2010: Year of vulnerability

Attacks carried out via browsers and botnets remained the biggest threat to computer security in 2010 and if anything, the year should be dubbed the 'year of the vulnerability' - the tool predominantly used to help malware penetrate victims' computers.

This is according to Kaspersky Lab in its annual overview of the IT threat landscape titled 'Outcomes for 2010 and Predictions for 2011'.

The security company says the complexity of threats reached a whole new level in 2010 and Spyware 2.0 will be the new cyber crime concept for 2011.

Author of the review, Alexander Gostev, chief security expert at Kaspersky Lab, reveals that the main trends seen in 2009 continued into 2010, although their levels of sophistication reached completely new heights in a number of cases.

Meanwhile, notes Kaspersky, hackers increasingly turned their attentions from vulnerabilities in Microsoft products to those existing in the software products of Adobe and Apple.

“As forecast, 2010 saw an increase in the number of attacks performed via P2P networks. This infection channel is now widely used, second only to browser attacks. Virtually, all types of threats spread via P2P networks - file viruses, Rogue AV software, backdoors, SMS fraud programs and many different types of worms.

“According to data received from the Kaspersky Security Network, at least 3.2 million P2P-based attacks were carried out each month in the latter stages of 2010,” the company says.

It adds that cyber criminals continued to actively use so-called partnership programs, noting that semi-legal or 'grey' schemes became increasingly popular alongside openly illegal activities, such as infecting legitimate Web sites and users' computers using drive-by downloads.

The security company explains that such semi-legal schemes include encouraging unwary users to voluntarily download dangerous files, black hat search engine optimisation (using unethical techniques to push malicious Web sites to the leading positions in search engine result pages), the use of eye-catching links and banners, redirecting traffic to adult content sites and other similar techniques.

Kaspersky Lab's experts say they were also proven right concerning their predictions of malware epidemics in 2010.

“A number of malware incidents in 2010 can easily be classified as 'global' outbreaks due to the speed at which they spread; their scale and the attention they attracted.

“These included the botnets Mariposa, Zeus, Bredolab, TDSS, Koobface, Sinowal and Black Energy 2.0, all of which affected millions of computers worldwide.”

It also points out that the Stuxnet worm was the climax of this new wave of complex new malicious software. “Interestingly, it appears to be the case that the most widespread malicious programs tend to be the most elaborate in terms of the technologies used.”

“The Stuxnet case is of particular interest not only because of its extraordinary complexity, but also because it targets programmable logic controllers (PLCs) used in industrial manufacturing,” says Gostev.

“This is the first serious, high-profile instance of malicious activity with the potential for significant industrial sabotage. This case has demonstrated that the long-standing boundary between the virtual and real worlds is beginning to erode. This presents some very new problems that we will all have to tackle in the near future.”

Kaspersky also notes that the prediction that the number of Rogue AV programs would decrease was a bold one, but it was also borne out. It adds that having reached a peak in their activity at around 200 000 incidents per month in February-March 2010, they fell off to a quarter of that amount by late 2010. The remaining Rogue AV programs are becoming increasingly region-specific, it adds.

“The prediction that cyber criminals would pay more attention to the iPhone and Android platforms turned out to be partially correct.

“Several concept programs were created for the iPhone in 2010 that demonstrated the potential risk associated with this device, as well as a number of technologies that could be employed by attackers in the future.

“Malicious programs for Android have been detected that are explicitly criminal in nature, making use of the widespread technique of mobile Trojans to send SMSes to premium-rate numbers.”

The company concludes by saying the events of 2010 are likely to bring about a major shake-up in the types of criminals orchestrating cyber attacks as well as their aims and the methods they use.

“As a result, in 2011 we will be faced with the widespread use of a new class of spyware programs, the aim of which can be defined quite simply as: steal everything. They will gather any information that they can about users, right down to the colour of their hair and eyes, and will examine every document stored on infected computers.”