Big Businesses Walloped With Climbing Cybercrime Costs

posted Oct 9, 2012, 11:30 AM by Justi Montague
By John P. Mello Jr. 

Cybercrime costs continued to climb in 2012 according to a report released Monday by the Ponemon Institute. 

The study of 56 large organizations showed that the average annualized cost of cybercrime for businesses was US $8.9 million a year compared to $8.4 million a year ago. Losses for the firms ranged from one $1.4 million to $46 million.

Cyberattacks have become common occurrences, said the study. On a weekly basis, the businesses in the study were subjected to 102 successful attacks per week, or 1.8 successful attacks per company per week. 

Double Frequency
"In just two years the number of successful attacks has doubled, which is pretty incredible when you think about it," Michael Callahan, vice president for product and solution marketing for HP Enterprise Security, which sponsored the study, told TechNewsWorld.

 "You might expect the number of attacks to increase with the proliferation of botnets, but it's amazing that so many are successful, given the amount of attention that's being paid to security," he said.

One reason for the increase in successful attacks may be the sophistication of the attackers, according to Larry Ponemon, founder and chairman of the Ponemon Institute. "Some of the attacks have become much more complex to identify, and much more stealthy," he told TechNewsWorld. 

In addition, malicious insider attacks are occurring more frequently, he added. "Malicious insiders, working with external parties, can cause enormous amount of damage and when they're detected, they're hard to contain and remediate."

Hackers Attack White House
A spear-phishing attack on a White House computer network that did not contain classified information came to light last week. "These types of attacks are not infrequent and we have mitigation measures in place," an unnamed White House official was quoted as saying.

"In this instance the attack was identified, the system was isolated, and there is no indication whatsoever that any exfiltration of data took place, " the official continued.  "Moreover, there was never any impact or attempted breach of any classified system,"

News of the attack broke on Sep. 30 when the Washington FreeBeacon, a conservative online news outlet, reported that hackers linked to the Chinese government broke into a computer network used by the White House military office for nuclear commands. 

Citing an official familiar with the incident, the FreeBeacon maintained that the breach was one of China's "most brazen cyberattacks against the United States and highlights a failure of the Obama administration to press China on its persistent cyberattacks."

One security analyst, however, didn't find the spear phishing attack on the White House that bold all. "I don't think it's a sign they're getting bolder," Ira Victor, a digital forensics analyst with Data Clone Labs told TechNewsWorld. "They've been this bold before."

It's going to get worse, he contended. "There are hundreds of thousands of fledgling keyboard hawks now being groomed by the Chinese government to break into systems," he said.

A major international crackdown on scareware scammers was launched last week by the U.S. Federal Trade Commission. The agency targeted six companies in India selling phony technical support services to English-speaking countries, including the United States, Canada, Australia, Ireland, New Zealand, and the United Kingdom. 

According to the FTC, some of the scammers cold-called consumers posing as representatives from legitimate companies, such as Dell, Microsoft, McAfee, and Symantec. They told the consumers that malware had been detected on their computers and then offered to remove it for fees ranging from $49-$450.

In addition to the "boiler room" tactic used by five of the firms, a sixth used ads placed on Google search pages to sell their bogus services. 

To elude scam fighters, the phony malware removers used 80 different domain names and 130 different phone numbers, the FTC said. 

"The FTC has been aggressive--and successful--in its pursuit of tech-support scams," FTC Chairman Jon Leibowitz said in a statement. "And the tech-support scam artists we're talking about today have taken scareware to a whole other level of virtual mayhem."