Cybercriminals are getting more professional, adopting classic business structures in the development and deployment of malware that is increasingly designed to reap maximum profit, according to the annual Cisco security report. Start-up kits for those looking to set up shop in cybercrime are also available. Crackers sell their wares in online marketplaces where they can also hire quality-assurance testers to strengthen their malicious code, as well as botnets for quick distribution of their exploits, the report says. For example, the Zeus Trojan kit includes what is needed to infect machines and steal login data for $700, the Cisco security survey says. Worst moments in network security history This year Cisco gave for the first time awards for notable achievements, and its top prize for illegal activity - Most Audacious Criminal Operation - went to Zeus, which infects victims' machines and gathers data such as passwords.
Criminals sell toolkits for modifying Zeus so attackers can alter its code enough to duck antimalware filters, Cisco says. The malware has infected an estimated 4 million machines, Cisco says, and poses a formidable botnet that could be used for a variety of attacks. The Most Notable Criminal Innovation is Koobface, a worm that lures users to a YouTube video that encourages Flash player updates. Koobface highlights the use of social networking sites for spreading malicious activity. The updates they download are actually the worm that gathers sensitive information from infected machines.
With social networking accounting for 2% of work Web traffic, businesses need to educate employees on how to use these sites safely, Cisco recommends. Users get baited with intriguing postings that lead to sites that download malware, the report says. The usefulness of social networking sites to scammers is the trust users place in them. The overall exploit and threat level including those against social media users increased 57%, according to Cisco. "It's easier and often more lucrative to fool social media users in order to launch an attack or exploit or steal personal information," the report says. So someone clicking on a short URL found in a Twitter posting could wind up with an infected machine.
Shortened URLs - a common tool used by Facebook participants - that cut the number of characters needed to reach a site can mask that they link to sites that download malware. Cisco recommends getting browser add-ons that reveal the actual URL when the cursor rolls over the shortened URL, giving users the chance to see whether it looks legitimate. Since it relies on victims being fooled into clicking on links to sites that download malware or opening malicious files, user education is key to fighting it, Cisco says. In other areas, targeted spam accounts for just 10% of all spam, but it is on the rise and can be nearly impossible to stop. Cisco estimates that there is no evaluation of the dangers presented by 80% of Internet sites, making effective URL filtering more difficult. Antivirus scams are up five-fold since 2008, luring victims to buy antivirus packages that legitimate vendors offer as free trials or buying packages that deactivate viruses already on the targeted machines.
Emerging tools that analyze and characterize Web content to determine its safety rather than a list of URLs to block are more effective, the report says. Businesses are getting lax about their skepticism of cloud computing platforms and failing to do as much due diligence as they might have a decade ago. Cisco recommends that businesses ask where data is actually stored, how they are being protected, who has access to them and whether they stack up to various regulatory and auditing requirements. This erosion of caution may be the result of personal use of social networking sites that leads to a belief that cloud infrastructure can be trusted out of hand, the report says. Cisco estimates that one in 600 PDF downloads contains malware, as does one in every 200 Java and every 3,000 Flash files. Attackers are veering away from buffer overflows, worms and directory traversals and toward arbitrary code execution and denial-of-service attacks as their favored exploits, the report says.
Users need to quickly update versions of readers for these files in order to have the most secure versions, Cisco says. These changes indicate the desire by criminals to gain and retain control of infected machines. Whereas in earlier years a few widespread exploits accounted for the bulk of the total, in 2009 a broader range of less successful attacks contributed to the total, the report says. Cisco's ratings of threats found by its IntelliShield service indicate there is an increase in threats and a greater variety of sources.
0 comments:
Post a Comment