Brace for Spyware 2.0


Leading European computer security software vendor Kaspersky Lab says Spyware 2.0 will be the new cybercrime concept for 2011.

In its annual overview of the IT threat landscape titled “Outcomes for 2010 and Predictions for 2011”, it says the main trends seen in 2009 continued into 2010, although their levels of sophistication reached completely new heights in a number of cases. Attacks carried out via browsers and botnets remained the biggest threat to computer security. “If anything, 2010 should be dubbed the Year of the Vulnerability – the tool predominantly used to help malware penetrate victims’ computers.”

Meanwhile, hackers increasingly turned their attentions from vulnerabilities in Microsoft products to those existing in the software products of Adobe and Apple. “As forecast, 2010 saw an increase in the number of attacks performed via P2P (peer-to-peer) networks. This infection channel is now widely used, second only to browser attacks. Virtually all types of threats spread via P2P networks – file viruses, Rogue AV software, backdoors, SMS fraud programs and many different types of worms. According to data received from the Kaspersky Security Network, at least 3.2 million P2P-based attacks were carried out each month in the latter stages of 2010.”

Kaspersky adds that cybercriminals continue to actively use so-called partnership programmes: Semi-legal or “grey” schemes became increasingly popular alongside openly illegal activities, such as infecting legitimate websites and users’ computers using drive-by downloads. Such semi-legal schemes include encouraging unwary users to voluntarily download dangerous files, black hat search engine optimisation (using unethical techniques to push malicious websites to the leading positions in search engine result pages), the use of eye-catching links and banners, redirecting traffic to adult content sites and other similar techniques.

Kaspersky Lab’s experts add a number of malware incidents in 2010 can easily be classified as “global” outbreaks due to the speed at which they spread; their scale and the attention they attracted. These included the botnets Mariposa, Zeus, Bredolab, TDSS, Koobface, Sinowal and Black Energy 2.0, all of which affected millions of computers worldwide. The Stuxnet worm was the climax of this new wave of complex new malicious software. Interestingly, it appears to be the case that the most widespread malicious programmes tend to be the most elaborate in terms of the technologies used.
“The Stuxnet case is of particular interest not only because of its extraordinary complexity, but also because it targets programmable logic controllers (PLCs) used in industrial manufacturing,” says Kaspersky chief security expert Alexander Gostev. “This is the first serious, high-profile instance of malicious activity with the potential for significant industrial sabotage. This case has demonstrated that the long-standing boundary between the virtual and real worlds is beginning to erode. This presents some very new problems that we will all have to tackle in the near future.”

The prediction that the number of Rogue AV programmes would decrease was a bold one, but it was also borne out, Kaspersky says in a statement to popularise its predictions. Having reached a peak in their activity at around 200 thousand incidents per month in February-March 2010, they fell off to a quarter of that amount by late 2010. The remaining Rogue AV programmes are becoming increasingly region-specific.
“The prediction that cybercriminals would pay more attention to the iPhone and Android platforms turned out to be partially correct.” Several concept programmes were created for the iPhone in 2010 that demonstrated the potential risk associated with this device, as well as a number of technologies that could be employed by attackers in the future. Malicious programmes for Android have been detected that are explicitly criminal in nature, making use of the widespread technique of mobile Trojans to send SMSs to premium-rate numbers.

Gostev’s review goes on to outline a number of trends and incidents that have considerably influenced the IT security industry. These include targeted attacks on corporate and industrial facilities, most important of which were the Aurora attack and the emergence of the Stuxnet worm.
“The events of 2010 are likely to bring about a major shakeup in the types of criminals orchestrating cyber attacks as well as their aims and the methods they use,” he adds. “As a result, in 2011 we will be faced with the widespread use of a new class of spyware programs, the aim of which can be defined quite simply as: steal everything. They will gather any information that they can about users, right down to the colour of their hair and eyes, and will examine every document stored on infected computers.”

Industrial and state espionage will become more pervasive, with less emphasis on precision attacks. Cybercriminals will start targeting a much broader range of organisations, no longer concentrating solely on online banks and electronic payment systems. The principal aim of many new virus writers and their clients will be the acquisition of someone or something’s complete profile, rather than making a quick buck by stealing credit card details or distributing spam.

Potential changes to the structure of the malware authoring community are also likely to have a profound impact on the IT threat landscape during 2011. The emergence in 2010 of the technologically sophisticated Stuxnet worm that attacked industrial-class programmable logic controllers, was an impressive demonstration to the whole world of just what the cybercriminals’ arsenals contain, as well as a wake-up call to the IT security industry because of how difficult it was to counteract. It cannot be ruled out that governments and commercial organisations will make use of Stuxnet-like programs for their own ends.
“It is possible that we will only see the beginnings of these kinds of attacks in 2011, with their full force only being felt in years to come,” warns Gostev. “However, it is already clear that the arrival of this new generation of cybercriminals means that those tasked with counteracting such cyber threats will need to raise their game considerably.”

The primary method of carrying out malware and hacker attacks will make use of vulnerabilities in legitimate software and will be carried out via browsers. There will be an increase in the number of threats targeting 64-bit platforms, as well as more attacks on mobile devices, mobile operating systems and users of social networks. However, DDoS attacks will remain one of the biggest problems plaguing the Internet.