The present global economic climate will become a goldmine for cyber criminals and will lead to more financial crimes – this is the grim prediction for 2009 by information technology experts.
According to a white paper by McAfee that was made available exclusively to Emirates Business, malware authors are taking advantage of people's distraction to deliver a roundhouse strike.
IT experts also say 2008 saw more malware than ever before and malware hosted in remote URLs increased by 256 per cent during the year. Also, malicious links in spam saw a 500 per cent spike.
Emirates Business spoke to experts to find out how the economic uncertainty is becoming a rich hunting ground for cyber criminals and more about the threats in 2009.
Greg Day, Emea Security Analyst, McAfee Avert Labs, said: "First let's look at last year. We have seen more malware in the past 12 months than before. By the end of 2007, McAfee Avert Labs had identified a little less than 358,000 pieces of malware during a 15-year period; however, more than 135,000 of those were identified in 2007 alone. By March 2008, we had already identified more malware than in all of 2007. In 2008, Avert Labs identified almost 1.5 million pieces of malware, an average of 3,500 each day. They are stealthy, written with a definite purpose – to make their authors money – and there are a whole lot of them."
Rik Ferguson, Solutions Architect, Solution Service and xSP Business Development, Trend Micro, agreed: "The year 2008 was absolutely one of mass compromise with
hundreds of thousands of websites being infiltrated to host invisible code redirecting unsuspecting browsers to sites hosting malicious code and exploit kits. The month
of May alone saw more than one million websites compromised. This continued throughout the year, with the final example in 2008 being a mass compromise to take advantage of the zero day vulnerability in Microsoft Internet Explorer.
"Malware hosted in remote URLs increased by 256 per cent in 2008. Also, malicious links in spam saw a 500-per cent spike, one in every 500 web requests made is to a website hosted on an infected PC."
Both the companies say the present economic crisis will lead to more finance-related crimes as cyber criminals will try to take advantage of the prevailing confusion and desperation of jobless people.
According to the white paper by McAfee phishing scams offering fast money are growing in quantity. These scams are frequently associated with fake financial and transportation-of-goods websites.
Day said: "We already have spear phishing, which is targeted phishing, commonly going for the 'big fish', such as chief executive officers, chief operating officers and chief financial officers. I suspect we will continue to see more of this, as well as more personalised and localised attacks in this space."
The white paper goes on to say that with the current global financial troubles, many internet users, both consumers and businesses, are on the lookout for attractive offers of service, without realising that cyber criminals are lurking behind the guise of apparently legitimate services. It warns of fake financial transaction services, fake investment firms and fake legal services.
The white paper said: "We are also seeing a rise in 'mule' recruitment sites. As many people struggle to find profitable work, offers that promise decent pay for only two or three hours of activity from home are quite tempting. More and more spam campaigns are making these offers, but professional-looking websites are also involved in these scams and frauds.
"More surprising, fake sites advertising goods transportation, legal services, and even "financial transaction agents" are blossoming. This is a particularly successful time for car transport offers. Each day, McAfee Avert Labs discovers fake sites proposing such services in Europe, Africa and the Americas. We expect to see more of these various fake service offerings throughout 2009."
Ferguson said: "Cybercrime in 2009 will definitely be influenced and in part shaped by the global economic downturn.
"As the financial crisis begins to hit home we can fully expect organised cybercrime to take advantage of this. To them it will be almost a recruitment bonanza as more highly skilled, disaffected and financially motivated programmers find themselves out of work, both in Europe and in the countries that traditionally provide the outsource IT skills we have come to rely on.
"If cyber criminals have no difficulty in recruiting willing volunteers to crack Captchas at a rate of $2 [Dh7.34] or $3 per thousand it is a sure thing they will want to take advantage of a growing available workforce with far more advanced skills. Continued disruption in the commercial world will of course see more companies going through difficulty, going out of business or being the subjects of acquisitions and mergers. This is exactly the kind of confusion that social engineering thrives on and we have already seen this begin in 2008 during the banking crisis.
"As this peculiar set of circumstances begins to bite more this will be offering a stream of fresh social engineering vehicles for cyber criminals to latch onto."
However, Day assured: "That said, the number one message in these circumstances is that though the volume and complexity of threats will continue to increase this year, equally, we will see more cybercrimes shut down, in the same way as 'Dark Market' and 'McColo' were in 2008. Law enforcement agencies are getting better at collaborating to deal with these attacks; however, they need assistance from security vendors to report such attacks and to gather evidence."
McAfee's predictions for 2009 regarding the threats faced by the information technology sector are:
- Threats hide in the clouds: We have become a Web 2.0 world – the internet is our platform and social networking is spreading like wildfire. Malware authors have transitioned to the internet "cloud" as their main delivery vehicle and take advantage of the attractions of Web 2.0. We can expect this trend to continue in 2009, eventually displacing more traditional vectors of malware distribution.
- Server-side threats: Many years ago, threats often included mutation engines within each binary file. More malware authors are moving those engines to the cloud, making it more difficult, if not impossible, to reverse-engineer the mutation logic . This also leads to a huge increase in the number of malicious binaries in the world and challenges the way we classify and count those binaries.
- Evasion to cash in: Desktops have become more hardened through defensive policies and protective technologies, and malware authors are taking evasive actions. For many years, malware authors have used anti–reverse-engineering tactics, making it more difficult for researchers to describe, classify and combat threats. In 2008, we saw an increase in malware authors and distributors, making it more difficult for security researchers to obtain the malware itself using tactics such as download thresholds and randomisation, referring URL dependencies, browser and platform restrictions, and the presence of certain cookie properties or values. This trend is expected to continue in 2009.
- Browser validation: This year, an increasing number of malicious websites targeted specific web browsers to deliver various payloads and identify crawling tools. In August, an SQL injection attack was used to rewrite web pages of a compromised website and push a different payload to the site's visitors depending on which browser was being used. With the sharp increase in both SQL injection and cross-site scripting vulnerabilities, we expect this trend to grow in 2009.
- Personalised threats: One of the most alarming social networking threats in 2008 was the Koobface worm. With more than 1,100 distinct Koobface binaries on record, the authors are targeting MySpace and Facebook users. One contributing factor to the success of these attacks is users are often caught off guard when they receive a threat from a friend. Although many people have been affected by Koobface, there are still many more who have yet to realise its dangers. The social networking "worm forecast" looks bleak for 2009.
- Malware revisited: In 2008, we saw the continued increase of old-school parasitic file infectors. Avert Labs measured an increase in victims of USB and flash memory viruses. This is a big deal because of the widespread use of removable storage devices such as USB sticks, cameras, picture frames, etc. This trend is expected to continue well past 2009.
Trend Micro warns
Trend Micro's warnings for 2009 include the following:
- Mobile devices: Mobile devices are certainly becoming more prolific. Expect to see malware specifically targeting mobile devices and perhaps for the first time recruiting them into 3G botnets.
- Voice over internet protocol technology: VoIP is rapidly gaining in acceptance and will also become a lucrative target for cybercrime both in rogue VoIP apps, vishing and as a potentially lucrative target of DDoS blackmail attacks.