Background Facts:
- BitDefender conducted an investigation between July and December 2008 of the threats' landscape, focusing on:
- software vulnerabilities and exploits; and
- different types of malware.
Relevance to Business Activity:
-
security - technical safeguards considerations:
- vulnerabilities, exploits and security breaches:
- the most significant security incidents on a worldwide scale continued to be exploits against:
- the dominant operating system - Windows XP:
- Microsoft's policy to release patches on a monthly basis, at a fixed date has been challenged on multiple occasions;
- Apple introduced regular patching for their operating system; and
- Linux continues to be patched on an as-needed basis.
- the most wide-spread web browser - Internet Explorer.
- the most important trend was the use of exploits in software other than web browsers and operating systems:
- popular software as well as less obvious targets were exploited:
- the trend of exploiting lower-profile software in targeted attacks is expected to continue its growth.
- to provide security, use a combination of:
- patching; and
- using software capability to pro-actively detect and neutralize threats.
- server attacks:
- scripting and injection exploits against web frameworks have continued;
- compromised servers were frequently used in subsequent:
- drive-by downloads;
- redirection; or
- phishing attacks.
- attacks, offensives and malicious strategies:
- 2008's malware distribution via infected websites increased by 4.6%;
- the landscape of contemporary attacks has been transformed by:
- incessant proliferation of high speed internet connections; and
- the emphasis of on-line behavior in day to day life.
- most attacks were initiated and conducted through:
- e-mail spam; and
- web-based malware, mostly Trojans.
- social engineering revolved around behavioral vectors, such as:
- entertainment, e.g.:
- American Independence Day spam:
- was harmless;
- had an innocent appearance;
- mimicked the type of messages people usually exchange or forward on these occasions;
- included a link to a web page:
- that automatically tries to run and install a script containing a Trojan;
- displays a fake video player that:
- when clicked on downloads and installs another virus.
- the e-mail address was the only suspicious element:
- probably automatically generated; and
- hinted at the malicious nature of the message.
- infected computers were:
- registered as peers in the malware network;
- searched for e-mail addresses:
- then e-mails containing the spam are sent from the host's e-mail address.
- advertising nude movies of Olympic athletes and other celebrities:
- the malicious website attempted to install a combination of malicious payloads;
- while allegedly preparing the download of a movie, a Trojan:
- sneaked into the system;
- corrupted the current wallpaper;
- displayed a window that informed the user of a viral detection;
- advised a user to purchase and install anti-virus software, that:
- opens the door to more malware.
- curiosity, e.g.:
- malware announcing an alleged assault by US troops in Iran:
- spammers rely on a catchy heading and a link to the malware to:
- fuel users' curiosity; and
- trick users into compromising their machines.
- clicking on the fake YouTube window or the top banner downloaded the malware;
- the spam targeted the increasingly worried US citizens looking for fresh news on Iran.
- FedEx e-mail spam:
- informed customers that FedEx was unable to deliver a specific package;
- asked users to download and print the attached alleged invoice in order to retrieve the package;
- attached an extremely dangerous malware engineered to steal sensitive e-banking data.
- airplane e-tickets:
- air traffic operator identities were stolen;
- a spam campaign purported to deliver e-Tickets and invoices;
- the "ticket" attachment was malware.
- spam exploiting the economic recession:
- recipients were lured by services claiming to:
- eliminate or leverage debts, mortgages, and other fiscal or loan obligations; or
- help stop home foreclosures.
- the messages directed users through web links to websites, mostly involved in phishing schemes.
- empathy.
- the top malware are Trojans:
- 80% of malware are Trojans:
- their stealth mechanisms offer the ability to compromise a large number of systems; and
- they are a cost efficient distribution platform for other more harmful malware varieties.
- 75% of the Trojans already include:
- complex updating mechanisms;
- stealth data download and upload features; and
- spyware and rootkit capabilities.
- malware dissemination methods:
- infected websites:
- the main distribution channel:
- increasing to 28.4% in the second half of 2008 from 6.2% in the first half of 2008.
- malware creators are focused on web-distributed e-threats; and
- the increase in infected websites demonstrates a lack of awareness among web surfers.
- exploits and vulnerabilities:
- 24.6% compared to 30.9% in the first half of 2008.
- downloaders:
- down to 10.4% from 21% in the first half of 2008.
- social engineering:
- gained 2% over the year as a consequence of web 2.0 related e-crime reinforcement.
- bundle and third-party applications:
- 7.5% down from 11.1% in the first half of 2008.
- file sharing:
- autorun infectors:
- packers:
- worms and file infectors:
- e-mail spam:
- e-mail spam:
- spam media and techniques:
- type of e-mail messages:
- text-based spam reached 80%;
- image spam was almost missing at 1.5%;
- attachment spam; and
- phishing-related spam.
- techniques:
- obfuscating methods to make sure that e-mail can pass antispam filters;
- automated scripts are used for word scrambling, rephrasing or synonymic substitution;
- spam delivery confirmation mechanisms are increasing:
- exploiting the read receipt or notification feature:
- a read receipt confirms that a user has received and read the message; and
- when related to bulk mail:
- a read receipt proves the user's e-mail address is valid and active.
- a reference to a remotely stored image:
- typically this content is blocked, however:
- the user allowing the image to load would confirm they are reading the message.
- the unsubscribe or opt-out scam:
- the links do not unsubscribe the recipient from the mailing list, but:
- confirm that the address is fully functional to receive more spam.
- concentrating on mechanisms that confirm reception of messages thus:
- validates the recipient's address; and
- attempts to increase the spam efficiency.
- spam content:
- pharmaceutical spam - 49%;
- Trojan's spread (tool for) - 10%:
- potentially hazardous bulk messages disseminating Trojans increased four times in volume since the start of 2008.
- phishing - 9.5%;
- replica - 7%;
- loans - 6.5%;
- hire and employment - 5%:
- attackers are basing spam on worldwide events, such as the global economic crisis.
- pirated software - 3.6%;
- dating - 3%:
- new techniques were employed such as getting in contact through social networks.
- pornography - 2.9%;
- gambling - 1.0%;
- other - 2.5%:
- e.g. diplomas spam, stock and lottery scams and Nigerian letters.
- the top ten most employed words in e-mail spam are:
- e-mail;
- please;
- message;
- new;
- click;
- offer;
- license;
- debts;
- live; and
- marketing.
- phishing, ID abuse and scams:
- spoofed institutions and targeted clients showed variation and growth;
- mostly US or EU financial organizations were the primarily forged elements:
- almost 70% of phishing attempts speculated the global financial context;
- the world's top 10 list of most counterfeit bank identities:
- Bank of America;
- Chase Bank;
- Citibank;
- HSBC;
- Halifax Bank;
- Royal Bank of Scotland;
- Regions Bank;
- Abbey;
- Wells Fargo; and
- NatWest Bank.
- negative arguments in the illegitimate messages to hook users:
- account blocking or expiration;
- increasing the fee for an amount withdrawal; and
- account details update for security reasons.
- positive motivations to hook users:
- the reception of a specific amount if the user fills in the details of the online or attached form.
- abusive uses of corporate identities continued for:
- eBay;
- PayPal;
- Amazon.com;
- AOL;
- AT&T; and
- Orange.
- spam templates were introduced mimicking alleged newsletters and alerts from news corporations, such as:
- instant messaging spam has expanded:
- using mostly phishing schemes or malware distribution from infected web pages, e.g.:
- a phishing attack targeted Facebook users:
- luring them to an extremely well reproduced Facebook hub; and
- using a script to harvest e-mail addresses and other contact details.
- Olympic scams:
- two cases involved fake ticketing sites that:
- were shut down after the International Olympic Committee's official complaints;
- bore a striking resemblance to the official website's name and appearance;
- gained hundreds of thousands of dollars and huge amounts of sensitive data, including:
- bank account, credit card and passport details.
- global risk breakdown:
- the most malware-ridden countries:
- France - 20.22%;
- China - 16.25%:
- the 6.3 times increase in infections in the last six months correlates to the Olympic Games.
- USA - 7.36%;
- Germany - 5.80%;
- Spain - 4.14%;
- South Africa - 2.3%;
- Belgium - 2.1%;
- Vietnam - 2%;
- Italy - 2%; and
- Canada - 1.7%.
- predicting 2009's e-threats:
- one-fifth of the population connected to the internet has to cope with:
- approximately 2,000 new and mutated viruses per day;
- approximately 50,000 phishing attempts per month; and
- more than 1,000,000 hijacked computers that spread viruses and malware during each year.
- securing e-mail communication should become a priority:
- almost 45% of e-threats are distributed exclusively via, or rely on to some extent, e-mail:
- relying on both:
- social engineering; and
- the exploitation of technical flaws in the mail servers and clients.
- considerations for security:
- protect assets, ideas and sensitive data;
- safeguard corporate network's integrity;
- assess and reinforce standards, regulations and Governance, Risk Management and Compliance; and
- defend investments and reduce total cost overhead.
- the sensitive economic context will offer a prolific realm for phishing:
- many financial institutions will be involved in vast merges and restructuring processes.
- malware production will likely hold an ascending trend:
- exploiting the same web based capabilities of Trojans, spyware and rootkits;
- the end of 2008 showed a:
- 460% increase in web-based infections; and
- 400% increase in e-mail spam distributing Trojans.
- many of the existing e-threats families will be upgraded and mutate, in terms of:
- stealth; and
- automation spreading mechanisms.
- exploiting application vulnerabilities will be focused on:
- pay attention to the growth in Web 2.0 sites and their rapid development:
- social networks will remain the most targeted Web 2.0 applications, since:
- most of them derive from the same building pattern or algorithm.
- smartphones and other intelligent high-end devices with permanent internet access will be targeted:
- by mobile malware; and
- OS and browser vulnerabilities will be exploited.
- guidelines to secure the system and keep e-threats at bay:
- install and activate:
- a reliable antimalware, firewall solution and spam filter;
- update the antimalware, firewall and spam filter:
- as frequent as possible;
- with the latest virus definitions and suspicious applications/files signatures.
- an Internet browser pop-up blocker;
- scan the system frequently;
- check on a regular basis with the operating system provider:
- download and install security updates, malware and malicious removal tools, and other patches or fixes.
- do not:
- install any program or application that might require resource sharing, or:
- first obtain permission from the system and/or network administrator.
- open or copy any file onto the computer:
- even if it comes from a trusted source; and
- run a complete antimalware scan first.
- open e-mails and e-mail attachments from unknown senders;
- open e-mails with odd entries in subject line;
- respond to e-mail requests from social, financial or commercial organizations by submitting any personal information:
- these organizations usually do not send general e-mails (addressed to a Dear customer), but:
- customized printed notification forms (including your full name, as well as other unique identification details):
- through a regular postal service.
- if you have any doubt about an e-mail you received, contact the organization immediately.
- click any links:
- indicated in the spam e-mails, including the “unsubscribe” ones:
- other malware might be triggered that compromises the system’s security.
- provided by unwanted pop-up windows;
- unsubscribe, opt-out or reply to any spam message:
- this might confirm the e-mail address is active and available for receiving even more unwanted messages.
- always delete the spam messages:
- accidentally opening them, displaying attached images or clicking links within their corpus may:
- simply indicate the e-mail account is active and available to receive more spam; or
- trigger and install other malware.
- when browsing the Internet:
- do not submit e-mail addresses and personal information when requested by suspicious web pages.
- when purchasing goods and services online refrain from signing up for:
- any additional service or promotion; or
- other online subscriptions, advertised on the seller’s website:
- unless they are necessary.
- avoid placing e-mail addresses on websites, guest books, newsgroups, contact lists, shopping or gift lists;
- when publishing an e-mail address:
- intentionally alter the e-mail address, such as:
- myaddress[at]domainname[dot]com, instead of using the @ and . signs.
- use at least two e-mail addresses:
- one e-mail account for correspondence with known people; and
- a second e-mail account for the website forms requiring an e-mail address to allow content access.
- avoid typing sensitive personal information from a computer:
- outside a secured network; or
- not protected by a reliable security solution.
Source Document:
http://www.bitdefender.com/site/view/BitDefender-E-Threats-Landscape-Report.html