As you will have guessed from the title, we believe that cybercrime is very much the "shape of things to come". ESET Latin America's document forecasts the continuing shift of the most malware attacks to the Internet. The team also predicted that during 2010, crimeware 1 will be the most commonly used attack vector. The cyberattackers' inclination to make money from their activities has found a natural ally in the criminal underworld. For this reason we expect to see a clear upward trend in malicious code created with profitability in mind.
Cybercrime is on the rise, not only in terms of the number of perpetrators and the volume of crimes committed, but also of the range of techniques employed to carry them out. In this environment, malicious code offers a valuable resource for those wishing to perform attacks through the Internet and information technology.
2010: Cybercrime
Coming of AgeTable of Contents
Overview 3Introduction 3Crimeware 4Botnets 4Business Partners 5Malware Developed in Latin America 5Targeted Attacks 5Security Trends 6Social Engineering: Public Enemy Number One 6Hot Topics 6Vulnerabilities: OS Versus Application 7Windows 7 7Fair Game 8Advertising and Malvertising 8Jailbreaking: Breaking for the Border 9A Question of Quarantine 9Data: the Breach and the Observance 9Rogue Mail (and Pop-ups, and Redirects, and.) 10Internet as Infection Platform 10Anti-Social Networks 11References and Further Information 12
2 2010: Cybercrime Coming of Age white paper - January 2010OverviewThe Research teams in ESET Latin America and ESET, LLC put their heads together in December 2009 to discuss the likely shape of things to come in the next 12 months in security and cybercrime (and cyberwarfare, to use one of the more irritating buzzwords of the moment).
Randy Abrams, Director of Technical Education at ESET, LLC blogged the LLC Research Team's thoughts: see http://www.eset.com/threat-center/blog/2009/12/14/que-sera-sera-%e2%80%93-a-buffet-of-predications-for-2010.
ESET Latin America published its thoughts (in Spanish) at http://eset-la.com/centro-amenazas/2256-tendencias-eset-malware-2010.
This document combines the thoughts of both teams into a single paper, proposing a comprehensive vision of how the threatscape is likely to evolve in 2010.
A briefer summary of our combined thoughts was included in the December 2009 Global Threat Report at http://www.eset.com/threat-center/index.php. For a more cynical view, you might want to check out "Top Ten Trite Security Predictions" (http://www.eset.com/threat-center/blog/2009/12/30/top-ten-trite-security-predictions); however, this document takes a rather more sober standpoint.
David Harley, FBCS CITP CISSP Director of Malware Intelligence, ESET, LLC
IntroductionAs you will have guessed from the title, we believe that cybercrime is very much the "shape of things to come". ESET Latin America's document forecasts the continuing shift of the most malware attacks to the Internet. The team also predicted 1that during 2010, crimeware will be the most commonly used attack vector. The cyberattackers' inclination to make money from their activities has found a natural ally in the criminal underworld. For this reason we expect to see a clear upward trend in malicious code created with profitability in mind.
Cybercrime is on the rise, not only in terms of the number of perpetrators and the volume of crimes committed, but also of the range of techniques employed to carry them out. In this environment, malicious code offers a valuable resource for those wishing to perform attacks through the Internet and information technology.
3 2010: Cybercrime Coming of Age white paper - January 2010CrimewareCrimeware involves a complex ecosystem, including criminal organizations and individuals, botnets (networks of Trojan-infected computers exploited by a remote attacker), and ever-increasing attacks on individuals, companies and systems.
Whether the profit is made directly (using scams or bank Trojans), indirectly (via spyware and botnets, among other approaches), or by the theft of confidential information, any of these objectives is motivation enough to create malware and endanger the user, his money and his data.
It is believed that during 2010 the highest threat based on malicious code will be crimeware: specifically, malware specially developed with the intention of making a profit and which can cause harm to the user's financial well-being or valuable information.
The term crimeware is considered here to identify any illegal activity committed using a computer or other information technologies, or when the computer or information resource is the target of the criminal activity. Many of the offenses that have existed in some form since ancient times are performed today using computer resources, but there are also crimes that are more or less specific to the online world. Malicious code may be among the most valuable resources available to a criminal, and may be applicable in both these areas.
High propagation rates, the ability to control computer systems remotely and steal information through botnets, along with the ability to modify the configuration of target systems, are among many other actions that malware ma... [download for more]
