New Year, New Targets in Cybercrime
The enterprise, not the consumer, seems to be the primary target for cyber criminals across the globe this year. Additionally, criminals are shifting their focus from desktop computers to mobile devices. RSA and Cisco have bought released reports on what cybercrime trends to watch out for this year.
Cybercrime shifts to enterprise
2010 saw cybercrime making a shift into the enterprise and that will remain the trend in 2011, says the RSA Anti-Fraud Command Center.
The company has released its 2011 Cybercrime Trends Report and says that "cybercrime continues to show no signs of slowing down. "As the new decade opens, cybercrime is diverging down a different path as cyber attacks move beyond the financial services industry and malware makes a shift from targeting consumer desktops to employees in the enterprise," says the report.
Mobile malware tops the list of cybercrime trends compiled by the RSA for 2011, as mobile applications downloads continue to rise. The report points out that the number of downloads will more than double in 2011 to 25 billion applications.
"But it is not just consumers and their banks that must consider the risks of mobile malware. The consumerization of IT has laid the bridge for the crossover of consumer technology into the enterprise. Organizations are providing their employees with mobile devices, or employees are using their own personal devices to conduct work-related activities -- potentially opening up a backdoor for malware to make its way onto the corporate network," says the RSA.
The shift to the enterprise ranks number two in the top trends, with malware becoming an increasing problem for companies and government agencies across the globe. "What has typically been deemed an issue exclusive to consumers and financial institutions has suddenly made a crossover into the enterprise. This is being helped through a number of factors including employee mobility, the use of social networking sites, and user-driven IT."
Competition among malware developers in the black market, along with an increase in privately developed Trojans and the evolution of phishing attack methods and targets make up the list of cybercrime trends to watch out for in 2011.
Shift to mobile marks 2010
Cisco's 2010 Annual Security Report highlights the shift from Windows-based PCs to other operating systems and platforms, including mobile devices such as smartphones and tablet computers.
The report also finds that 2010 was the first year in the history of the Internet that experienced a decreased in spam volume. This isn't, however, the case for all countries. "2010 saw an uptick in spam in developed economies where broadband connections are spreading, including France, Germany and the United Kingdom."
In the UK alone, for example, spam volume increased by almost 99 percent from 2009 to 2010. Turkey's spam volume, on the other hand, dropped by 87 percent.
According to Cisco's report, "scammers are finding it harder to exploit platforms that were once their bread and butter -- in particular, the Windows platform -- and are looking elsewhere to make money". "Third-party mobile applications in particular are emerging as a serious threat vector," adds Cisco.
Money muling and trust exploitation are also ways cybercriminals are finding to make money. The report lists "seven deadly weaknesses" that criminals exploit through social engineering scams -- sex appeal, greed, vanity, trust sloth, compassion and urgency.
For Cisco NZ's security expert John-Paul Sikking, "these trends are equally valid here in New Zealand".
Sikking points out that New Zealand's remote location does not mean the country is immune to the same threats. "Exploitation of trust and the attacks we see against Social Media users is not limited to within geographic boundaries. Attacks target our humanness (sex appeal, greed, vanity, trust, sloth and compassion) are not limited to particular countries and continue to fool us into giving away information, or trusting someone we shouldn't," he added.
"NZ business needs to continue managing internet and electronic risks through appropriate people, processes and technology choices, which are continuously appraised for their effectiveness against changing attack vectors."