Cyber Criminals Increase In Sophistication In 2009

Written by: Bradley Anstis is director of technology strategy at Marshal8e6.

2008 was certainly an interesting and exciting year for the IT security community. Researchers made great strides in the field of botnets. For example, we saw cross-industry coordination to take down one of the most notorious hosting providers for botnet command and control centers, McColo, and as a result, observed a 50% decrease in spam overnight. Yet, even when we make one solid step forward, we are once again humbled by the statistics — the threat landscape became, yet again, much more complex and sophisticated in the course of the year.

Threats have taken on a more complex nature, no longer just Web-based and email-based attacks, but a new wave of blended threats. These attacks utilize multiple platforms and bridge the gap between the Web and email to distribute malicious content more effectively. Adding further fuel to this growing issue, the rise of popular social networking sites like Facebook and Twitter have given hackers even more avenues to target unsuspecting victims.

As we look forward in 2009, there are five important security trends that should be on everyone’s’ minds. Let us define them and examine how they could impact the enterprise:

1. Spam Botnets — The success of the McColo takedown gave the security community great hope for the future, as the event initially had a profound effect on spam volumes. Unfortunately, the controllers of the affected botnets were able to bring their command servers back online long enough to re-point their bots at new network locations, so spam volumes have recovered somewhat. The decline of the Srizbi Botnet proves that this method of addressing botnets can and does work, however. This year, we can expect botnet operators to operate in a more stealth manner, likely to develop ever more complex command and control networks.

2. Legitimate Websites Serving up Malware — Spammers, hackers, and malware writers are increasingly exploiting seemingly harmless, legitimate websites to serve up malware. Blogspot, free hosting services, and even Auntie Martha’s online health food website have been targets for hackers to exploit for hosting malware. There are numerous reasons why this is occurring, among them the fact that traditional URL filtering typically fails to identify the change in threat status of a compromised legitimate website fast enough. This trend is likely to revolutionize the way that Web security vendors classify websites and assume sites as inherently safe or unsafe.

3. Social Networking Sites — The massive growth in popularity of sites like Facebook and LinkedIn, as well as the share sites like YouTube will continue to be a major target in 2009. The biggest reason for this is that user suspicion levels are lower when accessing familiar sites such as these and therefore users will typically open messages purporting to be from these sites. The owners of these sites need to improve the capability they currently have in place for protecting their users from these risks. These sites are quick to develop new capabilities to stay ahead of competition and attract new users, but are slower to protect their websites from misuse. This leaves prevention responsibility to the user, and puts even more emphasis on effective Web security at the gateway level.

4. Blended Email Attacks — The line between Web-based and email-based threats is now blurring, as attackers increasingly take a blended approach. This is a growing issue requiring integrated defense across email and Web security technologies that deliver effective real time malware scanning, reputation services, and a reliable blend of signature and non-signature scanning technologies.

5. Virtualization — Many companies are now running or have run virtualization projects to consolidate their server infrastructure, and the next target for many is the security infrastructure. At present, there are few vulnerabilities known, but with the increasing reliance on virtualization, attackers will begin to target and probe for vulnerabilities.

While the security challenges on the horizon may seem daunting, the security community is actively working on ways to prevent future cyber attacks and also expose nefarious websites and spam email campaigns through constant research and product development.

Businesses should be aware of the dangers presented at various levels of the organizations’ network and be prepared with a multi-layered approach to IT security to ensure that no one component is the weak link, this includes components such as effective malware protection, firewalls, and secure Web and email gateway technology. These solutions will not only need to address single-vector attacks, but must also be equipped to protect against the most prominent of today’s attacks, blended threats. Resellers can do their part by offering customers a broad array of security solutions that address the realities of the new threat landscape and offer protection against these blended threats.

By taking steps to ensure that network security solutions are in place and that employees are aware of the risks and warning signs for malicious content on the Web, companies can help curb their risk of a potentially damaging attack. A proactive approach to security enables businesses to keep their assets secure and keep their name from appearing in the headlines for all the wrong reasons.

Bradley Anstis is the director of technology strategy at Marshal8e6, a provider of email and Web security technologies.