Search for LIMS content across all our Wiki Knowledge Bases.
Type a search term to find related articles by LIMS subject matter experts gathered from the most trusted and dynamic collaboration tools in the laboratory informatics industry.
Crimeware is a class of malware designed specifically to automate cybercrime.[1]
Crimeware (as distinct from spyware and adware) is designed to perpetrate identity theft through social engineering or technical stealth in order to access a computer user's financial and retail accounts for the purpose of taking funds from those accounts or completing unauthorized transactions on behalf of the cyberthief.[citation needed] Alternatively, crimeware may steal confidential or sensitive corporate information. Crimeware represents a growing problem in network security as many malicious code threats seek to pilfer valuable, confidential information.
The cybercrime landscape has shifted from individuals developing their own tools to a market where crimeware, tools and services for illegal online activities, can be easily acquired in online marketplaces. These crimeware markets are expected to expand, especially targeting mobile devices.[2]
The term crimeware was coined by David Jevans in February 2005 in an Anti-Phishing Working Group response to the FDIC article "Putting an End to Account-Hijacking Identity Theft".[3]
Examples
Criminals use a variety of techniques to steal confidential data through crimeware, including through the following methods:
Surreptitiously install keystroke loggers to collect sensitive data—login and password information for online bank accounts, for example—and report them back to the thief.[4]
Crimeware threats can be installed on victims' computers through multiple delivery vectors, including:
Vulnerabilities in Web applications. The Bankash.G Trojan, for example, exploited an Internet Explorer vulnerability to steal passwords and monitor user input on webmail and online commerce sites.[6]
Targeted attacks sent via SMTP. These social-engineered threats often arrive disguised as a valid e-mail message and include specific company information and sender addresses. The malicious e-mails use social engineering to manipulate users to open the attachment and execute the payload.[7]
Crimeware can have a significant economic impact due to loss of sensitive and proprietary information and associated financial losses. One survey estimates that in 2005 organizations lost in excess of $30 million due to the theft of proprietary information.[9] The theft of financial or confidential information from corporate networks often places the organizations in violation of government and industry-imposed regulatory requirements that attempt to ensure that financial, personal and confidential.
^Sood, Aditya (2013). "Crimeware-as-a-service—A survey of commoditized crimeware in the underground market". International Journal of Critical Infrastructure Protection. 6 (1): 28–38. doi:10.1016/j.ijcip.2013.01.002.
^CSI/FBI Computer Crime and Security Survey 2005, p.15