One well-known characteristic of the computer industry is how quickly it changes. Advancements are made in technology so fast that keeping up with the curve often seems daunting. However, one aspect of the industry is essential to stay ahead of--security. As threats increase in volume and severity, the importance of monitoring those changes is paramount. Symantec, as always, maintains a watchful eye on threat landscape trends. At the end of 2008, Symantec researchers predicted a number of security developments to watch for in 2009. Here's what we predicted and how the predictions have stood up thus far.
Social Network Threats:There's no question that online social networking continues to rise in popularity due to the numerous conveniences and opportunities it provides. There's also no question that social networking provides phishers with a lot more bait than they used to have. Threats can come from all sorts of avenues within a social networking site. Games, links and notifications are easy starting points for phishers to use as they lead people into trouble. As society picks up one end of the social networking stick, it finds that it inevitably picks up the security problems on the other end.
Rising Spam Levels: We may not want it, but it still keeps coming. In June 2009, about 90 percent of all email messages were spam. The overall amount does fluctuate, and a fight is underway to ward off or close down as many spammers as possible, but on average, the levels of spam have primarily risen rather than fallen. Big headlines almost always lead to more spam, and major headlines from 2009, such as the death of Michael Jackson, the H1N1 flu outbreak and the Italian earthquake are obvious examples of this.
Explosion of New Malware Variants: One of the most noticeable increases we have observed in the security landscape is the sheer number of attacks and various methods for their distribution. Each month, Symantec security researchers block an average of more than 245 million attempted malicious code attacks across the globe. Most of the attempted threats have never been seen before. A combination of new distribution strategies, new media and Internet channels and increasingly advanced hacker techniques all add up to more malware. While attackers previously used to distribute a few threats to a large number of people, they are now micro distributing millions of distinct threats to smaller, unique groups of people. All of these factors combined together equal an unlimited number of unique malware attacks occurring.
Economic Crisis: One of the most noticeably exploited bases for attack in 2009 has been the global economic crisis. Its impact has been far-reaching and the computer industry is far from immune to its affects. Schemes and scams targeting victims of the recession and touting solutions to its problems are prevalent. Some of the threats are new and some have been around for awhile. Such scams include:
- Scams targeting the unemployed with seemingly too good to resist offers.
- Attacks seeking to exploit users of classifieds and job boards.
- Scams targeting people dealing with home foreclosures.
- Scams targeting people seeking mortgages or refinancing.
- Scams exploiting the U.S. economic stimulus packages.
- "Work at home" schemes.
Advanced Web Threats: Distribution and channel options are not the only things that have increased for cybercriminals, their skills and creativity follows the same pattern. In addition to the threats being new, they are becoming increasingly sneaky and complex. New scams, such as drive-by downloads, or exploits that come from seemingly legitimate sites, can be almost impossible for the average user to detect. Before the user knows it, malicious content has been downloaded onto their computer, and they face an often expensive and time consuming recovery process. As predicted, the level of sophistication in such threats continues to rise. This indeed is an alarming trend.
In addition to the security trends Symantec predicted at the end of 2008, we have also observed a few others. Here is a look at some additional 2009 security trends.
Deceptive Methods That Imitate Traditional Business Practices Continue: One tactic cybercriminals are fond of is imitating traditional business practices. In today's world, business on the Internet is part of life. Cybercriminals recognize this and are clever enough to imitate business interactions. Even apart from business interactions, cybercriminals have figured out how to deceive people by presenting counterfeit messages. Examples of this include malicious advertisements or "malvertisments," which redirect people to malicious sites, or "scareware," which parade as antivirus scanners and scare people into thinking that their computer is infected when that's not really the case. The user is then lured into buying a fake product. Such deception is a prevalent security risk.
Cross-Industry Cooperation to Tackle Cybersecurity: The Conficker worm in February 2009 prompted a collaboration of groups that combined to solve one of the most complex and widely spread threats to hit the Web in several years. The group was comprised of industry leaders and people from academia and as they worked together, the combined efforts of the Conficker Working Group proved successful. Security researchers, Internet Corporation for Assigned Names and Numbers (ICANN) and operators in the domain name system were able to work with several industry vendors to coordinate a response that disabled domains targeted by Conficker. This example represents the type of collaboration that will likely increase in the industry in order to successfully address today's security threats.
Some Throwbacks Make Comebacks in 2009: While much has changed on the threat landscape, some basic components remain, and, more interestingly, some older trends have made a comeback. As stated earlier, many cybercriminals have begun sending multiple distinct threats to smaller numbers of people, but there have also been notable examples of the older technique of sending a few threats to a massive number of people. The motivation for either method is frequently financial, and the goal is often to steal personal data, distribute rogue antivirus software or propagate spam. There are of course those attacks that have no real purpose except to wreak havoc, but whatever the motivation, the various methods are prompting the need for a multi-layered defense that combines traditional detection with complementary detection such as reputation-based security models.
Amid the ever-changing Internet security landscape, industry analysts, such as those at Symantec, are seeking to make the Internet a safer place. Thanks to such efforts, it is possible to stay ahead of the Internet threat curve. However, while we researchers are the ones keeping up with cybercriminals, it is important for users to keep up with the researchers in order to take advantage of the knowledge their findings provide. Computer users who keep up on security trends will be better suited to follow safe practices that will maximize the benefits of their technological use and help fight cybercrime.