The Norton/Symantec Cyber Crime study of 2014 has tried to provide an insight into the Underground Cyber Crime economy that drives the growth of financial crimes.
Spamming and Phishing continue to be the major tools through which frauds are committed on Cyber Space. Spamming with malicious links and attachments are used to drop Trojans and Phishing is used to make the spam look like a message from a known person.
According to the study, approximately 28 billion spam mails were in circulation worldwide each day in 2014 compared to 29 million in 2013. Overall, for 2014, 60% of email traffic was identified as spam compared to 66.4% in 2013 representing a decrease.
According to the India specific information available from Norton study, an estimated Rs 16558/- was lost on account of Cyber Crimes by Indian consumers on an average. The study estimates that approximately 113 million Indians were affected by Cyber Crimes which constituted around 48% of the Indian online population. There is a little ambiguity on the way the loss is being estimated and hence we shall leave it for analysis at a later time when more information is available while we revert to the figures available in the global study.
The Cyber Crime market has evolved like any other business where the crime ware is being developed by one set of people and exploited by another. There are people who specialize in developing malware, other people who specialize in identity theft and another set of people who drop the malware using spam techniques and yet another set of people who actually draw fraud money out of the victims. Certain trojans are available on lease for a specific period making it all look like an organized business.
The study estimates that a A drive-by download web toolkit, which includes updates and 24/7 support, can be rented for between $100 and $700 per week. The online banking malware SpyEye (detected as Trojan.Spyeye) is offered from $150 to $1,250 on a six-month lease, and DDoS attacks can be ordered from $10 to $1,000 per day. The value of information sold in the market for Cyber Crime is indicated by the following table.
If Cyber Crime has to be curtailed, then it is important to recognize the existence of this chain of actors and eliminate the participants at each of these levels.