Wednesday, July 22, 2009

More Money, More Web Scams

At Black Hat USA, WhiteHat Security researchers to highlight more and bigger-dollar hacks that don't use malware or security bugs

There was the iPod repairman online who allegedly pulled in a half-million dollars defrauding Apple and its iPod customers. There was also the hacking-for-hire scheme that made the bad guys a tidy nine-figure profit.

While the security industry spends most of its energy and resources on malware- and vulnerability-based methods of attack, a lesser-known and more lucrative world of hacking is going on right under our noses that rarely comes to light unless it makes the general news. These are the low-tech and no-tech attacks and scams that don't require malware or scanners, and they are rarely reported because they don't typically involve reporting stolen credit cards or other personal information. "This is the easier, higher dollar [attacks]," says Jeremiah Grossman, CTO of WhiteHat Security. "These almost never get reported...they are basic fraud losses that everyone keeps quiet about."

Grossman and WhiteHat colleague Trey Ford, director of solutions architecture, will present a sequel to their previous Black Hat USA talk about these simple but deadly attacks at next week's Black Hat USA conference in Las Vegas. "We're going to pick up where we left off last time. These are all the ways bad guys are making money, and we'll show off real-world hacks," Grossman says. They will also align their research with the findings in Verizon's recent breach report.

Check darkreading for more

No comments: