Have cybercriminals gone weak?
To the average security-minded computer user, things might seem that way, as the amount of spam and malware sent to our email inboxes has dropped dramatically.
In the media, politically motivated "hacktivists" hog the headlines, while traditional cybercriminals — those who steal credit-card numbers or sell identities — don't get as much air time.
Yet that doesn't mean that mean cybercriminals have gone soft and less aggressive, said Ed Cohen, a vice president at San Jose, Calif., Internet security company SonicWALL. In fact, the truth is quite the opposite — professional online criminals are simply getting smarter about how they steal sensitive information.
Two paths you can go by
There are two ways in which the average computer user can be impacted by cybercrime, Cohen explained.
The first is when an individual has his information, be it his identity or his credit-card number, stolen directly. The second method is more subtle, but also more widespread: It's when home or business computers are used as tools to get malware and spam out into the wild.
"There are some stats that say that at least one out of every four computers could be infected with malware on it," Cohen explained.
Computers are infected with malware at a rate of about 10 million every month, Cohen said. Much of that malware hijacks the host machine and forces it to join a botnet, a silent network of compromised machines working together under the control of online criminals.
A quarter of a million PCs are added to botnets each month, Cohen said.
"There is so much of this that the hackers aren't just making money by sending out the malware and gather[ing] the information on the computer," Cohen said.
"They are also in the business of renting out botnets," he explained. "You can rent a botnet for, say, $100 a day and then you can do whatever you want with the information you gather. You don't have to be a sophisticated hacker anymore to take advantage of a botnet that takes over an innocent person's computer."
Cohen said SonicWall's email security group estimates that between 80 and 90 percent of botnet-related spam comes from the compromised computers of legitimate consumers and businesses, who likely have no idea their own machines are pumping out trash emails.
"It's not just evil people sitting at their own computer sending this bad stuff," Cohen said. "[The bad guys] are leveraging other people's computers."
Think about it: One out of every four persons reading this article may have malware hidden on his or her computer, and might unknowingly be part of a botnet.
Hook, line and sinker
Cybercriminals are also getting much better at social engineering, playing on the emotions or gullibility of computer users.
In the aftermath of the devastating earthquake and tsunami in Japan this past March, for example, cybercriminals set up fake charity websites soliciting money to help victims. While that doesn't constitute malware per se, it does put consumers at risk of having money or their personal information stolen.
Phishing attempts have also gotten much more sophisticated. It has now be come much more difficult to tell the difference between a legitimate email and an attempt at cybertheft.
SonicWALL created a phishing quiz to see how easily the average Internet user can distinguish a real business email from a scam. The quiz uses real phishing emails as examples, and once you've taken it, shows you how to spot them.
Cybercriminals have new targets, too: mobile devices such as smartphones and tablets. Since almost all owners of iPhone and Android phones bring them to work, that means the Wi-Fi-enabled devices are hopping onto corporate wireless networks while at the same time holding a lot of their users' personal information.
Between the business data and the individual's identifying details, it's a jackpot for thieves.
"We've seen a significant rise in mobile-based threats," Cohen said. "People put their whole life on their phone and then leave it in a taxi. There are vulnerabilities in the apps that are downloaded, especially on Android."
An especially dangerous activity is surfing the Web on a smartphone, chiefly because you don't have as much control of how you interact with a website as you do on a regular computer.
For example, the URL or Web address clearly visible on a computer's browser is hidden on a smartphone. The average user can't tell whether he's connected to www.bankofamerica.com or www.bankofamericaaccountstealer.ru.
"You have to be very careful about what you do on your phone," Cohen said.
A strong defense
The bottom line is that the cybercriminals have come up with ways to infiltrate computers that are very difficult to defend against.
"You can learn tips to stay safe, and you have to learn what to look for," Cohen said. "Make sure your end-point device is up-to-date with patches and updates. Always back up your data. And if you really aren't sure how to keep your computer safe or get rid of malware that may be lurking, go to a professional to ask for help."
If you notice that you've had a drop in the number of spam or phishing emails lately, don't get lulled into the false notion that all is safe.
Cybercriminals haven't gone soft, and they haven't gone away. They're just getting smarter about the ways they trick you.