Cyber criminals polish marketing skills for targeted attacks

Sophisticated marketing and social engineering tactics are helping to change the face of cyber crime, according to the latest quarterly report from security firm IID.

Practices such as targeted phishing attacks and spam campaigns are benefiting from improved marketing techniques and tricks, the firm said.

IID president and chief technology officer Rod Rasmussen told V3 that criminals increasingly rely on compromised accounts to spread attacks to additional targets within an organisation.

He explained that in many cases, an attacker will target staff in strategic roles, such as a human resources manager, and then use the reputation of that stolen account to increase the likelihood of successful attacks on other employees.

"Because this is going on, you are getting communications from an account that you know and trust," he said. "It is always good to ask. Pick up the phone and make a call if something weird is going on."

Underworld interest in accessing that information has also increased lately. Rasmussen explained that online crime forums which previously dealt only in stolen credit card numbers have begun to trade in online account credentials.

The IID executive said that, along with making targeted attacks more effective, a compromised account can be used to break into other accounts owned by the same user.

"It is a cascading effect in a way. One compromise leads to another compromise which leads to even more compromises," Rasmussen said. "A lot of the people doing this are not that sophisticated, but they have access to information."

Criminals can likewise use the stolen credentials from one site to take over additional accounts on other sites because many people reuse their account names and passwords.

"It is not just your password that is important to protect, it is your username as well," Rasmussen said. "That is being driven home as a hard lesson these days."