Chia says security vendors have detected a rapid professionalisation of cyber crime. Attacks are no longer perpetrated by script kiddies looking for kudos but organised gangs moving in underground communities bent on generating big dollars.
Gangs are now employing IT professionals and business minds to carefully plan their moves and stay one step ahead of detection. Interestingly, they trade their goods on the internet, commanding high prices for the proceeds of crime.
"When we get too close, they find out," Chia says.
A security report by Symantec that focused on the underground economy in late 2008 estimated the potential value of total advertised goods on the black market was more than $US276 million ($305 million) annually.
The most traded commodity was stolen credit card information, followed by stolen bank account data. Credit card numbers sell for as little as US10¢ to $US25, while bank account information can fetch between $US10 and $US1000.
Vendors such as AVG and McAfee suspect the majority of cyber attacks are now the work of a small number of criminal gangs that also deal in other crimes. "We're talking about dozens of crime gangs off and online that organise money laundering and credit card fraud," says a global security strategist at AVG Technologies, Larry Bridwell.
"There's a small number of incredibly [capable] hackers that make up the largest amount of fraud."
The vice-president of threat research at McAfee, Dmitri Alperovitch, says gangs have built pyramid-like schemes of small operators who are unaware of the size and nature of their employer. They recruit unsuspecting people, including pensioners, who have to do little but withdraw and transfer regular amounts of money.
"They have roughies who ruffle up people locally to make sure the money mules pass on their pay," Alperovitch says.
AVG says despite continuous improvement in technology security, online crimes still happen because 30 per cent of all machines run with outdated antivirus software or with it turned off, criminals make increasingly more money and big corporations don't patch their machines as often as they should.
Lia Timson travelled to Silicon Valley as a guest of Symantec and to Malaysia as a guest of F-Secure.
Sign up for Computerworld eNewsletters.