Wed, 04/29/2009 - 20:26 — Igor Donchenko
Malware exploits moved at unprecedented speed and volume this past year but 2009 may bring increasing cooperation among security vendors and law enforcement agencies to bring down criminal enterprises, according to the annual Trend Micro Threat Roundup & 2009 Forecast.
While malware authors have always moved quickly - releasing code as soon as an exploit is discovered - Trend Micro threat researchers witnessed faster-than-ever malware exploits in 2008, partly due to the "in-the-cloud" threat models and architectures cybercriminals have repurposed for profit, and making the Internet the major vector used in the dissemination of malware. For the security industry, this means traditional methods of protection are inadequate. Trend Micro responded in 2008 by taking the battle against the bad guys into the Internet cloud so that threats are stopped before they can do damage.
Most of these threats are disseminated through the Internet cloud, making everyone who surfs the Web vulnerable to becoming victims. In 2008, Trend Micro furthered its vision and strategy to move security capabilities into the Internet cloud with Trend Micro Smart Protection Network, a next-generation cloud-client content security infrastructure designed to protect customers from Web threats. Trend Micro Smart Protection Network delivers correlated, up-to-the-minute threat intelligence so customers get immediate protection.
Exploits such as Domain-Name-Server (DNS) changing malware that literally routes any machine to any site took on more aggressively in 2008. Browser exploits like the zero-day exploit for Microsoft Internet Explorer became a favorite of cybercriminals in 2008. Additional attacks were launched against other browsers - all done quickly and surreptitiously, before these companies were able to issue fixes.
Data-stealing malware also experienced tremendous growth in 2008. Initiated by a Trojan attack, the primary goal of data-stealing malware is to capture sensitive data from users' PCs then send it back to a bot herder or other criminal operators either for direct exploitation or for resale on the digital Black Market.
The U.S. is still the most spammed country, receiving 22.5 percent of all spam, while Europe is the most spammed continent. China's percentages have been increasing lately, showing 7.7 percent spam volume in 2008, compared to 5.23 percent or less in Russia, Brazil, and the Republic of South Korea.
From January until November 2008, a staggering 34.3 million PCs were infected with bots, software programs that allow remote control of a PC by a third party. The biggest three-month increase occurred from June to August when there was a 476-percent spike in infections.
In November 2008, a group of security researchers blew the whistle on San Jose-based McColo Corporation - one of the world's largest sources of spam. Trend Micro threat experts expect more efforts similar to the McColo takedown where collaborative security-community efforts are used to dismantle cyber gangs.
2009: A Look Forward
However it's implemented, monetary gain will continue to drive the continuous creation of new malware.
Sophisticated blended threats are the new frontier.
Web threats will continue to involve multiple vectors, to avoid detection. These threats will employ the latest tricks and techniques in the coming year, such as the DNS changer Trojan, as malware writers continue to leverage the best tools available.
Ransomware and ransom attacks will occur in Q2.
A rise in ransomware may occur in the second half of the year, targeting small to medium-sized companies rather than individual home users. Companies with tightened budgets are especially vulnerable to criminals who request massive pay-offs. Small to medium-sized companies are large enough to have money worth extorting, but small enough that they cannot cope with threats of an IT disaster or large amounts of downtime.
Mac attacks will increase.
As Mac computers, which do not usually ship with antivirus applications, continue to increase their market share, they will become increasingly vulnerable to attacks. Recent malware targeted to Mac users came from spammed messages and poses as a video application to distribute itself. When users clicked on the link to watch a video, they became infected with the malware. Threats exploiting bugs on alternative operating systems will grow, especially with the increasing popularity of Linux (because of the booming Netbook market).
Microsoft -- the eternal target -- will continue its legacy of trouble in 2009.
Proof-of-concept malware will exploit Microsoft Windows 7, Surface, Silverlight, and Azure. Cybercriminals will continue to employ a more professional approach to time their zero-day exploits to disrupt Microsoft's monthly "Patch Tuesday" schedule."
Cyber gang wars will make headlines.
Security researchers are seeing virus wars, worm wars, and botnet wars -- due to increasing competition for financial gains from phishing and fraud, as well as the downsizing of criminal cyber gangs and improvements in security solutions. Look for growing competition between Eastern Europe and China to determine which country's crooks will be the first to include the latest exploits in their exploit kits.
Virtual worlds will experience more real-world trouble.
Many threats encountered in the real world will also crop up in the virtual world. Since cyber criminals need large audiences to perpetrate their crimes, they have begun preying on residents in virtual worlds and players in online games, particularly in Asia where these games have become extremely popular.
Broken dns issues will continue to create headaches.
According to experts, bad guys are already using the poisoned DNS (Domain Name System) cache to create covert communications channels, bypass security measures, and serve-up malicious content. Although the security community, including Trend Micro, is working closely with registries/registrars where possible, this is an issue that ICANN (Internet Corporation for Assigned Names and Numbers) must address.
Unlike the global economy, the underground economy will continue to flourish.
Increases in info-stealing malware, geared toward stealing login credentials and banking and credit card information, will continue to thrive. In addition, rogue applications are big business in the underground, as well as malware auction sites.
Identity theft will increase worldwide.
Few countries have any laws that address it, so identity theft will continue to impact unsuspecting victims in 2009. According to the Identity Theft Research Center (ITRC), reports of data breaches reached an all-time high in 2008.
Spam volumes will continue to grow.
Ninety-five percent of all emails contain spam. Around 115 billion spammed messages, nearly all coming from compromised computers, are sent every day, up from the average 75 billion in 2005 to 2006. Spam is all about numbers as the more spam sent, and the better the social engineering, the greater the chance users will click.