Cybercriminals 'eyeing jobless IT experts'
Dubai, February 4, 2009
The cybercrime environment in 2009 will be shaped by the global economic downturn as organised cybercriminals will take advantage of a growing, highly-skilled and available workforce of motivated IT programmers out of work, said a study.
To date, willing volunteers have already been recruited by cybercriminals to help crack CAPTCHAs (Completely Automated Turing Test To Tell Computers and Humans Apart), according to a study conducted by TrendLabs, the global threat research and support organisation of Trend Micro.
As the financial crisis begins to gain momentum in a more tangible way, Trend Micro predicts a shift in delivery factors with mobile devices presenting the lowest hanging fruit to be exploited by cybercriminals due to popularity of smartphones and similar devices.
In addition, the continued disruption in the commercial world will see more organisations experiencing difficulties, going out of business or being the subject of acquisitions and mergers, said the leader in Internet content security.
Social engineering techniques thrive on these uncertainties and were already used to attack businesses and consumers at the start of the banking crisis in 2008, it pointed out.
Commenting on its forecasts on the threat landscape in 2009, Trend Micro said, "This year may see malware specifically designed to target mobile devices and the emergence of ‘3G botnets’."
"2008 was a year of survival, exploration and innovation for cybercriminals with a number of notable threats. A staggering 34.4 million personal computers were infected with botnet-related malware from January to November 2008."
The Storm demonstrated its longevity and lived up to its reputation as one of the largest and most notorious botnets to date alongside emerging botnets (Mega-Dik) and older botnets making a comeback (Kraken), the study added.
The combined efforts of these bots contributed to a continued rise in spam with what is believed to be around 115 billion spammed messages sent every day, up from an average of 75 billion in 2005.
Black Hat Search Engine Optimisation and Fake Anti-Virus Poisoning search results was one notable technique used by malware writers in 2008, the study added.
The year also saw a rise in rogue security applications disguised as legitimate anti-virus tools, often offering false scans or warning users that their systems are ‘infected’. The promotion of rogue security software served as yet another vehicle to record victims’ credit card details.
Malware hosted in remote URLs increased by 256 per cent in 2008 year on year with attacks on legitimate web sites intensifying.
Compromised web sites present a difficult challenge for web users as cybercriminals target popular websites by exploiting coding weaknesses.
Social engineering techniques and non-traditional phishing methods exploiting events such as the Olympics, elections, financial crisis and disasters became increasingly sophisticated.
In addition, with its dynamic Web 2.0 functionalities and millions of active users, social networking sites were seen to be targeted by cybercriminals looking to obtain personal information for identity theft purposes.
For the year ahead, Trend Micro predicts a rise in malware specifically targeted at Web 2.0 features, technologies and culture, as well as an increase in overall malware complexity.
Implicit trust in “friends” on social networking sites has seen the evolution of socially engineered scams towards the tail end of 2008, the study added.
Trend Micro expects this to continue through 2009 with incidences of compromised accounts being used to message associated friends in a direct and credible way to infect, compromise or socially engineer money and/or information out of the victim.
The sheer complexity and variety of attacks will be tailored towards generating maximum monetary gain through