Internet threats 2009 - overview
SOURCE: Webworld, 21 December 2009
CA report: Counterfeit security software, search engines and social networks biggest internet threats in 2009
Published: Monday 21 December 2009
Press release from: CA
Utrecht, 21 December 2009 - According to the new State of the Internet 2009 report, published by CA Inc (NASDAQ: CA), misleading/falsified security programmes, popular search engines, social networks and Web 2.0 threats posed the most significant online dangers in 2009. The report draws on data collected by researchers from CA's Global Security Advisor and summarises trends from the first half of 2009. CA's security-specialised researchers also issue predictions for key Internet threats in 2010, including an increase in "malvertising" and a possible new large-scale outbreak of a computer worm similar to Conficker.
"Cybercriminals get their money by attacking the most popular destinations on the internet, because that's where the highest return is to be expected," says Don DeBolt, director of security research at CA's Internet Security Business Unit. "Cybercriminals follow trends, important events, holidays and so on, and concentrate on what brings in the most revenue. Search engines like Google and Yahoo, or social networking sites like Twitter and Facebook, are attractive to these criminals because of the massive interest. Besides internet security software, education is the best weapon against today's dangers, so that consumers know what to watch out for in their activities on the internet."
CA researchers identified the following trends in 2009:
- Misleading or counterfeit security software: The popularity of programmes that masquerade as legitimate internet security software but are in fact malware has risen sharply. In the first six months of 2009, CA added detection for 1186 new variants of misleading security programmes, an increase of 40% compared to the second half of 2008.
- Search engine pollution: Google is often the target of online attacks. The attackers use sophisticated search engine optimisation methods to manipulate rankings and contaminate users' search results. Thus, these users are directed to untrustworthy websites where they can be infected with malware.
- Social networks/Web 2.0: Popular online communities, blogs and social media sites such as YouTube, MySpace, Facebook and Twitter are known targets. Among the aggressive attackers are organised, money-hungry groups that create hundreds of fake profiles for a variety of purposes, such as spreading malware and spam, or stealing users' online identities to commit other cybercrimes. Win32/Koobface is an example of a worm that spreads through social networking sites. It uses the affected user's login details to send messages to everyone on their list of connected friends and family members. In 2009, CA ISBU discovered more than 100 components and mutated strains belonging to the Win32/Koobface family.
- Identity theft: Attackers targeted online personal data to spread other forms of cybercrime, for example by collecting e-mail addresses for spambots, fishing for FTP accounts for web infections, and contributing to the spread of social networking worms such as Win32/Koobface. In 2009, 23% of the most common malware infections consisted of Trojans that steal information.
- Domain hijacking and 'typosquatting': Malicious websites posing as legitimate, decent sites to trick visitors into engaging in transactions or activities involving the disclosure of sensitive data.
- Threats for Mac OS X: Security is now a concern on the Mac too. In 2009, CA ISBU added 15 intelligent signatures for threat detection for Mac OS X, the most common being OSX/Jahlav.
"The amount of malware doubled in 2009 and opportunities to buy bots and other malicious programmes online are increasing hand over fist," DeBolt continued. "It's a game of cat and mouse. Cybercriminals are evolving with the malware community and are constantly looking for new vulnerabilities they can exploit, from online banking to search engine contamination."
Although the amount of spam and phishing messages is still growing, the spread of malware in 2009 was still mainly via the Internet with 78 per cent, followed by e-mail (via attachments or phishing) with 17 per cent, and finally removable media (USB drives, digital picture frames, and so on) with 5 per cent.
CA forecast for online security developments in 2010:
1. Misuse of search engine optimisation and malicious advertising (malvertising) will play a greater role in malware distribution.
2. The likelihood of a new major computer worm like Conficker is high. The rising popularity of web-based applications and the discovery of critical zero-day security vulnerabilities, especially in new operating systems like Windows 7 and Google Chrome, are fuelling a new worm outbreak.
3. Threats to Web 2.0 technologies, such as social networks, will continue to grow.
4. The use of denial of service attacks to make a political statement will increase. Popular websites like Twitter and Facebook are likely to fall victim again.
5. Banking Trojans: This type of Trojan is designed for banking systems and attempts to obtain identity data for financial gain.
6. People who engage in malware will mainly target the 64-bit and Apple platform.
About CA's State of the Internet Security 2009 report
CA's State of Internet Security 2009 report aims to provide consumers and businesses with information on the latest and most dangerous threats on the Internet, predict trends and provide practical advice for protection. The analysis provided is based on incident data from CA's Global Security Advisor team, submitted by CA customers and consumers from January to June 2009, as well as publicly available information. CA's full State of Internet Security 2009 report can be found at www.ca.com/securityadvisor.
CA's Global Security Advisor team provides trusted security expertise day and night and has been providing advice the entire world relies on for more than 16 years. The Security Advisor team provides all the tools to deal with threats and has leading researchers and experienced support staff. CA Global Security Advisor is available via www.ca.com/securityadvisor. It offers free security alerts, RSS feeds, computer scans and a blog regularly updated by its global team of researchers. All of CA's security products for home users, SMEs and enterprises are updated and protected by CA's Global Security Advisor team.
About CA ISBU
CA Internet Security Business Unit (ISBU) is a division of CA Inc. that focuses on the development, marketing and support of CA's antimalware products. CA has a complete range of internet security programmes for business, SMB and home/office home. The products are backed by CA's Security Advisor research team and hold key industry certifications. CA ISBU products are also offered by more than 10,000 resellers and OEM partners, including leading Internet Service Providers (ISPs) and Independent Software Vendors (ISVs). Licences for the products are currently in use on over 70 million PCs around the world. More information can be found at http://security.com/partners.
About CA
CA (NASDAQ: CA), the leading independent IT management software company helps customers optimise their IT environment for better business results. CA's EITM (Enterprise IT Management) solutions for mainframe and distributed systems enable Lean IT: Lean IT enables organisations to make sound decisions about their IT operations and to manage and secure them effectively. For more information, visit: www.ca.com