A bunch of bad user passwords. That was all it took for cybercriminals to expose data on a site that they didn't even directly break into. The site from which user information was compromised was Tesco.com, but according to CBR, Tesco itself was not breached. Instead, hackers had taken advantage of a user trend that unfortunately is all too common: weak user passwords. By infiltrating other websites that Tesco users also frequented, the cybercriminals were able to determine and then compromise passwords for 2,239 online Tesco patrons. How did they do it? Because user passwords were the same across different sites.
This is not completely the fault of the customers themselves. Companies like Tesco should have strong authentication strategies in place for its patrons to protect them against such attacks. However, as one expert pointed out, it is never a good idea for any computing user to have the same password across different platforms. "This is about consumer behavior," security expert Trey Ford told CBR. "People continue to reuse passwords and other credentials across multiple sites, making it easy for attackers to compromise them."
Unfortunately, malware and cybercrime are not going away anytime soon. A recent Security Threat Report conducted by Sophos for 2013 found that the threat landscape for malware is constantly expanding. The mounting nature of the threats is primarily due to a growing sophistication within the hacking community. Whereas attacks were once conspicuous, the malware criminal of today lurks in the shadows, compromising enterprise security covertly and often slipping out of a company's system before they are even detected.
"Cybercriminals have become more adept at eluding identification," the Sophos report found. This new tendency was illustrated recently by an attack on retail giant Neiman Marcus, which resulted in compromised information for millions of customers. Reportedly launched in July 2013, the breach was not fully stopped until nearly half a year later, in January 2014, Reuters reported. But by then it was too late — credit card information had already been stolen.
So why does cybercrime pose an unprecedented degree of threat? According to the Sophos report, it is not only because malicious incursions are easier to carry out, it is also because they are bringing in more profits.
Just like any criminal operation, malware is emboldened by the green. It is not incidental that cybercriminals tend to target things like Social Security numbers and credit cards: these things present a means of accessing a person's identity. And once that identity is assumed, it can be exploited. Based on a separate report carried out by the RAND Corporation — which posits that the cybercrime "Black Market" may be more profitable than international drug crime — the threat of malware necessitates identity protection on the part of computing users everywhere.
To learn about how the malware Black Market is raking in profits — and how users can defend their identity against cybercriminals — tune in to Part 2.