Although malware exploits moved at unprecedented speed and volume during the last year, 2009 may bring increasing cooperation among security vendors and law enforcement agencies to bring down criminal enterprises.
This is one of the findings from Trend Micro's annual Threat Roundup & 2009 Forecast, released by SecureData Security.
While malware authors have always moved quickly – releasing code as soon as an exploit is discovered – Trend Micro threat researchers witnessed faster-than-ever malware exploits in 2008, partly due to the 'in-the-cloud' threat models and architectures cybercriminals have repurposed for profit, and making the Internet the major vector used in the dissemination of malware.
For the security industry, this means traditional methods of protection are inadequate. Companies like Trend Micro responded in 2008 by taking the battle against the bad guys into the Internet cloud so that threats are stopped before they can do damage.
Exploits such as Domain-Name-Server (DNS) changing malware that literally routes any machine to any site took on more aggressively in 2008. Browser exploits like the zero-day exploit for Microsoft Internet Explorer became a favourite of cybercriminals in 2008. Additional attacks were launched against other browsers – all done quickly and surreptitiously, before these companies were able to issue fixes.
Data-stealing malware also experienced tremendous growth in 2008. Initiated by a Trojan attack, the primary goal of data-stealing malware is to capture sensitive data from users' PCs then send it back to a bot herder or other criminal operators either for direct exploitation or for resale on the digital Black Market.
The US is still the most spammed country, receiving 22,5% of all spam, while Europe is the most spammed continent. China's percentages have been increasing lately, showing 7,7% spam volume in 2008, compared to 5,23% or less in Russia, Brazil, and the Republic of South Korea.
From January until November 2008, a staggering 34,3-million PCs were infected with bots, software programs that allow remote control of a PC by a third party. The biggest three-month increase occurred from June to August when there was a 476% spike in infections.
In November 2008, a group of security researchers blew the whistle on San Jose-based McColo Corporation – one of the world's largest sources of spam. Trend Micro threat experts expect more efforts similar to the McColo takedown where collaborative security-community efforts are used to dismantle cyber gangs.
Looking forward to 2009, the reports says that, however it's implemented, monetary gain will continue to drive the continuous creation of new malware.
Sophisticated blended threats are the new frontier, with web threats continuing to involve multiple vectors, to avoid detection. These threats will employ the latest tricks and techniques in the coming year, such as the DNS changer Trojan, as malware writers continue to leverage the best tools available.
Ransomware and ransom attacks will occur in the second quarter of 2009, the report says. This ransomware will likely target small to medium-sized companies rather than individual home users. Companies with tightened budgets are especially vulnerable to criminals who request massive pay-offs. Small to medium-sized companies are large enough to have money worth extorting, but small enough that they cannot cope with threats of an IT disaster or large amounts of downtime.
Mac attacks are also expected to increase. As Mac computers, which do not usually ship with antivirus applications, continue to increase their market share, they will become increasingly vulnerable to attacks. Recent malware targeted to Mac users came from spammed messages and poses as a video application to distribute itself. When users clicked on the link to watch a video, they became infected with the malware. Threats exploiting bugs on alternative operating systems will grow, especially with the increasing popularity of Linux (because of the booming netbook market).
Microsoft — the eternal target — will continue its legacy of trouble in 2009. Proof-of-concept malware will exploit Microsoft Windows 7, Surface, Silverlight, and Azure. Cybercriminals will continue to employ a more professional approach to time their zero-day exploits to disrupt Microsoft's monthly 'Patch Tuesday' schedule.
Meanwhile, cyber gang wars will make headlines during the year ahead. Security researchers are seeing virus wars, worm wars, and botnet wars – due to increasing competition for financial gains from phishing and fraud, as well as the downsizing of criminal cyber gangs and improvements in security solutions. Look for growing competition between Eastern Europe and China to determine which country's crooks will be the first to include the latest exploits in their exploit kits.
Virtual worlds will experience more real-world trouble, as many of the threats encountered in the real world will also crop up in the virtual world. Since cyber criminals need large audiences to perpetrate their crimes, they have begun preying on residents in virtual worlds and players in online games, particularly in Asia where these games have become extremely popular.
Broken DNS issues will continue to create headaches. According to experts, bad guys are already using the poisoned DNS (Domain Name System) cache to create covert communications channels, bypass security measures, and serve-up malicious content. Although the security community, including Trend Micro, is working closely with registries/registrars where possible, this is an issue that ICANN (Internet Corporation for Assigned Names and Numbers) must address.
Unlike the global economy, the underground economy will continue to flourish, says the Trend Micro report. Increases in info-stealing malware, geared toward stealing login credentials and banking and credit card information, will continue to thrive. In addition, rogue applications are big business in the underground, as well as malware auction sites.
Identity theft is also expected to increase worldwide. Few countries have any laws that address it, so identity theft will continue to impact unsuspecting victims in 2009. According to the Identity Theft Research Center (ITRC), reports of data breaches reached an all-time high in 2008.
And, without doubt, spam volumes will continue to grow – with 95% of all emails already containing spam. Around 115-billion spammed messages, nearly all coming from compromised computers, are sent every day, up from the average 75-billion in 2005 to 2006. Spam is all about numbers as the more spam sent, and the better the social engineering, the greater the chance users will click.