As malware writers and Internet attackers become moresophisticated, 2009 looks to be a year of more focused attacks byprofit-driven criminals bent on stealing data from businesses,employees and consumers.
Networking firm Cisco released itsannual Threat Report Monday, citing a nearly 12 percent increase in thenumber of disclosed vulnerabilities over 2007 and a tripling ofvulnerabilities in virtualization technology since lastyear.
Targeted attacks and blended, cross-vector assaults, along with a 90percent growth in threats originating from legitimate domains, top this year’s list of the most worrisome new trends plaguing computerusers, according to the report.
Attackers are changing tactics, leaving infected attachments behindfor more specialized methods. Malware volume propagated via e-mailattachments declined by 50 percent from the previous two years(2005-2006), noted Cisco researchers.
“The cybercriminals this year changed the entire threat landscape,”Patrick Peterson, Cisco fellow and chief security researcher, told TechNewsWorld.
Open Door Browsers
While some of the current Internet threats are older viruses andTrojans from previous years, Internet criminals have staked out newattack vectors this year based on the use of Web-based servicesreached through standard browsers.
“The old adage that threats follow usage is still true. Everybody isusing the Web browser for everything,” said Peterson.
As a result, criminals have refocused their efforts to capitalize onbrowser vulnerabilities and infected Web sites.
Technology and cooperation are greatly assisting cybercriminals. Theydo not necessarily have to be very technically advanced and spend time reverseengineering the Web to find vulnerabilities.
“The criminals form their own little ecosystems where they can buycriminal infecting kits,” said Peterson.
The goal of these attacks is to inject malware into a vulnerable Website, he said.
Spam Still King
Spam accounts for nearly 90 percent of all e-mail worldwide, accordingto Cisco. Despite spam filters and e-mail appliances to help controlthe flood of spam messages, they remain anever-present threat on the Web.
The United States is the biggest source of spam messages at 17.2percent. Turkey generates 9.2 percent, Russia generates 8percent, Canada generates 4.7 percent and Brazil generates 4.1percent. Other sources include India (3.5 percent), Poland (3.4 percent), South Korea (3.3percent), Germany and the United Kingdom (2.9 percent each).
Cisco researchers found a growing threat level associated heighteneduse of a tactic known as “spearphishing” — phishing attacks that precisely target a certain individual or small group. Attacks using botnets, social engineering andreputation hijacking became noticeably more prevalent.
For instance, targeted spearfishing represents about 1 percent of allphishing attacks; however, it is expected to become more prevalent ascriminals personalize spam and make messages appear more credible.
Botnet success is pronounced. Botnets have become a nexus of criminalactivity on the Internet. For instance, this year numerous legitimateWeb sites were infected with IFrames, malicious code injected bybotnets that redirect visitors to malware-downloading sites.
On the Rise
Another threat on the rise this year is social engineering. Attackersentice victims to open a file or click links which allow malware todownload. These messages appeal to the receiver’s career or actualsocial memberships.
Cisco expects that in 2009, social engineering techniques willincrease in number, vectors and sophistication. Even more threateningis reputation hijacking.
More online criminals are using real e-mail accounts with large,legitimate Web mail providers to send spam. This attack methodincreases the deliverability of spam because it makes spam harder todetect and block. Cisco estimates that in 2008 spam resulting frome-mail reputation hijacking of the top three Web mail providersaccounted for less than 1 percent of all spam worldwide butconstituted 7.6 percent of the providers’ mail traffic.
For 2009, Cisco’s researchers expect more instances of three key attacktrends. These developing threats are posed by insider threats, dataloss and mobile devices.
Insider threats come from negligent or disgruntled employees. Theglobal economic downturn may prompt more security incidents involvingemployees, making it crucial for IT, HR and other lines of businessto collaborate on mitigating threats, according to the report.
Data loss through careless workers or breaches by hackers — aswell as from insiders — is a growing problem that can lead to gravefinancial consequences, noted Cisco. Technology, education and clear,well-enforced data security policies can make compliance easier andreduce incidents.
The trend toward remote working and the related use of Web-basedtools, mobile devices, virtualization, cloud computing and similartechnologies to enhance productivity will continue in 2009. These willcreate new challenges for security personnel. The edge of the networkis expanding rapidly, and the increasing number of devices andapplications in use can make the expanding network more susceptible tonew threats, according to the report.
While security experts are still largely playing catch-up, the growingWeb threat this year has produced some meaningful results, Peterson said.For instance, the software industry now is placing more focus oncreating secure applications.
In addition, steps have been taken to make Web sites more securethrough penetration testing, Peterson said. He is seeing somesigns of hope for better Web security.
For example, two prominent Web attacks this year were the KaminskyAttack and the Clickjacker Attack. The quick distribution of patches fended off a significant amount of the damage these attacks could have caused, he said.
However, Peterson is not very optimistic about security measuresgetting ahead of attackers. Human nature rules, and security decisionsby corporations are sometimes only made after a problem develops.