July 7, 2008; 08:59 AM
CUPERTINO, Calif., July 7 /PRNewswire-FirstCall/ -- Trend Micro
Incorporated (TSE: 4704), a global leader in Internet content security,
reported today that cybercriminals are not only leveraging new technologies to
propagate cybercrime, but are also reinventing forms of social engineering to
cleverly ensnare both consumers and businesses, according to the "Trend Micro
Threat Roundup and Forecast 1H 2008" report. As a result, the last six
months saw an upswing in Web threats, but steady decreases in adware and
spyware that are generated by outdated technical methods and can no longer
compete with high-level security solutions.
Exploiting human nature through social engineering and phishing techniques
While social engineering tactics such as the Nigerian phishing scam and
the Spanish prisoner scam have been around for decades, cybercriminals
continue to refresh and modernize this standard form of trickery based on
whatever the trend appears to be. For example, the tools and technologies
used to create the interactive nature of popular social networking sites have
become a land mine for cybercrime. In March, Trend Micro discovered that over
400 phishing kits designed to generate phishing sites were targeting top Web
2.0 sites (i.e. social networking, video sharing and VoIP sites), free email
service providers, banks and popular e-Commerce Web sites. Recently, a new form of phishing warned potential victims about phishing
emails as a way to legitimize that email and then tricked them into clicking
on a link that leads to a fraudulent site. Spammers are also recycling old
techniques. In February, Trend Micro investigated a voice phishing (aka
"vishing") attempt. The message appeared convincing, with all links leading
to corresponding, legitimate target pages, but included a phony number for
recipients to call to reactivate their account, which had been supposedly
"placed on hold." Upon calling the phone number, users were asked for their
bank card number and PIN, unwittingly opening their bank accounts to the
phishers.
Developing malware for blended threats
Malware variants have generally been treated as separate individual
threats. Today, profit-motivated Web threats blend various malicious software
components into a singular Web threat business model. For example, a cyber
criminal sends a message (spam) with an embedded link in the email (malicious
URL) or contained in an instant message. The user clicks on the link and is
redirected to a Web site where a file (Trojan) automatically downloads onto
the user's computer. The Trojan then downloads an additional file (spyware)
that captures sensitive information, such as bank account numbers
(spy-phishing). Although seemingly one incident, blended threats are much more
difficult to combat and much more dangerous for the user.
Exploiting new technologies
The fast-flux technique is an additional example of criminals abusing
technology developments. Fast-flux is a domain-name-server (DNS) switching
mechanism that combines peer-to-peer networking, distributed command and
control, Web-based load-balancing, and proxy redirection to hide phishing
delivery sites. Fast-flux helps phishing sites stay up for longer periods to
lure more victims. For example, researchers are challenged to identify
malicious Storm domains because developers are using fast-flux techniques to
evade detection.
A spike in Web threats accompanied by a decline in adware and keyloggers
Trend Micro witnessed a dramatic increase in Web threat activity during
the first half of 2008. Web threats peaked in March to 50,000,000 from
approximately 15,000,000 in December 2007.
On the decline are adware, trackware, keyloggers and freeloaders. In
March 2007, Trend Micro found that approximately 45 percent of PCs were
infected by adware; by April 2008, only 35 percent were reportedly infected.
In May 2007, approximately 20 percent of PCs were infected by trackware; that
number has dropped to less than 5 percent in April 2008. Keyloggers also
showed a small, but steady decline with less than 5 percent of PCs being
infected (from over 5 percent in September 2007.)
"This is a good example of how cybercriminals are evolving with the times
-- they're moving away from threats that use old or waning technologies;
instead, focusing on the lucrative threats that bring a bigger payload," said
Raimund Genes, chief technology officer of Trend Micro.
Other notable findings from the report:
-- High-profile Web sites became highly targeted. In early January,
several massive SQL injection attacks were launched on thousands of Web pages
belonging to Fortune 500 corporations, state government agencies and
educational institutions.
-- Mobile threats are continuing to play a small part in the new threat
landscape. In January, Trend Micro discovered malware disguised as a
multimedia file that was used to infect older Nokia mobile phones. -- With skill comes precision. Cybercriminals are increasingly targeting
more affluent users, such as C-level executives who represent a small number
of wealthy, high-level individuals in positions of power to gain access to
larger bank accounts, login credentials, or even email addresses that span an
entire organization.
-- Spam volumes decreased briefly at the beginning of 2008 -- perhaps a
post-holiday break for spammers. Volume spiked in March with a small slip in
April. Whenever drops in spam activity occur, Trend Micro researchers
interpret this as a sign that spammers are either regrouping to launch a new
attack or testing new techniques.
-- Bots (compromised PCs) spiked from over 1,500,000 in January to over
3,500,000 in February. This was then followed by a dramatic drop in March.
Six-Month Forecast
According to research and observations of attacks that have occurred since
the beginning of this year, Trend Micro researchers predict the following
trends over the next six months:
-- Social engineering will remain a key attack method, with more
sophisticated tricks evolving. Trend Micro expects cyber criminals to leverage
events such as the Summer Olympics, back-to -school shopping, the U.S.
election season, soccer and football events, and the holiday season in
December.
-- Cybercriminals will continue to target newly discovered vulnerabilities
in "third-party" software applications, such as QuickTime, RealPlayer, Adobe
Flash, etc.
-- Crimeware that relies on technical methods that are becoming obsolete,
such as dialers and keyloggers, will continue to slowly decline in number.
Grayware such as trackware and browser hijackers will also slowly fall off in
number as they cannot scale well in an era of million-member botnets.
-- Spam volume will continue to rise exponentially with average daily spam
volumes predicted to increase by 30- to 50- billion messages per day. Spam and
phishing will rise in August to correspond with back-to-school activities and
the Olympics. A seasonal spike is also expected in November to correspond with
the holidays, with spam forecasted to reach 170 to 180 billion messages per
day.
-- As is occurring now, both spam and phishing will continue to play a
part in blended threats. About 0.2 percent-one out of every 500 Web
requests-are sent to Web sites hosted on infected PCs, and this trend is
expected to continue.
-- Bots and botnets will continue to play an important part in the threat
chain for spamming, information stealing, targeted attacks and large-scale
attack campaigns. For a copy of the full report, go to
http://us.trendmicro.com/us/threats/enterprise/security-library/threat-
reports/index.html
About Trend Micro:
Trend Micro Incorporated, a global leader in Internet content security,
focuses on securing the exchange of digital information for businesses and
consumers. A pioneer and industry vanguard, Trend Micro is advancing
integrated threat management technology to protect operational continuity,
personal information, and property from malware, spam, data leaks and the
newest Web threats. Its flexible solutions, available in multiple form
factors, are supported 24/7 by threat intelligence experts around the globe. A
transnational company, with headquarters in Tokyo, Trend Micro's trusted
security solutions are sold through its business partners worldwide. Please
visit http://www.trendmicro.com. Copyright(C) 2008 Trend Micro Incorporated. All rights reserved. Trend
Micro, the Trend Micro t-ball logo are trademarks or registered trademarks of
Trend Micro, Incorporated. All other product or company names may be
trademarks or registered trademarks of their owners.
SOURCE Trend Micro Incorporated
Source: www.earthtimes.org |
|