With the end of the year rapidly approaching, Symantec has taken a look back at the top security trends of 2008 and has used that information to predict what the top threats will be in 2009. Attackers are constantly changing their tactics and strategies to make their attacks and scams as damaging as possible. Cybercriminals are increasingly working together and have developed their own Underground Economy that has become self-sustaining.
Trends that Symantec has seen in 2008 include Underground Economy, Web-based Attacks, New Malware Variants and Families of Threats.
Trends that they expect in 2009 include Explosion of Malware Variants and Economic Crisis.
Top Internet Security Trends of 2008
1. New Malware Variants or Families of Threats: Attackers have shifted away from mass distribution of a small number of threats to micro distribution of large families of threats. These new strains of malware consist of millions of distinct threats that mutate as they spread rapidly. The Trojan.Farfli, which was first discovered in July 2007, is one such family of threats that has exhibited these characteristics.
2. Fake and Misleading Applications: Fake security and utility programs, also known as "scareware", promise to secure or clean up a user's computer. These programs are installed along with a Trojan horse program, produce false or misleading results, and hold the affected PC hostage until the user pays to remedy the pretend threats.
3. Web-based Attacks: Trusted Web sites are the focus of a large portion of malicious activity. In 2008, Symantec has observed that the Web is now the primary conduit for attack activity.
4. Underground Economy: The Underground Economy has matured into an efficient, global marketplace in which stolen goods and fraud-related services worth billions of dollars are regularly bought and sold. From July 2007 to June 2008, Symantec researchers found the value of total advertised goods on underground economy servers observed was more than $276 million.
5. Data Breaches: The continued high volume of data breaches underscored the importance of data loss prevention technologies and strategies. With mergers, acquisitions and layoffs more common in today's economic climate, data loss prevention becomes increasingly important in protecting the sensitive information, including intellectual property, of a company.
6. Spam: "Two years from now, spam will be solved," said Bill Gates in 2004. In 2008, we were seeing spam levels at 76 percent until the McColo incident in November 2008, at which time spam levels dropped 65 percent. While anti-spam filters have become more sophisticated in the last year, and spam threats have emerged and dissipated, it is clear that spammers are not giving up the spam fight.
7. Phishing: Phishing continued to be active in 2008. Attackers are using current events such as the 2008 U.S. presidential election to make their "bait" more convincing and employing more efficient attacking techniques and automations. Phishing tookits also continue to contribute to the problem.
8. Browser or Plug-in Vulnerabilities: Site-specific vulnerabilities are often used in association with browser plug-in vulnerabilities, which are useful for conducting sophisticated Web?based attacks.
Security Trends to Watch in 2009
Explosion of Malware Variants: Recent attacks include new strains of malware that consist of millions of distinct threats that propagate as a single, core piece of malware. This creates an unlimited number of unique malware instances. The sensor data obtained via the Symantec Global Intelligence Network also shows we have reached an inflection point. There are now more malicious programs created than legitimate programs. These new and emerging threats have given rise to the need for new, complementary detection methods such as reputation-based security approaches.
Advanced Web Threats: As the number of available Web services increases and as browsers continue to converge on a uniform interpretation standard for scripting languages, Symantec expects the number of new Web-based threats to continue to increase.
Economic Crisis: The global economic crisis will be the basis of many new attacks. This will include phishing attacks (e.g. whose fictitious premise might surround the closing of a given bank). Similarly, attacks may also exploit other types of fraudulent activity such as around economic issues including e-mails that promise the ability to easily get a mortgage or refinance. Expect to see an increase in scams that prey on people who have had homes foreclosed, an increase in work from home scams targeting the unemployed, and an increase in spam that mimics job sites.
Social Networks: In 2008, we've noticed an uptick in activity in threats related to social networking sites. These threats have involved phishing for username accounts or using social context as a way to increase the "success rate" of an online threat. Spammers in select EMEA regions have been heavily promoting social networking sites - one instance reached more than 2 million Symantec customers. These threats will become increasingly important for enterprise IT organizations since the new entering workforce often accesses these tools using corporate resources.
Spam Levels Will Rise: Symantec saw a 65 percent drop in spam between the 24 hours prior to the McColo shutdown and 24 hours after. We expect to see spam levels rise back to approximately 75 to 80 percent. Command-and-control systems will be re-established and more importantly, this event may drive spammers toward the continued use of peer-to-peer botnets, which are generally more resilient. In this turbulent economic climate there may be other hosting companies around the world who might be willing to facilitate this sort of spam activity.
Virtual Machine Security: Virtualization technology will be incorporated into security solutions to provide an environment isolated and protected from the chaos of a general purpose operating system environment. This technology will provide a safe environment for sensitive transactions such as banking and protect critical infrastructure such as the security components that protect the general purpose operating environment.