If cybercriminals are now using sound business principles, seeking the best return on investment, where should the malicious entrepreneur sink their money to get the most bang for their buck?
To get security news and tips delivered to your inbox,
The 2009 Cisco Systems Annual Security Report takes a stab at predicting next year's most profitable, least profitable, most promising and most dependable cybercrime investment areas. The Cisco Cybercrime Return on Investment Matrix identifies the innovative and lucrative banking Trojan Zeus, as well as more of the type of successful Web exploits that have dominated cybercrime as "rising stars."
"The idea was to look at things from the criminal perspective," said Scott Olechowski, a security business development manager at San Jose, Calif.-based Cisco Systems Inc., "to analyze our portfolio of services and figure out which ones we are going to continue to invest in; which ones they might look at reducing investment in or divest entirely."
On the down side, the "dogs" in the Matrix are distributed-denial-of-service attacks (DDoS), which have generally been more of a pure malice, and, increasingly, more of a political weapon than a profit generator, instant messaging, a data leak concern but not much of a revenue generator, 419 scams (King of Nigeria will have to look elsewhere for help), and traditional phishing scams, which are far less effective than Zeus and the new generation of banking Trojans
Microsoft, security firms warn of password meltdown: An increase in online shopping this season would be a boon to cybercriminals, who are conducting phishing and drive-by attacks in an attempt to profit from the holiday spirit.
Looking for a solid, low-risk investment with a good rate of return? "Cash cows" include pharmaceutical spam, click fraud, scareware and advanced fee fraud. Social networking attacks, including the Koobface worm is considered a "promising" place to invest.
Zeus and other banking Trojans, such as Clampi and URLZone, are particularly alarming. Zeus had infected an estimated 3.6 million computers by October, and Clampi, which is newer, some hundreds of thousands.
The banking Trojans infect computers in the usual ways, such as email phishing or drive-by downloads. Zeus waits until a user logs into an account -- typically online banking -- and collects login data. It is particularly nasty in its ability to thwart multifactor authentication by asking the user to generate several one-time passwords, usually from a token. These Trojans have been responsible for stealing millions, including large withdrawals from small business or local government accounts.
Zeus banking Trojan toolkits are available for about $700, and include a kit that creates variants to help it evade antivirus programs.
Cisco also noted the surge of "rogue" fake antivirus scams early this year. These start with simple pop-up software that tricks the victim into believing his computer is infected and urging him to clean it up by purchasing the antivirus vaporware for, say $60. The scammers get the credit card information as a bonus.
The report pays special attention to social networking as an attack vector on the climb. While it's still early, criminals are gravitating towards Facebook, with more than 300 million users, and other popular Web 2.0 sites, such as Twitter. Criminals are launching spam, phishing attacks and other scams, often using hijacked accounts to spread the mischief among the victim's friends and followers.
And, the rising trend of social networks and sophisticated Trojans isn't dampening the bad guys' enthusiasm for email spam. The precipitous drop following the McColo shutdown in December 2008 has been offset by a rise to record volume of more than 250 billion messages a day. Cisco predicts a steady rise to more than 300 billion through 2010.
Interestingly, spam volume in the U.S., Russia and China was down, while spam in developing countries was up. Brazil, in fact, moved ahead of the U.S. as the world leader.
"It's clear that Internet service providers in developed nations are making great strides in combating spam, Russell Smoak, Cisco's director of technical support said in the report. "That knowledge needs to be shared with their counterparts in emerging economies."