As the solstice rolls around, heralding the longest night of the year as well as the mid-point of 2007, it's clear that January predictions that identity loss would top this year's online risks were accurate.
Jeff Green, writing on his McAfee Avert Labs blog, has rated the company's January predictions on the top 10 threats in 2007 according to how accurate they have turned out to be so far. Each prediction was scored on a scale of zero to five, with five being spot-on and zero way off.
Password-stealing web sites are on the rise – 5
"We continue to see exponential growth in phishing sites," says Greem. "Based on the number of sites blocked by our phishing traps, activity in January alone increased by 358% versus the entire fourth quarter of 2006. February and March rose by at least 200% each compared to the same period. In total, the first three months of this year saw a 784% increase – with no slowdown in sight.
"We also anticipate an increase in the abuse of open-content sites, such as Google and Wiki pages. Google accounts can be used to host drop boxes (via Gmail) or phishing sites (Google Docs). Even Internet archive sites will suffer."
Spam, particularly image spam, is on the increase – 3
"The total volume of trap-based spam has stayed fairly flat during the first part of the year," Green expplains. "Image spam accounted for up to 65% of all spam at the beginning of the year and has now declined a bit. Image spam, which has messages embedded in images rather than text (typically pump-and-dump stocks, pharmacy, and degree spam), is still a force to be reckoned with. It hovers between 30% to 50% of all spam that tries to find its way into users’ inboxes."
The popularity of video on the web makes it a target for hackers – 4
"There’s no doubt that hackers are riding the wave of online video available on hugely popular social networking sites like YouTube and MySpace. Astute social engineering – coupled with video’s inherently easy-to-program format – has enabled cybercriminals to come up with a variety of clever tricks."
Mobile phone attacks will become more prevalent – 0
"Surprisingly, mobile malware numbers are down for the first quarter of 2007 (12 attacks), compared to the first quarter of 2006 (47)."
Adware will go mainstream – 3
"Because adware has gotten such a bad rap, businesses are experimenting with more creative ways to deliver ads on the Internet," says Green. "BitTorrent is setting a trend by offering free ad-supported downloads rather than paid downloads for its online TV network, so customers see ads before and after watching an episode or a movie -much like traditional television. YuMe Networks is also likely to follow this model. "
Identity theft and data loss will continue to be a public issue – 5
"According to Attrition’s Data Loss Database – Open Source, more than 13,7-million records have been breached thus far," Green points out. "Compare that to 1,80-million during the same period last year.
"We maintain our belief that the unauthorised transmission of information will become more of a risk for enterprises. This includes loss of customer data, employee personal information and intellectual property from a variety of channels—applications, networks, and even physical channels, like USB devices, printers, fax and removable storage."
The use of bots will increase – 3
"The statistics from our daily collections show that bots actually declined to a low point in November 2006, but are now increasing again. The numbers aren’t as high as they were 12 months ago, but they’re definitely heading up."
Parasitic malware will make a comeback – 5
"There’s no doubt about this one. Philis and Fujacks continue to be active parasitic families, and Avert Labs has classified more than 150 new variants of these two families since 2007. And, let’s not forget other families like Sibil, Grum, and Expiro," Green explains.
The number of rootkits on 32-bit platforms will increase – 4
"According our Virus Tracking Map, approximately 200 000 systems reported rootkit infestations since the beginning of 2007 – a 10% increase over the first quarter of 2006."
Vulnerabilities will continue to cause concern – 5
"Not only do they continue to cause concern, there are more of them to worry about than ever before," says Green. "In January and February 2006, Microsoft issued patches for five important and five critical vulnerabilities. During the same months this year, Microsoft patched nine important and 27 critical vulnerabilities."