Friday, February 25, 2011

Cyber Criminals Evading Security

From FinallyFast

Last year saw a large-scale shift toward embedding malware into otherwise trusted websites, according to researchers at Blue Coat Systems, a security software provider. Social networking sites, which skyrocketed in popularity in 2010, were also a notable new target.

Senior vice president and chief marketing officer Steve Daheb said the changing landscape of the web offers all the opportunity needed for online criminals to hook unsuspecting victims.

"Today, dynamic web links are the most powerful tool cyber crime has, and static web ratings that require update cycles are too slow when the bad guys can harvest users within minutes," he said.

Another major change in the online threat landscape seen in 2010 was the ascent of malvertising as the single biggest internet-based security issue, surpassing search engine poisoning for the top spot for the first time, the company said in its report.

As ever, though, the main content draws for malicious attacks were trending topics and big news. Major disasters and the deaths of famous people - including Leslie Nielsen, Dennis Hopper and Polish President Lech Kaczynski in 2010 - were rapidly targeted by online criminals in order to spread their malicious programs as far as possible.

The Stuxnet worm was another of the major computer security issues that arose in 2010, according to Blue Coat. The malicious software, though highly advanced and difficult to eradicate, behaved quite differently than the usual cyber crime virus. Instead of using each of the four highly valuable zero-day vulnerabilities in a separate attack - which would have proved much more remunerative to a typical botnet recruiter or the like - it used all four at the same time to conduct sabotage against infected systems, never looking to steal financial information.

But, as stated above, it was malvertising that stole the headlines, as cyber criminals displayed growing sophistication and a great deal of patience to get their payloads through many layers of security, taking advantage of several weak points in large legitimate advertising delivery systems.

Threats to social networking users on Facebook and Twitter - though generally of lower technical sophistication than those that targeted the web at large - nevertheless displayed a great deal of social engineering acumen in enticing users to click on malicious links, Blue Coat reported.

Experts say keeping security suites up-to-date at all times and staying abreast on the current developments in the world of malware will go a long way toward ensuring one's online safety. Additionally, simply using common sense when deciding whether or not to click on a potentially questionable link is always a good idea.