• United States



by Zulfikar Ramzan

Internet Security Trends 2009: An Interim Update

Sep 02, 20097 mins

Symantec's Zulfikar Ramzan checks in on last year's predictions and identifies emerging trends in malware, phishing, spam and more

The effects of cybercrime are far reaching. It would be a difficult task to find someone who has never been affected by malicious Internet activity, or who does not at the very least know someone who has been negatively impacted by cybercriminals. Advances in Internet technology and services continue to open up innumerable opportunities for learning, networking and increasing productivity. However, malware authors, spammers and phishers are also rapidly adopting new and varied attack vectors. If the Internet is to become a safer place, it is imperative to understand the trends and developments taking place in the Internet threat landscape and maintain online security best practices.

In December 2008, Symantec researchers predicted a number of security trends to watch out for in 2009. Now that we are into the second half of the year, it’s time to check in on those predictions to see not only how they have panned out, but also what other developments have occurred. What follows is an update on the predictions Symantec made late last year, as well as a few new trends that our analysts have seen develop in the first half of 2009.

A Trends Predictions Check Up

Attackers take advantage of the economic crisis

The global economic recession has been one of the most noticeably exploited bases for attack in 2009. Its impact has been far-reaching and the computer industry is far from immune to its affects. Schemes and scams targeting victims of the recession and touting solutions to its problems are prevalent. Some of the threats are new and some have been around for awhile. These scams include:

  • Home foreclosure scams
  • Scams targeting people seeking mortgages or refinancing
  • Scams exploiting the U.S. economic stimulus packages
  • Scams targeting the unemployed with offers almost too good to resist
  • Attacks seeking to exploit users of classifieds and online job placement boards
  • “Work at home” schemes

Social networking becomes an even more popular attack vector

There’s no question that online social networking continues to rise in popularity due to the numerous conveniences and opportunities it provides. There’s also no question that social networking provides phishers with a lot more bait than they used to have. Threats can come from all sorts of avenues within a social networking site. Games, links and notifications are the low-hanging fruit for phishers to use as they lead people into dangerous territory. As society picks up one end of the social networking stick, it finds that it inevitably picks up the security problems on the other end.

Also see: 5 More Facebook, Twitter Scams to Avoid

Spam levels continue to rise

We may not want it, but it still keeps coming. In July 2009, an average of 89 percent of all e-mail messages were spam. The overall amount does fluctuate, and a fight is underway to ward off or close down as many spammers as possible, but on average, the levels of spam have primarily risen rather than fallen. Big headlines almost always lead to more spam, and major headlines from 2009, such as the death of Michael Jackson, the H1N1 flu outbreak and the Italian earthquake are obvious examples of this.

Web threats grow in complexity and sophistication

Distribution and channel options are not the only things that have increased for cybercriminals, their skills and creativity have followed the same pattern. In addition to the threats being new, they are becoming increasingly sneaky and complex. New scams, such as drive-by downloads, or exploits that come from seemingly legitimate sites, can be almost impossible for the average user to detect. Before the user knows it, malicious content has been downloaded onto their computer, and they face an often expensive and time consuming recovery process. As predicted, the level of sophistication in such threats continues to rise.

New malware variants explode onto the scene at an unprecedented rate

One of the most noticeable increases we have observed in the security landscape is the sheer number of attacks and various methods for their distribution. Each month, Symantec security researchers block an average of more than 245 million attempted malicious code attacks across the globe. Most of the attempted threats have never been seen before. A combination of new distribution strategies, new media and Internet channels and increasingly advanced hacker techniques all add up to more malware. While attackers previously used to distribute a few threats to a large number of people, they are now micro distributing millions of distinct threats to smaller, unique groups of people. All of these factors combined together equal an unlimited number of unique malware attacks occurring.

New and Developing Trends

Cross-industry cooperation increases in an effort to tackle cybercrimeConficker Working Group was comprised of industry leaders and people from academia and as they worked together, the combined efforts of the group proved successful. Security researchers, Internet Corporation for Assigned Names and Numbers (ICANN) and operators in the domain name system were able to work with several industry vendors to coordinate a response that disabled domains targeted by Conficker. This example represents the type of collaboration that will likely increase in the industry in order to successfully address today’s ever-more complex security threats.

The Conficker worm, which grew to alarming proportions early this year, prompted collaboration across several groups to solve one of the most complex and widely spread threats to hit the Web in a number of years. The

Some old threats make comebacks

While much has changed on the threat landscape, some basic components remain, and, more interestingly, some older trends have made a comeback. As stated earlier, many cybercriminals have begun sending multiple distinct threats to smaller numbers of people, but there have also been notable examples of the older technique of sending a few threats to a massive number of people. The motivation for either method is frequently financial, as much of today’s malicious Internet activity is, and the goal is often to steal personal data, distribute rogue antivirus software or propagate spam. There are of course those attacks that have no real purpose except to wreak havoc, but whatever the motivation, the various methods are prompting the need for a multi-layered defense that combines traditional detection with complementary detection such as reputation-based security models.

Deceptive methods that imitate traditional business practices continue to be utilized

One tactic cybercriminals are growing fonder of is imitating traditional business practices in an attempt to ensnare unsuspecting users. In today’s world, business on the Internet is part of life. Cybercriminals recognize this and are clever enough to imitate business interactions. Even apart from business interactions, cybercriminals have figured out how to deceive people by presenting counterfeit messages. Examples of this include malicious advertisements or “malvertisements,” which redirect people to malicious sites, or “scareware,” which appear as antivirus scanners and scare people into thinking that their computer is infected when that’s not really the case. The user is then lured into buying a fake product. Such deception is a prevalent security risk and is growing in use.

Internet threats continue to increase in volume and severity. It is important that computer users are on guard in order to make themselves less vulnerable to risks and threats. Staying abreast of the trends and developments taking place in online security is critical for both industry researchers and all computer users alike. ##

Zulfikar Ramzan is Technical Director, Symantec Security Technology and Response.