Complexity of Threats Reach a Whole New Level in 2010

[News]Kaspersky : 7 February 2011

Kaspersky Lab, a leading developer of secure content management solutions, presents its annual overview of the IT threat landscape for 2010. Author of the review, Alexander Gostev, Senior Virus Analyst at Kaspersky Lab, reveals that the main trends seen in 2009 continued into 2010, although their levels of sophistication reached completely new heights in a number of cases. Attacks carried out via browsers and botnets remained the biggest threat to computer security. If anything, 2010 should be dubbed the year of the exploit – the tool predominantly used to help malware penetrate victims’ computers. Meanwhile, hackers increasingly turned their attentions from vulnerabilities in Microsoft products to those existing in the software products of Adobe and Apple.

Most of the malware evolution developments predicted in 2009 by Kaspersky Lab came true during the current year. As forecast, 2010 saw an increase in the number of attacks performed via P2P networks. This infection channel is now widely used, second only to browser attacks. Virtually all types of threats spread via P2P networks – file viruses, rogue AV software, backdoors, SMS fraud programs and many different types of worms. According to data received from the Kaspersky Security Network, at least 3.2 million P2P-based attacks were carried out each month in the latter stages of 2010.

Cybercriminals continued to actively use so-called partnership programs. Semi-legal or ‘grey’ schemes became increasingly popular alongside openly illegal activities, such as infecting legitimate websites and users’ computers using drive-by downloads. Such semi-legal schemes include encouraging unwary users to voluntarily download dangerous files, black hat search engine optimization (using unethical techniques to push malicious websites to the leading positions in search engine result pages), the use of eye-catching links and banners, redirecting traffic to adult content sites and other similar techniques.

Kaspersky Lab’s experts were also proven right concerning their predictions of malware epidemics in 2010. A number of malware incidents in 2010 can easily be classified as ‘global’ outbreaks due to the speed at which they spread; their scale and the attention they attracted. These included the botnets Mariposa, Zeus, Bredolab, TDSS, Koobface, Sinowal and Black Energy 2.0, all of which affected millions of computers worldwide. All of these threats are complex malicious programs employing elaborate techniques such as spreading infection via social and P2P networks, the infection of 64-bit platforms, exploitation of zero-day vulnerabilities, etc. The Stuxnet worm was the climax of this new wave of complex new malicious software. Interestingly, it appears to be the case that the most widespread malicious programs tend to be the most elaborate in terms of the technologies used.

“The Stuxnet case is of particular interest not only because of its extraordinary complexity, but also because it targets programmable logic controllers (PLCs) used in industrial manufacturing,” says Alexander Gostev. “This is the first serious, high-profile instance of malicious activity with the potential for significant industrial sabotage. This case has demonstrated that the long-standing boundary between the virtual and real worlds is beginning to erode. This presents some very new problems that we will all have to tackle in the near future.”

The prediction that the number of rogue AV programs would decrease was a bold one, but it was also borne out. Having reached a peak in their activity at around 200,000 incidents per month in February-March 2010, they fell off to a quarter of that amount by late 2010. The remaining rogue AV programs are becoming increasingly region-specific.

The prediction that cybercriminals would pay more attention to the iPhone and Android platforms turned out to be partially correct. Several concept programs were created for the iPhone in 2010 that demonstrated the potential risk associated with this device, as well as a number of technologies that could be employed by attackers in the future. Malicious programs for Android have been detected that are explicitly criminal in nature, making use of the widespread technique of mobile Trojans to send SMSs to premium-rate numbers.

Alexander Gostev’s review goes on to outline a number of trends and incidents that have considerably influenced the IT security industry. These include targeted attacks on corporate and industrial facilities, most important of which were the Aurora attack and the emergence of the Stuxnet worm. Another trend to emerge was that of discrediting the practice of supporting software legitimacy with digital certificates. The events of 2010 have shown that these certificates can end up in the hands of cybercriminals and be used to compromise security.

The complete version of Kaspersky Lab’s annual threat review for 2010 will be published at: www.securelist.com