You may have already gotten yourself familiar with how eCrime works from our past research and field presence, but here is one more great example of this fascinating business: This article at the Washington Post covers the drop in prices of stolen credit cards. It talks about how a surge of “fresh merchandise” has hit the market and commoditized these credit cards to a level where you’d get change from a single dollar… It’s a great example of how eCrime works just like any other business in an economical ecosystem, and adapts to the supply and demand.
Just to complement the article, another contributing factor to the surge in availability is also attributed to the fact that there has been a surge in the availability of FTP credentials leading to legitimate sites. How does these two connect? Simple: FTP sites storing web content, get accessed by eCriminals (through an automated process of course), and the content associated with the website is modified to deliver a MalWeb attack that yields additional Trojan/Botnet infections. This leads to more credentials (both for FTP, as well as for financial services), which get to the market, get sold, and so on… This vicious cycle is feeding itself with more credentials, more access to financial resources, more infected systems in order to enhance the revenues from the eCrime business.
Simply put, the whole picture is what counts, rather than specific incidents. Protection on the other hand, is regarded to as “I have an AV”… leaving virtually millions of systems in the hands of MalWeb and other web threats that have proven to be more effective than thou.
Point in case – get better protection. For the sake of all of us… make sure that you can get protection from as far as your ISP, to as close as your home router, and of course PC. For enterprises it’s been easy with SWG (Secure Web Gateway) products providing that much needed layered protection, but for consumers we have usually smirked and had to dodge the questions of “so what do I do”. Start looking for ISPs that can provide that protection – beyond the “I’ll throw in an AntiVirus and an inkjet printer if you sign a 2 year contract”.