In its first Focus Report, Trend Micro examines the growth of data-stealing malware, its characteristics and its roots in the underground cyber crime economy.
While the term “data-stealing malware” is a relatively new one, its sole purpose for existence is a familiar story: To steal proprietary information such as online banking credentials, credit card numbers, social security numbers, passwords, and more from compromised networks and PCs in order to fuel an underground cyber crime economy driven by profit-seeking criminal networks that cross geopolitical boundaries.
Trojans: The Rising Star in Data-Stealing
Trojans are the fastest growing category of data-stealing malware, according to data from TrendLabs, Trend Micro’s global network of research, service, and support centers committed to constant threat surveillance and attack prevention. Trojan attacks pose a serious threat to computer security. True to their name, they typically arrive disguised as something benign such as a screen saver, game, or joke. Based on TrendLabs research:
- In 2007, 52 percent of data-stealing malware were Trojans; in 2008, that number increased to 87 percent; as of Q1 2009, 93 percent of data-stealing malware were Trojans.
- Trojans and Trojan spyware are the predominant type of data-stealing malware in all regions monitored by TrendLabs, including Australia, Asia, Africa, South America, North America and Europe.
The Politics of Transnational Cyber Crime
Politics and cyber crime have finally intersected in news headlines; understandably so: In the U.S. alone, the number of known breaches of government computers with malware more than doubled between 2006 and 2008, according to the Department of Homeland Security.
And, says Trend Micro advanced threat researcher Paul Ferguson, it is even possible that cyber terrorists may have already planted malware within the U.S. electrical grid that would allow them to remotely disrupt service.
Cyber crime has gained significant international mobility. In 2007, Estonian computer networks were crippled when serious distributed denial of service (DDoS) attacks against government and civilian sites were reputedly linked back to Russian operatives. At the time, Russia and Estonia were involved in a dispute over the Estonians’ removal of a Soviet war memorial. The French Embassy’s web site in Beijing was inaccessible for several days after a full-scale cyber attack following President Nicolas Sarkozy’s meeting with Tibetan spiritual leader, the Dalai Lama. Experts now widely believe instead that a Chinese hacking group staged the attack for nationalistic purposes.
Cyber espionage is also grabbing headlines. Every year, corporations suffer billions of dollars in intellectual property losses when trade secrets are illegally copied and sold to competitors on the black market for profit, or used for extortion. Business networks all over the world provide the perfect medium for cybercriminals capable of breaching their defenses.