Criminals are increasingly targeting specialised information such as healthcare data, single sign-on credentials for remotely login to corporate networks, and FTP account data, according to a new report from security vendor Finjan.
The report, which was released Wednesday, summarises the latest trends in the cybercrime marketplace over the first six months of 2008.
One of the biggest among those trends is the growing commoditisation of some kinds of stolen data, according to Yuval Ben-Itzhak, chief technology officer at Finjan.
Until recently, he said, credit card numbers and bank accounts with PINs were considered valuable items in the underground market. But of late, the market has become flooded with such information leading to its commoditisation.
Where valid credit card numbers and PINs used to sell for US$100 or more each, Ben-Itzhak added, they retail today for $10 to $20 in the underground market. Depressing prices even more is the easy availability of such information from numerous sources, most of which are quite literally a mere Google search away from prospective buyers.
As a result, there is a trend on the part of some online thieves to go after data that can fetch them premium prices in the cybercrime market. "It's just basically the rules of supply and demand," Ben-Itzhak said.
One trend Finjan has noted is an increased focus on trying to steal login credentials for Citrix applications. Technologies from Citrix Systems are being used by an increasing number of healthcare organizations to enable remote network access, Ben-Itzhak said, and stealing Citrix log-in credentials often allows data thieves to gain single sign-on access to a wide range of healthcare related information from inside hospital networks.
The stolen data is used for a variety of scams such as fraudulent insurance claims, illegal purchases of prescription drugs, and medical ID theft.
It's not just healthcare organisations that criminals are targeting either, Ben-Itzhak said. There's a growing focus on stealing login credentials that provide remote access to business networks as well.
Finjan, for instance, recently discovered a Argentina-based server containing over 500MB of stolen data, and another server containing over 1.4GB of similar information in Malaysia.
In both cases, the systems contained not just healthcare information but also business-related data -- for instance, one of the servers had a cache of data that included passenger reservation data and flight scheduling information stolen from a major airline.
Despite the increasingly sophisticated methods cybercriminals use to steal data, those who are actually soliciting and using the stolen information are relative amateurs with little idea of how to secure their illegally gotten data, Ben-Izthak said.
Often, stolen data is stored in unprotected fashion on servers that can easily be accessed by anyone with a Web browser. Data on one of the crimeware server discovered by Finjan this year had no access restrictions and allowed search engine crawlers to index log files as they do with other public information on the Internet.
As a result, passwords, Social Security numbers, and other sensitive information ended up being stored on public caching servers such as Google's.
The full report is available on the Finjan Web site; registration is required.