What You Can Do Now!

Trend Micro just released their 2008 forecast for cybercrime. Cash-motivated Web threats broadened; for 2008, the distinction between “good” and “bad” Web sites will be blurred when it comes to security. We’ll take a quick look at some of the trends and what you can do to protect yourself.

Gadgets with wireless capabilities such as Wi-Fi and Bluetooth, as well as storage capability have become major sources of data leaks and carriers of infections through security perimeters.

According to research from Trend Micro’s TrendLabsSM, hackers are intensifying their attacks on legitimate Web sites. The number of compromised Web sites are slowly outnumbering malicious ones created specifically by cyber criminals. It debunks the adage to “not visit questionable sites” because even trusted Web sites such as those belonging to Fortune 500 companies, schools and government organizations can hold malware.

2007 Findings

- The Windows Animated Cursor exploit (EXPL_ANICMOO) encompassed over 50 percent of all exploit codes to hit the Internet computing population. 74 percent of its infections this year came from Asia. The same holds true for TROJ_ANICMOO.AX, a related threat which embedded the exploit. 64 percent of computers infected with this were from China.

 

- The top malware finding was WORM_SPYBOT.IS and WORM_GAOBOT.DF. Both created botnets and worms that infected USB-connected devices.

 

- Nearly 50 percent of all threat infections come from North America, but Asian countries are also experiencing a growth — 40 percent of infections stem from that region.

 

-Social networking communities and user-created content such as blog sites became infection vectors due to attacks on their underlying Web 2.0 technologies, particularly cross-site scripting and streaming technologies.

 

- Infection volumes nearly quadrupled between September and November 2007, indicating that malware authors took advantage of the holiday seasons as an opportunity to send spam or deploy spyware while users are shopping online.

 

- In 2007, the top online commerce site attacked by phishers was still global auction site eBay and sister company PayPal. Financial institutions, especially those based in North America, also experienced a high volume of phising attacks.

2008 Forecast

1. Legacy code used in operating systems and vulnerabilities in popular applications will continue to be attacked in the effort to inject in-process malicious code that criminals can exploit to run malware as they attempt to steal confidential and proprietary information.

 

2. High-profile Web sites that run the gamut of social networking, banking/financial, online gaming, search engine, travel, commercial ticketing, local government sectors, news, job, blogging, and e-commerce sites for auction and shopping will continue to be the most sought-after attack vectors by criminals to host links to phishing and identity theft code.

 

3. Unmanaged devices such as smart phones, mp3 players, digital frames, thumb drives and gaming stations will continue to provide opportunities for criminals and malware to infiltrate a company’s security borders due to their capabilities for storage, computing and Wi-Fi. Public access points such as those in coffee shops, bookstores, hotel lobbies, and airports will continue to be distribution points for malware or attack vectors used by malicious entities.

 

4. Communication services such as email, instant messaging, as well as file sharing will continue to be abused by content threats such as image spam, malicious URLs and attachments via targeted and localized social engineered themes.

 

5. Data protection and software security strategies will become standard in the commercial software lifecycle. This will also put a focus on data encryption technologies during storage and transit particularly in the vetting of data access in the information and distribution chain.