Free Newsletter
Register for our Free Newsletters
Access Control
Deutsche Zone (German Zone)
Education, Training and Professional Services
Government Programmes
Guarding, Equipment and Enforcement
Industrial Computing Security
IT Security
Physical Security
View All
Other Carouselweb publications
Carousel Web
Defense File
New Materials
Pro Health Zone
Pro Manufacturing Zone
Pro Security Zone
Web Lec

Annual Security Report highlights the most effective malware

Cisco : 09 December, 2009  (Special Report)
The Cybercrime showcase in the Cisco Annual Security Report names to best and worst of malware produced in 2009 and focuses on social media as the channel of choice for spam and malware
Annual Security Report highlights the most effective malware
Newsletter featured story - sign up for our free weekly editorial newsletter here

Cisco has issued its Annual Security Report for 2009, which highlights the impact of social media, particularly social networking, on network security and explores the critical role that people, not technology, play in creating opportunities for cybercriminals. The Annual Security Report also includes winners of the 2009 Cisco Cybercrime Showcase and discusses trends in cloud computing, spam and overall global cybercrime activities that information technology professionals continue to face.

Social media experienced explosive growth in 2009. Facebook alone tripled its active user base to 350 million over the course of the year. Social media adoption is expected to continue growing into 2010, especially as more organisations realise the value of social networks as an absolute business requirement. Social networks have quickly become a playground for cybercriminals because members of these sites put an inordinate amount of trust in the other members of their communities and often fail to take precautions to prevent the spread of malware and computer viruses. The Annual Security Report also provides more information on the potentially devastating combination of minor vulnerabilities, poor user behavior, and outdated security software that can dramatically increase risks to network security.

Highlights of the Cisco 2009 Annual Security Report include:

The first-ever Cisco Cybercrime Showcase acknowledges security professionals holding the front lines in the fight against cybercrime, while certain attacks are noted for causing significant trouble for Internet users in 2009:

* Most Audacious Criminal Operation: Zeus. A Trojan that delivers malware by targeted phishing and drive-by downloads, Zeus goes beyond login names and passwords to steal numerous online banking credentials. Affordable toolkits are enabling cybercriminals to create variants of Zeus that are difficult to detect by antivirus programs. In 2009, the Zeus Botnet infected almost 4 million computers worldwide.
* Cybercrime "Sign of Hope": The Conficker Working Group. This group, composed of members of the security community and industry, is credited with significantly muting the impact of the network worm Conficker, which was anticipated to wreak havoc starting on April 1, 2009.
* Most Notable Criminal Innovation: Koobface. This worm regenerated itself, first appearing on Facebook in 2008, then Twitter in 2009. Koobface lures users into clicking a link for a YouTube video that launches the worm. More than 3 million computers have been infected by variants of this malware.

Key Findings

* Spam: Social media may be where cybercriminals troll for new victims. However, spam is still a tried-and-true means for tricking people into downloading malware and persuading them to buy, for example, fake pharmaceuticals. The Annual Security Report estimates that in 2010, spam volume will likely rise 30 to 40 percent worldwide over 2009 levels. However, Cisco's own SensorBase data shows that while the U.S. and other economic leader countries (such as those within the European Union) begin to shut down spam zombies in their own countries, the rollout of broadband in developing economies (including India and Vietnam) have made them an increasing source of spam. In fact, the U.S. was toppled as the No. 1 spam sender. In 2009, that distinction went to Brazil.

* Cloud Computing: While 10 years ago it would have been unthinkable for businesses to keep sensitive data outside the corporate firewall, today, with the advent of Cloud Computing and hosted applications, doing so is increasingly common. Many users are so trusting of Cloud Computing that they do minimal due diligence on who's hosting their sensitive data, and how secure the data is. The Annual Security Report recommends that organisations looking to use externalised services ask providers to explain their data security measures thoroughly.

* Cisco Cybercrime Return on Investment (CROI) Matrix: This year's Annual Security Report marks the debut of the Cisco CROI Matrix, based on the Boston Consulting Group's well-known "Growth-Share Matrix." The CROI Matrix analyses which types of cybercrime will be the "winners" and "losers" in 2010. Based on performance in 2009, the matrix predicts that massive banking Trojan Zeus and other lucrative and easy-to-deploy Web exploits will be more prevalent in 2010. Scareware, spyware, click fraud, advance-fee fraud and pharma spam will continue to be cash cows. The "wait-and-see" moneymakers include social networking exploits, like the Koobface worm, that are only now starting to make their mark.

* Cisco Global ARMS Race Index: In an effort to track the overall level of compromised resources worldwide, Cisco has developed a Global Adversary Resource Market Share (ARMS) Race Index. Over time, the index will give a better picture of the online criminal community's rate of success at compromising enterprise and individual activity. In 2009, the index rates the level of resources under adversarial control at 7.2, indicating that between 5 and 10 percent of personal computers are compromised.

Patrick Peterson, Fellow, Cisco: "The blending of social media for business and pleasure increases the potential for network security troubles, and people, not technology, can often be the source. Without proper cognizance of security threats, our natural inclination to trust our 'friends' can result in exposing ourselves, home computers and corporate networks to malware. The value of social media is becoming acknowledged increasingly by businesses, but these same organisations need to provide the proper training and education to ensure that employees avoid compromising themselves and their businesses."
Bookmark and Share
Home I Editor's Blog I News by Zone I News by Date I News by Category I Special Reports I Directory I Events I Advertise I Submit Your News I About Us I Guides
   © 2012
Netgains Logo