This is essentially how we treat security today. The only way you can win is if the other guy gets so tired they pass out. No attacks, no counterattacks, blocking only. I used to teach martial arts, and we’d sometimes run an exercise with our students where they’d pair of for sparring, but one person was only allowed to defend. We can’t win if all we do is play defense.
We, as an industry, need to start dealing with these threats more proactively. And this is only one of the different kinds of criminal operations running on the web. Calling themselves “carders” or “credit card resellers” these organizations run the equivalent of an eBay for bad guys. Unlike most of the FUD out there, the USA Today article discusses specific examples of operating criminal enterprises. We all know financial cybercrime is growing and increasingly organized. Or the guys who make the safes and spend all their time breaking the other guy’s stuff. I can guarantee that before banks started buying safes and storing cash in them, the only safecrackers were bored 13 year old pimply faced boys trying to impress girls.
.jpg "prodiscover basic for mac")
It’s just one of those unfortunate natural evolutions- bad guys follow the money, then it takes them a little bit of time to refine their techniques and understand new technologies. About 2-3 years ago I started talking about the transition from experimentation to true cybercrime.
Stiennon over at Threat Chaos is also writing on it, as are a few others. (Full disclosure, I’ve served as a source for Jon in the past in other security articles). I picked up the ever-ubiquitous USA Today sitting in front of my hotel room door this morning and noticed an interesting article by Jon Swartz and Byron Acohido on cybercrime markets.
0 kommentar(er)
