A new breed of cyber crooks are stealing personal information, above and beyond the usual financial data and credit card numbers. This year will see a new generation of malware that targets every piece of data that can be stolen. It will be the year of 'steal everything'.
So said Kurt Baumgartner, senior security researcher, Americas, Global Research and Analysis team at Kaspersky Lab. “Last year displayed a strange mix of consistency among general trends and completely unexpected milestone events.”
2010, he said, was a year of mediocre general trends and hugely significant events when it came to Internet security. 2011 will bring with it massive delayed disruption by new actors focused on connected individuals.
“Attacks increased dramatically during 2010,” he said. “From 30 075 005 detections in 2008, to 134 814 015 in 2009, to an astounding 1 906 039 380 in 2010, a growth of 1 400%.”
He said Web attacks also increased dramatically, by 800%. “From 73 619 767 in 2009 to 580 371 937 last year.
“Against the background hum of leftover Kido infections, targeted attacks on corporations and industrial enterprises reached an unexpected place in the limelight, with Aurora and Stuxnet. These two milestone events brought together ongoing problems with vulnerable software and the newly public topics, confusion, and speculation around cyber-espionage and cyber-warfare.”
New era
He said the Stuxnet threat in itself heralded an era of cyber-war and cyber-terrorism. “Moreover, the vulnerabilities targeted by these threats drew new attention to the consequences of flaws in software and enhanced exploit development.”
Also last year, Microsoft released a steady and climbing volume of security fixes, the highest yearly volume in the company's history, with 300 vulnerabilities publicly disclosed and patched. “Oracle, Adobe and Apple too pushed larger monthly patch numbers than ever.”
On the positive side, Baumgartner said RogueAV decreased during 2010, possibly as a result of increased international collaboration efforts and takedown events. Malware continued to propagate via P2P and social networks, and malware complexity surged with multiple families exploring new territory.
He said last year also saw digital certificates, the fundamental building blocks of trust on the Internet, being bought, cloned and stolen, then implemented in malware, breeding mistrust across the Internet. “Towards the middle of the year, botnet-launched heavy DDOS attacks knocked an entire country off of the Internet, and mistaken network routing tables redirected Internet traffic flow across continents.
“With the first malware for Android discovered, mobile malware development gained momentum, with new exploits and shellcode. Access control policies were tested to the limits as organisations lost more leaked data more publicly than ever before. Even the supposedly impenetrable walls of the iTunes Store were hacked by a Vietnamese developer. All in all, 2010 was a busy year.”
He said 2011 will present a new class of cyber criminals, with a new aim - to steal everything. Their methods will include an even “greedier” class of malware, spyware 2.0.
“Spyware 2.0 will be delivered via exploits that take advantage of the effectiveness of the enhanced exploit development and social engineering techniques of the past year, including sandbox attacks and enhanced 64-bit environment attacks. Just as online behaviour and personal information have become more valuable, all varieties of identity and behavioural data will be stolen, bought and sold and used for far more than just immediately withdrawing funds from bank accounts.”
Baumgartner said there will also be a focus on cloud security. “The increased volume of data, especially from businesses residing in the cloud, will attract more attackers' attention. Much as sql injection has been automated and heavily used to attack server data, new techniques for externally evaluating cloud services and breaking their security models will be developed and automated. Not only cloud data, but corporate and industrial processes and enterprises are under heavier scrutiny.”
Share
