The Georgia Tech Information Security Center (GTISC) hosted its annual summit on emerging security threats on October 15 and published its annual attack forecast report.
According to their research, the electronic domain will see greater amounts of malware attacks and various security threats in the coming year.
Data will continue to be the primary motive behind future cyber crime, whether targeting traditional fixed computing or mobile applications. According to security expert George Heron, “It’s all about the data”, so he expects data to drive cyber attacks for years to come. This motive is woven through all five emerging threat categories.
Social Networks Malware
According to the experts, a ten-fold increase in malware objects detected in 2008 is expected. Attackers move beyond mass-distribution phishing scams, and they are tapping into new ways to localize and personalize their attacks for better penetration.
Apparently, a lot of attacks will go through social networking sites like MySpace, Facebook and others, which will likely be used as delivery mechanisms to get unsuspecting users to a malicious Web site link in order to deliver malware.
Example:
A Facebook message sent from one friend to another includes a link to a YouTube video of interest to the recipient. The recipient clicks on the link supposedly sent by his/her friend, and then sees a prompt to install the latest version of Flash Player in order to watch the video clip. The user clicks to install the update, but actually installs a piece of malware on the machine, effectively involving the computer in a botnet.
Botnets
Compared with viruses and spam, botnets are growing at a faster rate, according to the researchers.
GTISC estimated in last year’s report that 10 percent of online computers were part of botnets, i.e. groups of computers infected with malicious code and unknowingly controlled by a malicious master. This year, researchers estimate that botnet-affected machines may comprise 15 percent of online computers.
There are three primary factors that are driving zombie network expansion cited:
Infection can occur even through legitimate Web sites
Bot exploits/malware delivery mechanisms are gaining sophistication and better obfuscation techniques
Users do not have to do anything to become infected; simply rendering a Web page can launch a botnet exploit
Bots can be delivered to a machine in a variety of ways: via Trojans, emails, an unauthorized instant message client or an infected Web site. Once installed, bots lie low to avoid notice by antivirus and anti-spyware technology. Periodically, the bot communicates to a “command and control” server and waits for a response, keeping the identity of malicious master hidden.
Once installed, bots actually become bot armies that engage in a variety of malicious activities, including:
- Data theft (social security numbers, credit card information, trade secrets, etc.)
- Denial of service attacks
- Spam delivery
- DNS server spoofing
The report noted that "most botnet command and control sites can be traced back to China." However, this stat could be misleading because a lot of Chinese are using pirated software which doesn't receive security updates, which means that many Chinese computers are vulnerable and a haven for botnet command and control sites.
VOIP Attacks
Another trend in compromising the security will probably be using VOIP technologies. Attackers will use them to engage in voice fraud, data theft and other scams, similar to the problems e-mail has experienced in the past.
DoS (denial of service), remote code execution and botnet threats will also apply to VOIP networks in the coming year, and will become more problematic for mobile devices as well, the report said.
According to the report, criminals know that VOIP can be used in scams to steal personal and financial data, so voice spam and voice phishing will be trendy in 2009.
Most people are used to enter Social Security numbers, credit card numbers, bank account numbers, etc. over the phone while interacting with voice response systems and the criminals will exploit this to perpetrate voice phishing and identity theft.
Cyber Warfare
Security experts believe that cyber-warfare will accompany traditional military interaction more often in the years ahead. Example is the cyber attacks that occurred between Russia and Georgia earlier this year, which could be a model for military cyber engagements in 2009 and beyond.
The experts said that e-war tactics will also play a more “shadowy role” in attempts by antagonist nations to subvert the U.S. economy and infrastructure.
Some of them belives that cyber warfare will play a significant role between China and the United States.
According to security expert George Heron, cyber-threats originating from China are very real and growing. The evidence supports this is the majority of bot masters being traced back to China, along with malware and other disruptive threats.
Advantages of Cyber Warfare are:
- The low cost to launch cyber attacks compared with physical attacks
- The lack of cyber defenses
- The “plausible deniability” the Internet affords
- The lack of “cyber rules of engagement” in conflicts between nation states
The Evolving Cyber Crime Economy
Finally, cyber criminals will become increasingly organized and profit-driven in the years ahead, being described as “an international conglomerate of professionally trained authors motivated by high profit.”
You can buy, lease, subscribe and even pay-as-you-go to obtain the latest malware kits, which are much more sophisticated than their predecessors.
Several malware kits are supported by product guarantees and service level agreements. A few malware developers are even offering multiple language “customer support” in order to reach a wider audience of criminals.
The cyber criminal industry can be divide into three tiers:
- Low-level criminals who use kits to create the specific malware required for their targeted crimes
- Skilled developers and collectives of technical experts creating new components to embed within their commercial malware creation kits
- Top-tier managed service providers that wrap new services around malware kits to increase propagation and enable organized fraud on a global scale, feeding gains back into existing money laundering chains
However, it’s a tough road ahead of us in the battle against malware in the following year.
