MOUNTAIN VIEW, CA. – In its’ annual Internet Security Threat Report, Symantec says it expects that malicious code developers will continue to increasingly adapt attacks in order to evade detection and that some overt attack activities could be abandoned or pushed further underground. Malicious activity will be increasingly pushed to regions with emerging infrastructures that may still lack the resources to combat the growing involvement of organized groups in the online underground economy.
The onus will be on organizations, institutions, and other knowledgeable stakeholders in the security of the Internet to work for the benefit of the affected regions, the report read. Internet threat activity is truly global, and malicious activity allowed to flourish in one area could rapidly spread globally in the absence of a comprehensive response from the Internet security community.
Marc Fossi, manager, security response for Symantec in Calgary and the executive editor of the report, said the current threat landscape is evolving.
“There’s not so much revolutionary that’s going on. A lot of what we’ve seen is similar to 2007 with small but important distinctions. The end user is still the primary target when they go to trusted websites and it’s their browser and browser plug-ins that are targeted,” he said. “But attackers are becoming more coordinated. The result is the creation of pseudo corporations. One of these, around the end of 2008, was the McColo ISP that was hosting a lot of malicious activity. After they were taken down the percentage of Internet spam dropped to a significant degree.”
But the methodologies deployed by cyber-crooks haven’t changed much, he added.
“Because so much of what we’re seeing is financially motivated, the profit margin is the big thing; as long as something continues to work these guys are going to continue to use it,” he said. “Pseudo corporations like the (U.S.-based) McColo ISP, would have taken a significant investment to set up, so they’ve got a lot of money backing them.
“When you’ve got this overhead to deal with you’ve got to keep that minimal and maximize your profit. As long as that profit margin is steady, we’ll continue to see more of the same.”
And if there was any notion Internet threats were limited to rich nations, Fossi said the latest trends show a lot of malicious activity is being pushed out to emerging countries; “countries experiencing broadband growth” in Eastern Europe and Africa, he said.
“Proportionally, we saw the most increase in malicious code activity affecting Eastern Europe and African regions as it’s moving to emerging countries,” he continued. “Countries like Poland, Turkey, and Brazil, a lot of activity is moving out of hubs of North America and most of Western Europe. While activity still exists there, we’re seeing these increases in other countries where traditionally it hasn’t occurred before.”
The top vulnerability exploited in 2008 is the one the Conficker or Downadup worm. The last successful network worm was the Sasser worm in 2004.
“The bulk of vulnerabilities reported in 2008 were of medium severity, 80 percent were classified as being easily exploitable,” he said. “With a medium severity vulnerability, if exploited successfully, the attacker can execute code on the vulnerable computer . . . we also see sometimes more than one medium severity vulnerability will be exploited to gain a higher level of permissions on that computer.”
The financial services sector continues to be the top sector targeted by phishing attacks; not a surprising development considering the popularity of credit card information and bank account credentials on the underground economy.
“Attackers know if they successfully get financial service information from a user through a phishing attack, they can quickly turn that around and profit from it,” he said. “This is a recession-proof industry (the underground economy). You don’t need to make a purchase to have your credit card information stolen.”
Financial spam remained relatively constant in 2008.
“A lot of people expected this to decline . . . in times when the market is uncertain you’d think that wouldn’t be a popular thing to advertise,” he said. “We actually saw an increase advertising things like cheap loans . . . they changed their social engineering ploys to take advantage of the economic climate.”
For the channel community, Fossi said it’s important to push data loss prevention solutions.
“Data loss prevention is something one needs to look at. We do see a degree of insider attacks . . . having that solution is essential and educating employees on the risks out there,” he said.
Looking at malicious activity by country, he said the U.S. continues to be ranked first. Canada was ranked 13th in the world.
Symantec said the large increase in the number of new malicious code threats, coupled with the continued trend towards web-based attacks, reinforces the growing need for cooperative security responses. While antivirus signature scanning, heuristic detection, and intrusion prevention continue to be vital to the security for organizations as well as end users, newer technologies such as reputation-based security will become increasingly important.
This column was written by Liam Lahey of ConnectIT, an IntegratedMarCompany
a>>
