Expects search engine optimisation exploits, malvertising and web 2.0 technologies to rise in 2010
Most notable online threats in 2009 were rogue/fake security software, major search engines, social networks and Web 2.0 threats, according to a study by CA.
According to the report, the software that poses as legitimate internet security software is actually malware and their are 1,186 new variants of rogue security software during first half of 2009, indicating 40% increase compared to 2008. Google is a frequent target of online threats. Attackers employ search engine optimisations to manipulate search engine rankings and poison users search results that direct them to web sites that cause malware infections.
CA said that the online communities, blogs and social media sites such as YouTube, MySpace, Facebook and Twitter, are targeted. Financially motivated organised groups are among the aggressive attackers, creating bogus profiles to perform various tasks, including distributing malware, spamming and stealing users’ online identities to perpetrate further cybercrime.
Attacks targeting online credentials allowed attackers to distribute cybercriminal activities such as email address harvesting for Spam bots, sweeping FTP accounts for web infection and attributing to social network worm propagation, like Win32/Koobface, the company said.
For 2010, the company predicts that the search engine optimisation (SEO) exploits and malicious advertising (malvertising) to increase as a means to distribute malware; computer worm like Conficker is likely; threats to web 2.0 technologies such as social networks will continue to grow; denial of service attacks will increase in popularity; banking trojans manifest as banking-related threats orchestrated to steal users identities for financial gain; and malware actors will focus on the 64-bit and Apple platform.
Don DeBolt, director of threat research for internet security business unit at CA, said: Cybercriminals have made a business out of conducting attacks on the most popular online destinations because they promise the highest payoff. Search engines, like Google and Yahoo, or social networking sites, like Twitter or Facebook, have the mass appeal to attract these criminals.
“In addition to Internet security software, the best weapon against today’s threats is education, so that consumers know what to look for when they are conducting activities online.”