Malware authors will also exploit the cloud in 09
Security vendor McAfee’s 2009 Threat Prediction Report has indicated that cyber criminals will begin to favour attacks tied to the economic situation.
The report also highlighted the potential threat from personalised malware as well as malware attacks involving USB sticks and other flash-memory devices. McAfee also warns of the potential threat from cyber criminals using the cloud as their primary malware delivery vehicle.
Greg Day, security analyst at McAfee told CBR that he expects to see more phishing attacks using the economy the lure in victims. “There will be lots of attacking tied to the credit crunch. Unemployed people or those worried about their job may be tempted by an offer to upload their CV to a job site; if that site is fake then they’ve opened themselves up to data theft. People may also be tempted by offers of low-interest loans.”
With more and more businesses transitioning to Web 2.0, producers of malware have wasted no time in following them. McAfee says that the cloud is now the main delivery vehicle for many malware authors and the trend will continue throughout 2009. IT is expected to eventually replace more traditional vectors of malware distribution, the report states.
The migration to the cloud has meant the company has had to change the way it fights malware, Day suggested.
“It’s much more difficult to get samples of malware because each one can be different. With server-side distribution and other new techniques, malware pushers can have a different IP address and other identifiers every five minutes. That makes it much more difficult to keep track of.”
Personalised malware is also identified by McAfee as a rising threat during 2009. Single-use binary files, similar to an attacker’s equivalent of a single-use credit card number sometimes used by consumers when shopping online, make it much for difficult for security vendors to identify and stop the threat.
Day says that personalised malware presents a new type of threat to individuals. He said: “Malware used to be a badly written text email, which people would normally ignore. However, if malware is more personal people will have more confidence that it is genuine.”
He also hailed the shutdown of spam host McColo Corp. Day believes that this year will see more collaboration between law enforcement bodies, ISPs and global Internet entities such as ICANN to fight spam. Day warned, however, that it is not a battle that will be easily won.
“There is a need to be more proactive about it. For every one spam group that is shut down, there are five more out there.”