Cisco Annual Security Report: “shift in focus” for the cyber criminals
In what is a major cyber crime turning point, scammers have begun shifting their focus away from Windows-based PCs to other operating systems and platforms – including smart phones, tablet computers and mobile platforms.
According to the Cisco 2010 Annual Security Report, issued this morning, 2010 also marked the first year in the history of the Internet that spam volumes decreased.
Apparently, the cyber criminals are also investing heavily in “money muling” and users continue to fall prey to myriad forms of trust exploitation.
In response to the last decade of cyber exploits targeting PC operating systems, PC platform and application vendors have shored up security in their products and taken a more aggressive approach to patching vulnerabilities.
As a result, scammers are finding it harder to exploit platforms that were once their ‘bread and butter’ – in particular, the Windows platform – and are looking elsewhere to make money.
Just as important in driving this trend is the widespread adoption of mobile devices and applications. Third party mobile applications in particular are emerging as a serious threat vector.
The Cisco Annual Security Report also includes winners of the 2010 Cisco Cybercrime Showcase and discusses the impacts of social media, cloud computing, spam and global cybercrime activities on network security.
Key highlights of the 2010 analysis
2010 marks the first year of declining spam volumes in the history of the Internet. Despite this good news, 2010 saw an ‘uptick’ in spam in developed economies where Broadband connections are spreading, including France, Germany and the United Kingdom.
In the UK, for example, spam volumes rose almost 99% from 2009 to 2010.
The good news is that Brazil, China and Turkey – all of which figured highly on last year’s list of spammed nations – exhibited significantly lower volumes in 2010. In particular, Turkey’s spam volume dropped 87%.
This reduction is due in part to the high profile takedowns of Botnets like Waledac and Pushdo/Cutwail, attributed largely to researcher Thorsten Holz and ISPs restricting malicious e-mail from Broadband networks.
In addition, the authorities are taking the spam problem more seriously and are now actively looking to take down egregious offenders.
As the cyber criminal economy expands and criminals gain access to even more financial credentials, there’s a growing need for money mules: people recruited to set up bank accounts (or even use their own bank accounts) to help scammers ‘cash out’ or launder money.
Money muling operations are becoming more elaborate and international in scope, and Cisco’s security experts anticipate they will be a major focus of cyber criminal investment in 2011.
Most cyber crime exploits hinge not only on technology but also on the all-too-human tendency to misplace trust. The Cisco Annual Security Report lists seven ‘deadly weaknesses’ that cyber criminals exploit through social engineering scams, whether in the form of e-mails, social networking chats or phone calls.
Those seven weaknesses are sex appeal, greed, vanity, trust, sloth, compassion and urgency.
The Cisco Global ARMS Race Index
Cisco’s Global Adversary Resource Market Share (ARMS) Race Index was designed to track the overall level of compromised resources worldwide and, over time, to provide a better picture of the online criminal community’s rate of success at compromising enterprise and individual users.
According to data collected for the ten-point index, the level of resources under adversarial control worldwide at the end of 2010 was down almost half a point from the December 2009 level of 7.2 reported in the Cisco 2009 Annual Security Report.
Meantime, the second annual Cisco Cybercrime Showcase presents two awards for 2010: one acknowledging the outstanding contributions of a security professional in the fight against cybercrime (the ‘Good’, Thorsten Holz of the Ruhr-University Bochum, Germany/LastLine), the other the most threatening malware (the ‘Evil’, ie Stuxnet).
The Cisco CROI Matrix, which made its debut in the Cisco 2009 Annual Security Report, analyses types of cybercrime that Cisco’s security experts predict profit-oriented scammers will channel their resources toward in 2011.
Based on performance in 2010, the matrix predicts that the data-theft Trojans such as Zeus, easy-to-deploy Web exploits and money mules will continue to rise in prevalence in 2011.
The ‘wait and see’ moneymakers include mobile malware, with Zeus already being adapted for the mobile platform in the form of SymbOS/Zitmo.Altr (‘Zitmo’ stands for ‘Zeus in the Mobile’).
Social networking scams: a small part of a bigger picture
Social networking scams, on the other hand, will not be a significant area for cyber criminals to invest resources in during 2011, despite ranking in last year’s report in the Potentials category.
That doesn’t mean that social networking scams are declining. They’re simply a small part of a bigger plan, launching web exploits like the Zeus Trojan.
Speaking about the 2010 Security Report, Cisco’s Patrick Peterson told SMT Online: “Everyone knows the joke about the two hikers and the hungry bear in which the swifter hiker explains his foot race is not against the bear but the other hiker. Well the cyber criminal bears have been feasting on the ‘slowest hiker’ Windows platform for the last decade, but with increased security in the Windows operating system and applications, the bears are now looking elsewhere to satisfy their hunger.”
Peterson continued: “Mobile and emerging operating systems are hikers that the bears have largely ignored until now, but they’re beginning to look much more appealing. These bears are also finding opportunities in the explosion in mobile device usage, where we’re also seeing a growing number of exploits aimed specifically at mobile users.”
Download copies of the 2010 (and 2009) Cisco Annual Security Reports by accessing the web links provided on the right hand panel of this page
We’ve also provided a link to some footage of Patrick Peterson discussing the findings of the 2010 study, and a link to the Cisco Security blog (which is an excellent source of information)
Cisco Annual Security Report: “shift in focus” for the cyber criminals
In what is a major cyber crime turning point, scammers have begun shifting their focus away from Windows-based PCs to […]
IFSEC Insider
IFSEC Insider | Security and Fire News and Resources