Free Newsletter
Register for our Free Newsletters
Access Control
Deutsche Zone (German Zone)
Education, Training and Professional Services
Government Programmes
Guarding, Equipment and Enforcement
Industrial Computing Security
IT Security
Physical Security
View All
Other Carouselweb publications
Carousel Web
Defense File
New Materials
Pro Health Zone
Pro Manufacturing Zone
Pro Security Zone
Web Lec

Trend Micro 2008 forecast for cybercrime.

Trend Micro : 19 February, 2008  (Technical Article)
Increasing trend in underlying criminality for financial gain in the area of cybercrime set to continue throughout 2008.
Trend Micro has published its 2007 Threat Report and 2008 Forecast.

According to research from Trend Micro's TrendLabsSM, hackers are intensifying their attacks on legitimate Web sites. It debunks the adage to "not visit questionable sites" - just because a user visits a gambling or adult-content site doesn't necessarily mean Web threats are lurking in the shadows; the site with the latest sports news or links in a search engine result, however, could potentially infect visitors with malware.

An underground malware industry has carved itself a thriving market by exploiting the trust and confidence of Web users. The Russian Business Network, for example, was notorious all year for hosting illegal businesses including child pornography, phishing and malware distribution sites. This underground industry excludes no one. In 2007, Apple had to contend with the ZLOB gang, proving that even alternative operating systems are not safe havens for the online user. The Italian Gromozon, a malware disguised in the form of a rogue anti-spyware security application, also made its mark in 2007.

This past year, the NUWAR (Storm) Botnet expanded in scope when Trend Micro researchers found proof that the Storm Botnet is renting its services to host fly-by-night online pharmacies, dabble in stock pump-and-dump scams, and even portions of its backend Botnet infrastructure. During 2007, the most popular communication protocol among Botnet owners was still Internet Relay Chat possibly because software to create IRC bots is widely available and easily implemented and at the same time movement to encrypted P2P is being used and tested in the field.

Security threats are no longer limited to PCs. Mobile devices, as they become more sophisticated and powerful, are at risk for the same types of threats as PCs (viruses, spam, Trojans, malware, etc.) Gadgets with wireless capabilities such as Wi-Fi and Bluetooth, as well as storage capability have become major sources of data leaks, as well as carriers of infections through security perimeters.

Other notable findings from the report:.

- The Windows Animated Cursor exploit (EXPL_ANICMOO) encompassed over 50 percent of all exploit codes to hit the Internet computing population. 74 percent of its infections this year came from Asia. The same holds true for TROJ_ANICMOO.AX, a related threat which embedded the exploit. 64 percent of computers infected with this were from China.

- The top malware finding was WORM_SPYBOT.IS and WORM_GAOBOT.DF. Both created botnets and worms that infected USB-connected devices.

- Nearly 50 percent of all threat infections come from North America, but Asian countries are also experiencing a growth -- 40 percent of infections stem from that region.

-Social networking communities and user-created content such as blog sites became infection vectors due to attacks on their underlying Web 2.0 technologies, particularly cross-site scripting and streaming technologies.

- Infection volumes nearly quadrupled between September and November 2007, indicating that malware authors took advantage of the holiday seasons as an opportunity to send spam or deploy spyware while users are shopping online.

- In 2007, the number one online commerce site attacked by phishers was still global auction site eBay and sister company PayPal. Financial institutions, especially those based in North America, also experienced a high volume of phising attacks.

Based on the emerging trends of this year, the following are Trend Micro's forecasts for the threat landscape in 2008:

1. Legacy code used in operating systems and vulnerabilities in popular applications will continue to be attacked in the effort to inject in-process malicious code that criminals can exploit to run malware in efforts to breach computer and network security in the efforts to steal confidential and proprietary information.

2. High-profile Web sites that run the gamut of social networking, banking/financial, online gaming, search engine, travel, commercial ticketing, local government sectors, news, job, blogging, and e-commerce sites for auction and shopping will continue to be the most sought-after attack vectors by criminals to host links to phishing and identity theft code.

3. Unmanaged devices such as smart phones, mp3 players, digital frames, thumb drives, and gaming stations will continue to provide opportunities for criminals and malware to infiltrate a company's security borders due to their capabilities for storage, computing, and Wi-Fi. Public access points such as those in coffee shops, bookstores, hotel lobbies, and airports will continue to be distribution points for malware or attack vectors used by malicious entities.

4. Communication services such as email, instant messaging, as well as file sharing will continue to be abused by content threats such as image spam, malicious URLs, and attachments via targeted and localised socially engineered themes due to their effectiveness in luring potential victims as criminals attempt to increase the size of botnets and steal confidential information.

5. Data protection and software security strategies will become standard in the commercial software lifecycle due to the increasing high-profile incidents. This will also put a focus on data encryption technologies during storage and transit particularly in the vetting of data access in the information and distribution chain.
Bookmark and Share
Home I Editor's Blog I News by Zone I News by Date I News by Category I Special Reports I Directory I Events I Advertise I Submit Your News I About Us I Guides
   © 2012
Netgains Logo