Top Cybercrime Threats For 2010: SonicWALL

SonicWALL has released its mid-year summary of the top cybercrime trends for 2010. The company tracked computer threats worldwide using its Global Response Intelligence Defense (GRID) network. The GRID contains millions of SonicWALL anti-spam and e-mail security servers located worldwide, to proactively protect networks from intrusions and malware attacks. Based on GRID data, SonicWALL identified the current and future top security threats, including intrusions, malware, antivirus and e-mail security breaches that consumers and institutions face.

“For nearly 20 years, we have tracked cybercrime and reliably protected our customers against the latest threats,” said Boris Yanovsky, Vice President, Software Engineering, SonicWALL. “Each day, SonicWALL helps corporations stop over 3 million malware attempts, 400 million intrusions, and 400 million SPAM e-mails. We watched cybercrime shift from simple scams, such as phishing exploits, spoofing of organisations, worms and viruses, to more sophisticated attacks shutting down network servers and cloud-based systems affecting both companies and individuals. Our research is part of an ongoing mission to dynamically adapt our products and services to enhance security for our customers.”
Mid-year review of 2010 security threats

Early in 2010, SonicWALL predicted that reputation management via social networking, the growth of borderless business as well as the use of virtualisation and cloud-based computing would cause a surge in targeted security threats in 2010. Today’s GRID data findings support the accuracy of these predictions.

Highlighted security threats include:

• Intrusions, phishing and malware threats increased in 2010. Web-based SQL Injection, attacks through domain name system (DNS) protocol and attacks through hypertext transfer protocol (HTTP) were the top intrusion threats. False antivirus software and viruses (e.g. “Bredolab” and “Conficker”) continue to top the malware threat list.

• Trust-based relationships that access social networking tools continue to infect corporate networks. In its 2010 predictions, SonicWALL noted that companies should implement stricter policies controlling reputation management and the usage of and access to social media. This year, hackers have steadily exploited social networking sites, such as Twitter, Facebook, Orkut, Google groups and others to initiate malware downloads and botnets that have led to identity, account and password theft.

• Exploiting Cloud computing to crack the corporate data vault. SonicWALL predicted that virtualised and cloud-based solutions and ‘borderless’ business would open the door to new types of attack. At the time, it warned companies about implementing Web-based services and applications that store financial, employee, corporate and medical data to protect against potential intrusions that exploit weaknesses in Web page programming. SonicWALL’s GRID data indicates that these types of attacks have dramatically increased. Web-based attacks which accounted for 4% of all attacks in 2009 now account for 45% in 2010.

• Disguising as trusted institutions for spam and malware exploits grows in 2010. Online transactions are widely accepted, but the ease of online transactions gives consumers a false sense of security. More and more consumers receive emails asking them to visit bogus websites to complete their transactions. This scheme applies to a wide variety of web properties, from free online classified ads to well-known financial institutions.

With the widespread adoption of the Mac platform and its Mac-based devices such as the iPhone and iPad, the continued development in the mobile market and the convergence of video and voice, SonicWALL suggests that companies should anticipate a new set of threats over the next 12 months.

“New malware attacks are likely to affect smartphones, VoIP and Mac, social media, Adobe’s Acrobat Reader .pdf. We also anticipate hacks will exploit bots developed by SpyEye. This new, Web-based crimeware toolkit simplifies stealing financial and sensitive personal information. With the sophistication of today’s attacks, companies need to anticipate that heuristics, algorithms and behavioral analysis will be needed to supplement the security signatures that corporations receive with proactive analysis,” said Boris Yanovsky.