As a new year approaches we must prepare for new Internet security threats. Every year, new and innovative ways of attacking computer users emerge and continue to increase in volume and severity. To know where we are going it is helpful to look at where we have been. Finding trends in Internet security has become a valuable, if not necessary, action for companies developing software to protect computer users.
Attacks have increased in sophistication and are often tailored to their specific victim. Trend tracking has shown that in 2008, the Web has become a primary conduit for attack activity. According to Symantec’s Top Internet Security Trends of 2008, attackers have become more difficult to track as they have shifted away from mass distribution of a small family of threats to micro distribution of large numbers of threats.
Spam and Phishing
This may be the most well known form of computer breaching, and yet it is still the healthiest and fastest growing of attacks. In 2004, Bill Gates predicted that spam would be resolved in another two years. In 2008, we were seeing spam levels at 76 percent until the McColo incident in November 2008, at which time spam levels dropped 65 percent. The battle with spammers has turned into an all out war and spammers are showing no sign of surrendering.
Spammers take advantage of current events, such as the presidential election, Chinese earthquake, Beijing Olympic Games and the economy. They use these widely socialized issues as headlines to lure people into clicking on a link to malware or sending money for unrealistic charitable campaigns. Social networks are only feeding the beast by making it easier for spam attacks to propagate quickly through a victim’s social network.
Phishing walks hand in hand with spam as it utilizes current events to make their bait more convincing. Another phishing tactic particularly recognized over the last year is by offering users a false sense of security by targeting .gov and .edu domains. Although cybercriminals cannot register domains under these domains, they find ways to compromise the Web servers to grant them control. Once control is gained, it becomes harder to fix because the domain cannot be simply deactivated. Lengthy measures are taken to have the company remove the compromised page from their website and secure their servers. The time it takes to make these changes allows the phished page to remain active and hit more victims.
Fake and Misleading Applications
Fake security and utility programs aka “scareware” promise to secure or clean up a user’s home computer. The applications produce false and often misleading results, and hold the affected PC hostage to the program until the user pays to remedy the pretend threats. Even worse, such scareware can be used as a conduit through which attackers install other malicious software onto the victim’s machine.
In 2008, the Identity Theft Resource Center (ITRC) documented 548 breaches, exposing 30,430,988 records. The significance of this data is truly spotlighted after realizing that it only took nine months in 2008 to reach the 2007 total. What is most interesting about data breaches is that most are not malicious in nature. In many cases, inadvertent employee mishandling of sensitive information and insecure business processes are the most common ways that data is exposed. This can be attributed to the increase of mergers, acquisitions and layoffs resulting from the thundering economic climate changes in 2008.
What to Watch for in 2009
Looking at attack trends and techniques malware creators favored in 2008 help us predict what to expect in 2009. Some of these new attacks are already starting to show up and users need to be aware so that they can stay safe online in 2009.
As we have learned, current events are utilized as headliners to bait victims. In 2009, it is easily predicted that the economic crisis will be the basis of new attacks. We expect to see an increase in emails promising easy-to-get mortgages or work opportunities. Unfortunately, the people already being hit hard by the economy who have lost jobs and who have had homes foreclosed will also become the primary prey of scams.
Advanced Web Threats
The number of available Web services is increasing and browsers are continuing to converge on a uniform interpretation standard for scripting languages. Consequently, we expect the number of new Web-based threats to increase. User-created content can host a number of online threats from browser exploits, distribution of malware/spyware and links to malicious websites. The widespread use of mobile phones with access to the Web will make Web-based threats more lucrative. We have already seen attacks disguised as free application downloads and games targeting Smartphones. We expect to see more truly malicious mobile attacks in 2009.
Social networks will enable highly targeted and personalized spam by phishing for username accounts and/or using social context as a way to increase the “success rate” of an online attack. In 2009, we expect an upgrade in spam to the use of proper names, sophisticatedly segmented according to demographic or market. The upgraded spam will resemble legitimate messages and special offers created from personal information pulled from social networks and may even appear to come from a social networking “friend.” Once a person is hit, the threat can easily be spread through their social network. Enterprise IT organizations need to be on the alert for these types of attacks because today’s workforce often accesses these tools using corporate resources. The battle against Internet security threats will continue to rage on and tactics on both sides will become more sophisticated over time. Although no one can be certain of what the future holds, we can look back and learn from our past to identify trends that can help make educated predictions for where future attacks may be heading.