In a major turning point in cybercrime, scammers have begun to shift their focus from Windows-based PCs to smaller operating systems and platforms, such as smartphones and tablets, according to Cisco’s annual security report.
The report, released 20 January, also finds that 2010 was the first year in which Internet spam volume decreased, that cybercriminals are investing heavily in “money muling,” and that users continue to fall prey to numerous forms of trust exploitation.
In response to the last decade of cyber-exploits targeting PC operating systems, PC platform and application vendors have shored up security in their products and taken a more aggressive approach to patching vulnerabilities.
As a result, scammers are finding it harder to exploit platforms that were once their bread and butter — in particular, the Windows platform — and are looking elsewhere to make money. Just as important in this trend is the widespread adoption of mobile devices and applications. Third-party mobile applications in particular are emerging as a serious threat.
“Everyone knows the joke about the two hikers and the hungry bear in which the swifter hiker explains his footrace is not against the bear but the other hiker,” says Cisco research fellow Patrick Peterson.
“The cybercriminal bears have been feasting on the ‘slowest hiker’ Windows platform for the last decade. But with increased security in the Windows operating system and applications, the bears are looking elsewhere to satisfy their hunger.”
The Cisco security report also includes winners of the 2010 Cisco Cybercrime Showcase and discusses the impacts of social media, cloud computing, spam and global cybercrime activities on network security.
Spam volume kicks into reverse
Despite spam volume decreasing for the first time ever, 2010 saw an uptick in spam in developed economies where broadband connections are spreading, including France, Germany and the United Kingdom.
In the United Kingdom, for example, spam volume rose almost 99% from 2009 to 2010.
The good news is that Brazil, China and Turkey -— all of which figured high on last year’s list of spammed nations -— showed significantly lower volumes in 2010. In particular, Turkey’s spam volume dropped 87 percent.
This reduction is due in part to the high-profile takedowns of botnets like Waledac and Pushdo/Cutwail, and to ISPs restricting malicious e-mail from broadband networks.
Money mules are multiplying
As the cybercriminal economy expands and criminals gain access to more financial credentials, there is a growing need for money mules -— people recruited to set up bank accounts to help scammers “cash out” or launder money.
Money muling operations are becoming more elaborate and international in scope; Cisco security experts anticipate they will be a major focus of cybercriminal investment in 2011.
Taking advantage of trust
Most cybercrime exploits hinge not only on technology but on the all-too-human tendency to misplace trust.
The Cisco report lists seven “deadly weaknesses” that cybercriminals exploit through social engineering scams -— whether in the form of e-mails, social networking chats or phone calls.
The seven weaknesses are sex appeal, greed, vanity, trust, sloth, compassion and urgency.
Tracking the ARMS race
Cisco’s Global Adversary Resource Market Share (ARMS) Race Index was designed to track the overall level of compromised resources worldwide and, over time, to provide a better picture of the online criminal community’s rate of success at compromising enterprise and individual users.
According to data collected for the 10-point index, the level of resources under adversarial control worldwide at the end of 2010 was down almost a half a point from the December 2009 level of 7.2 reported in the Cisco 2009 security report.
Showcasing good and evil
The second annual Cisco Cybercrime Showcase presents two awards for 2010 -— one acknowledging the outstanding contributions of a security professional in the fight against cybercrime (the “Good,” Thorsten Holz, Ruhr-University Bochum, Germany/LastLine), the other the most threatening malware (the “Evil,” Stuxnet).
Tracking the path of cybercrime
The Cisco Cybercrime Return on Investment (CROI) Matrix, which debuted in the 2009 report, analyzes types of cybercrime that Cisco’s security experts predict profit-oriented scammers will channel their resources toward in 2011.
Based on performance in 2010, the matrix predicts the data-theft Trojans such as Zeus, easy-to-deploy Web exploits, and money mules will continue to rise in prevalence in 2011.
The “wait and see” moneymakers include mobile malware, with Zeus already being adapted for the mobile platform in the form of SymbOS/Zitmo.Altr (“Zitmo” stands for “Zeus in the Mobile”).
Social networking scams, on the other hand, will not be a significant area for cybercriminals in 2011, despite ranking in last year’s report in the Potentials category. That does not mean social networking scams are declining; they are simply a small part of a bigger plan -— launching Web exploits like the Zeus Trojan.
Image by mie_journal