks were generally aiming at gaining a reputation in the underground market, or to cause financial loss to a targeted user by deleting system data or stealing personal passwords. While occasionally their actions resulted in significant financial losses to victims it usually brought little or no financial gain to them(Sood & Enbody, 2013).

Currently, users and organizations are using Internet services heavily on their daily transactions because of the ease of attaining high speed Internet connections as Digital Subscriber Line (DSL), third Generation (3G) and others. Such new Internet services as e-commerce, online banking, online advertisements and others which moved the economy online. This economy movement shifted the motivation of Cybercriminals from getting individual reputations in the underground market and working as individuals into working as organized large groups with more money profit driven intentions.

However, Cybercrimes are becoming more serious. The underground market has allowed criminals to achieve cybercrime intentions in different ways. Unlike before, where a Cybercriminal needed to have a strong computer technical background, today the naïve user can conduct Cybercrime using tools which are sold in the underground market. These user friendly tools are called crimeware toolkits and can be used to create sophisticated malware binaries or to propagate these malware binaries. Figure 1 demonstrates a simple underground market scenario (Hogben, Plohmann, Gerhards-Padilla, & Leder, 2011) that reflects how Cybercriminals are using strategy as organized groups which are profit driven. It also demonstrates the ease of being a Cybercriminal or purchasing a Cybercrime service. Malware writers create a Crimeware toolkit that can be used to create malware binaries or to distribute malware with a simple interface where naïve criminals can use it. After that, the malware distributor distributes and sells the Crimeware toolkit to Cybercriminals. Services and support may be offered with the tool kit where help is required. Finally Cybercriminals can infect devices and distribute attacks using these toolkits. It should also be noted that services may be offered to criminals who are ready to pay for an attack service without the need to buy any type of toolkit.

Figure 1.

Underground market

Different studies and reports demonstrate the distribution and losses caused by Cybercrime. Symantec stated that, on average, 42 billion spam messages a day are sent around the world (Symantec, 2011). In 2012, $110 billion worldwide was lost to cybercrime, with Australia recording $2 billion in losses (Norton, 2012). HP Enterprise Security, showed different losses for different countries, in which US scored highest loss with $8.9 million in just 2012 (Ponemon, 2012). Finally, 13% of North America home networks were infected and compromised with malware during 2012 (Kindsight, 2012)

This chapter explores cybercrime trends, future threats, and the persistent development of the cybercrime threat landscape. It also presents Cybercrime evolution through time in malware propagation approaches and attack types.

This chapter is organized as follows. In Section 2, we present the crime toolkits development. In Section 3, we study crime toolkits trends. In Section 4, we discuss the existing protection mechanism. Section 5 provides the conclusion to this chapter.