As more and more people around the world become part of the global network that is the Internet, the number and variety of cyber threats increases correspondingly. And as cyber security evolves to meet the changing nature of these threats, so too do the threats themselves evolve and become ever more sophisticated, ready to claim their next victims.
The recently released MessageLabs Intelligence 2010 Annual Security report highlights the fact that the 2010 security landscape was “shaped by the technological advances made in more sophisticated forms of malware as the cyber criminals continued to find new and innovative ways to attack computers and businesses”. Some of the key findings of the report were that the global average spam rate increased in 2010 to account for 89.1% of all emails sent, and that there has been a marked increase in local language spam, with only 90% of spam messages now sent in English. In 2010 spammers also produced many messages relating to major newsworthy events, among them the FIFA World Cup, in an attempt to engage their victims’ interest.
The use of URL link shortening services has also been gaining prevalence in spam messages, as these shortened links can more easily conceal suspicious site names. As a result of their common use in social networking these links, such as bit.ly, TinyURL, and goo.gl, are more trusted than they should be and cyber criminals are beginning to take full advantage of the fact. The use of targeted email campaigns, known as spear phishing, has also grown, almost doubling in prevalence from 2009 to 2010.
On top of this the number of malicious websites has increased, with the report highlighting that the “average number of web sites blocked as malicious each day rose to 3,188 compared with 2,465 in 2009.” The sheer number of different malware strains has increased a hundredfold, according to the report, with more than 339 600 strains identified in blocked emails.
The statistics around the ever increasing and ever more sophisticated levels of cybercrime make one thing abundantly clear – protecting yourself and your machine from these threats is of the utmost importance, as the end goal of the majority of spam is to part victims from their hard earned cash. One of the most important ways for people to protect themselves and their businesses is to have a comprehensive security system in place on any and all machines that have access to the Internet as well as machines that can be accesed by USB or are connected to a network. This security needs to include anti-virus, anti-spam, firewalls, phishing protection, identity protection, protection from rootkits, worms and bots as well as continuously updated definitions in order to keep up with the constantly evolving nature of the threat.
The second aspect of cyber protection involves education around the threats themselves so that people are aware of what to protect themselves against, and the MessageLabs report forecasts a number of trends to be aware of for 2011.
The first of these is the fact that spam is predicted to become more culturally and linguistically diverse than ever before. With the increasing number of internet users in emerging economies we will see a decrease in the number of English language attacks and a rise in spam in other languages local to the regions where the spam is being directed. This means that it is no longer safe to assume that if a message is not in English it is not spam, and users need to be aware of this shift in order to protect themselves.
Secondly malware specialisation is a trend that is set to grow in 2011. In 2010 the range of targets broadened beyond PCs and servers with the Stuxnet Trojan, which attacked programmable logic controllers. Specialised malware that is designed to attack physical infrastructures is something to look out for this year, with attack targets predicted to include smart phones as well as less obvious but still critical systems such as power grid controls. As the report states: “any technology that can be exploited for financial gain or influence will become a potential target.” It has also become apparent that routers have serious vulnerabilities that allow hackers to re-route traffic to malicious sites, such as false online bank accounts. This makes it vital to ensure that not only PCs and servers are protected but also all peripheral devices that connect to the internet as well.
Malware attacks based on current events and hot internet topics will continue to rise, as cybercriminals are beginning to proactively identify websites that are likely to see higher than normal levels of traffic, and compromise these target sites to take advantage of this fact. This trend is already in evidence with a large number of malicious sites being linked to the earthquake and tsunami disaster in Japan, including a social networking driven scam where users are tricked into clicking on links which claim to be raw CNN footage of the Japanese tsunami.
Targeted attacks are set to increase, driven by increasing automation of the research required to create these attacks, and the range of industries hit by these attacks is predicted to diversify as attackers seek indirect entry into organisations by exploiting contractors and suppliers rather than directly targeting individuals within the organisation.
Another worrying trend that we can expect to see emerge, on the back of the anticipated roll out of social networks and online marketplaces introducing their own virtual currencies, will be attacks designed to exploit these new avenues for financial fraud. This will include specialised malware, rogue applications and phishing attacks. These virtual currencies may also be used as a means of laundering money across international boundaries.
In an increasingly connected and virtual world the likelihood of individuals falling victim to a wide range of malicious cyber activities increases. To avoid becoming one of these statistics it is important to have sophisticated security software coupled with a sharp awareness of the nature of the threats. The reality is that cybercrime will only continue to grow, as it has high profitability coupled with low prosecution rates, making it an attractive method for those with unscrupulous intent.
By Fred Mitchell, Symantec Division manager at Drive Control Corporation