Headline Feeds
As malware writers and Internet attackers become more sophisticated, 2009 looks to be a year of more focused attacks by profit-driven criminals bent on stealing data from businesses, employees and consumers.
Networking firm Cisco (Nasdaq: CSCO) released its annual Threat Report Monday, citing a nearly 12 percent increase in the number of disclosed vulnerabilities over 2007 and a tripling of vulnerabilities in virtualization technology since last year.
Targeted attacks and blended, cross-vector assaults, along with a 90 percent growth in threats originating from legitimate domains, top this year's list of the most worrisome new trends plaguing computer users, according to the report.
Attackers are changing tactics, leaving infected attachments behind
for more specialized methods. Malware volume propagated via e-mail 
attachments declined by 50 percent from the previous two years
(2005-2006), noted Cisco researchers.
"The cybercriminals this year changed the entire threat landscape," Patrick Peterson, Cisco fellow and chief security researcher, told TechNewsWorld.
Open Door Browsers
While some of the current Internet threats are older viruses and Trojans from previous years, Internet criminals have staked out new attack vectors this year based on the use of Web-based services reached through standard browsers.
"The old adage that threats follow usage is still true. Everybody is using the Web browser for everything," said Peterson.
As a result, criminals have refocused their efforts to capitalize on browser vulnerabilities and infected Web sites.
Web Mafia
Technology and cooperation are greatly assisting cybercriminals. They do not necessarily have to be very technically advanced and spend time reverse engineering the Web to find vulnerabilities.
"The criminals form their own little ecosystems where they can buy criminal infecting kits," said Peterson.
The goal of these attacks is to inject malware into a vulnerable Web site, he said.
Spam Still King
Spam accounts for nearly 90 percent of all e-mail worldwide, according to Cisco. Despite spam filters and e-mail appliances to help control the flood of spam messages, they remain an ever-present threat on the Web.
The United States is the biggest source of spam messages at 17.2 percent. Turkey generates 9.2 percent, Russia generates 8 percent, Canada generates 4.7 percent and Brazil generates 4.1 percent. Other sources include India (3.5 percent), Poland (3.4 percent), South Korea (3.3 percent), Germany and the United Kingdom (2.9 percent each).
Web Threats
Cisco researchers found a growing threat level associated heightened use of a tactic known as "spearphishing" -- phishing attacks that precisely target a certain individual or small group. Attacks using botnets, social engineering and reputation hijacking became noticeably more prevalent.
For instance, targeted spearfishing represents about 1 percent of all phishing attacks; however, it is expected to become more prevalent as criminals personalize spam and make messages appear more credible.
Botnet success is pronounced. Botnets have become a nexus of criminal
activity on the Internet. For instance, this year numerous legitimate
Web sites were infected with IFrames, malicious code injected by
botnets that redirect visitors to malware-downloading sites.
On the Rise
Another threat on the rise this year is social engineering. Attackers entice victims to open a file or click links which allow malware to download. These messages appeal to the receiver's career or actual social memberships.
Cisco expects that in 2009, social engineering techniques will increase in number, vectors and sophistication. Even more threatening is reputation hijacking.
More online criminals are using real e-mail accounts with large, legitimate Web mail providers to send spam. This attack method increases the deliverability of spam because it makes spam harder to detect and block. Cisco estimates that in 2008 spam resulting from e-mail reputation hijacking of the top three Web mail providers accounted for less than 1 percent of all spam worldwide but constituted 7.6 percent of the providers' mail traffic.
Developing Trends
For 2009, Cisco's researchers expect more instances of three key attack trends. These developing threats are posed by insider threats, data loss and mobile devices.
Insider threats come from negligent or disgruntled employees. The global economic downturn may prompt more security incidents involving employees, making it crucial for IT, HR and other lines of business to collaborate on mitigating threats, according to the report.
Data loss through careless workers or breaches by hackers -- as well as from insiders -- is a growing problem that can lead to grave financial consequences, noted Cisco. Technology, education and clear, well-enforced data security policies can make compliance easier and reduce incidents.
The trend toward remote working and the related use of Web-based tools, mobile devices, virtualization, cloud computing and similar technologies to enhance productivity will continue in 2009. These will create new challenges for security personnel. The edge of the network is expanding rapidly, and the increasing number of devices and applications in use can make the expanding network more susceptible to new threats, according to the report.
Fighting Back
While security experts are still largely playing catch-up, the growing Web threat this year has produced some meaningful results, Peterson said. For instance, the software industry now is placing more focus on creating secure applications.
In addition, steps have been taken to make Web sites more secure through penetration testing, Peterson said. He is seeing some signs of hope for better Web security.
For example, two prominent Web attacks this year were the Kaminsky Attack and the Clickjacker Attack. The quick distribution of patches fended off a significant amount of the damage these attacks could have caused, he said.
However, Peterson is not very optimistic about security measures
getting ahead of attackers. Human nature rules, and security decisions
by corporations are sometimes only made after a problem develops.
Talkback: 
