Internet criminals are always devising new tactics but this year they reached incredible new levels in sophistication...
and specialization, according to security researchers at San Jose-based Cisco Systems Inc.
"We've seen a streak of capitalism to maximize their profits and an ability for them to work together in ways that are truly mind boggling," said Patrick Peterson, Cisco fellow and chief security researcher.In the Cisco Annual Security Report released Monday, researchers reported seeing a 90% growth in threats originating from legitimate domains this year, nearly double of what they saw in 2007. Other key findings from the report: Spam accounted for nearly 200 billion messages every day -- about 90% of email sent worldwide, and the overall number of disclosed vulnerabilities grew by 11.5%. Specifically, vulnerabilities in virtualization products shot up to 103, up from 35 last year.
Peterson cited CAPTCHA breaking for "reputation hijacking" as an example of criminals' increased savvy. CAPTCHA, or Completely Automated Turning Test to Tell Computers and Humans Apart, is used by free webmail services as a security measure when new accounts are created, but criminals are using automated and manual processes to circumvent the technology, Peterson said.
Businesses have popped up in India and China that employ people to manually type in the distorted text used in CAPTCHA tests, which are designed to ensure the response is not computer-generated, he said. Criminals then use the email accounts, which appear legitimate, for more effective spam delivery, targeted phishing attacks and to distribute links to malicious websites.
According to Cisco estimates, spam due to email reputation hijacking of the top three webmail providers -- Yahoo, Google and Microsoft -- accounted for less than 1 % of all spam worldwide but made up 7.6 % of all the providers' mail.
The report also shows that criminals exploited vulnerabilities in Web browsers, media players and browser plug-ins -- what Cisco calls the Web ecosystem -- to gain control of computers, networks and data.
Developers are rushing to provide functionality for rich media content on the Web, but the report shows that's not always done securely, Peterson said.
Web security should be a priority for enterprises next year, and they should also fine-tune their procedures for patching and updating software, he said. "Part of that criminal specialization is finding these vulnerabilities and weaknesses in our software and getting them published…much more quickly than we've seen one or two years ago," he said.
One type of attack actually declined this year, according to Cisco: Malware propagated via email attachments. The number of email attachment-based attacks decreased 50% over the past two years compared to 2005-2006.