IFSECInsider-Logo-Square-23

Author Bio ▼

IFSEC Insider, formerly IFSEC Global, is the leading online community and news platform for security and fire safety professionals.
December 23, 2008

Nothing found. Please check your show/episode id.

Download

State of Physical Access Trend Report 2024

Cybercrime: what’s in store for 2009?

Although the economy is on a downturn, the shadow Internet economy is booming. It’s sad but true – cybercrime is on an upswing and will pose an ever-increasing threat to users in 2009. Given that the cybercrime business demonstrated a huge growth rate in 2008, then, what should be expected in the coming year?

Do you think you’re safe as long as you don’t open an unknown e-mail attachment, or visit a dubious web site? If you do, then it’s time to think again. Today’s threats aren’t just spread via e-mail, guest books and message boards but also via social networking sites. Users of such web sites had a taste of this earlier in the year with the appearance of Net-Worm.Win32.Koobface, designed to attack MySpace and Facebook users through their friends.

Once hackers are in a user’s account, they can easily steal personal data from the user’s online friends or hack their accounts, thus multiplying the damage. Why are the users of social networking sites such easy prey for cyber criminals? The answer is simple. On the one hand, users are very open and trust these sites, which causes them to lower their guard. On the other, vulnerabilities in these sites are often left open for significant periods of time, making it easy for hackers to take full advantage of any security loopholes.

From e-mails to links

Interestingly, the old method of spreading malicious code via e-mail will virtually disappear in 2009. Nevertheless, the majority of threats will still be delivered via the Internet.

Today, threats are mainly spread via links, and when the user clicks on them, malware will be downloaded to his or her machine. The malicious program can then start its nasty tricks, whether that’s logging keystrokes, stealing someone’s ID or downloading even more malware.

As these links may be routed over a number of servers, the user is redirected from one machine to another, even though she or he doesn’t notice this. These ‘virtual relays’ require additional efforts on the part of anti-virus vendors when it comes to identifying new malware. That being the case, such methods are certain to be used more frequently in the coming year.

All eyes on smart phones

Smart phones like the iPhone are hot gadgets – and an even hotter target for cyber criminals. True, the threat to smart phones is still relatively limited, but by this time next year it’ll probably be a very different story. In addition to Apple’s iPhone, Google is moving into the market with Android.

It looks as though 2009 is going to be the year of the smart phone. In today’s information society, what could be better than having the Internet with you 24/7, wherever you go and at an affordable price?

Mobile phones are following the same evolutionary trajectory as PCs which, in the space of ten years, moved from unwieldy, expensive modem connectivity to high-speed, fixed price Internet access. Once this leap has been made, cyber criminals will not be resting on their laurels. Mobile phones will also be corralled into botnets, just as has happened with PCs.

Although mobile malware in 2009 is likely to be limited in scope and volume, by 2010 the situation will be far more serious. In five years time, at the very latest, mobile malware will – sadly – have become part of daily life.

Malicious programs on the rampage

The volume of malicious code and number of variants is exploding. Statistics demonstrate the increased threat. At the beginning of 2008, Kaspersky Lab was using around 500,000 signatures to detect malware. Within the next few weeks, this will be over 1,500,000 signatures, meaning that the number has tripled in less than a year – a trend which will become even more threatening in 2009.

Cyber criminals use this massive amount of malware to challenge the security industry and traditional detection methods. In addition to signature-based detection, behavioural-based detection and real-time solutions are key factors in the war against cybercrime. This means that malicious programs may be identified only minutes after they appear (for example, via the Kaspersky Security Network, the equivalent of what other vendors called ‘in the cloud security’).

New technologies such as the Host Intrusion Prevention System (HIPS) made available this year will be optimised to combat even completely unknown malware without the need for signatures. Determined cyber criminals will have to find new ways of exploiting an ever-decreasing window of opportunity.

Top 20 malicious files in November

As a leading provider of Internet security solutions, we have just issued data outlining both the Top Twenty malicious programs most frequently detected on users’ computers by its 2009 anitivirus product, and the Top Twenty malicious programs eminently capable of infecting files.

Heading our Top Twenty chart of malicious programs detected in November is a key logger – a program that records and then reports the keystrokes made on the keyboard. There has been a sharp increase in the number of computers infected by this malicious program during the last two months, and last month’s prediction – that an epidemic was looming – has come true, with new versions of the virus appearing several times each week.

There are numerous key loggers in existence, and they’re a serious threat to everyone who wants to keep their private information, such as passwords and bank details, safe from cybercriminals looking to capitalise from identity theft. The use of up-to-date Internet security software – in particular one that includes a ‘virtual keyboard’ enabling passwords and account numbers to be entered without the use of a traditional keyboard – is the only way to prevent these covert attacks.

Malware writers are also continuing to attack people who use their home PC and/or laptop for multimedia, including listening to music, podcasts and videos. Last month, we reported a program that exploits a vulnerability in Windows Media Player. While this has disappeared from the Top Twenty rankings, a similar program has surfaced at number three in the chart. The new program gains access to the device via little known functionality in the ASF (Advanced Streaming Format) that’s used in Microsoft products to stream multimedia.

Given that multimedia is an inseparable part of today’s online world, there are good grounds to expect that other similar malicious programs will appear in the future.

Files that can infect files

In terms of the Top 20 malicious files capable of infecting files, the contents are pretty stable with one single new program. That new addition – a worm called Bacteraloh.h – was first detected by Kaspersky Lab in January last year. It employs a modification of the Sality virus (a family of viruses that’s very active at the moment) Worm.VBS.Headtail.a, which fell off the rankings in September, returned for our November-December study, continuing its volatile appearance and reappearance pattern.

Magnus Kalkuhl is a member of the Kaspersky Lab Global Research Team (GReAT) and a specialist virus analyst

The Kaspersky Lab eStore at www.kaspersky.co.uk/store is currently running a Christmas promotion offering a saving of GB pound 20 on Kaspersky Internet Security 2009 for one and three user license, for one and two years. This exclusive offer is running until Christmas Eve

Subscribe
Notify of
guest
0 Comments
Oldest
Newest Most Voted