Web Attack Toolkits
The rise of automation techniques such as Web attack toolkits continued at a dramatic pace throughout 2010. These kits lower the bar in terms of programming skill for would-be attackers--enabling even coding novices to quickly exploit new vulnerabilities, and develop sophisticated malware attacks.
Andrew Brandt, lead threat research analyst at Webroot, states, "It was a big year for customizable, highly configurable, and very slick-looking exploit kits. Exploit kits are sold to malware distributors, and can instantly turn a Web server into a drive-by download site."
The Mariposa botnet--thwarted with the help of security researchers from Panda Security--is a prime example of how effective and pervasive an attack can be using an attack toolkit. The leaders of the Mariposa botnet apparently had little, if any, actual programming knowledge.
Ori Eisen, CIO of 41st Parameter, proclaims, "We are getting close to the point where all the planets align; where fraud makes the evolutionary leap from organic growth with limited success, to exponential growth with a much higher success rate because the barrier for entry is minimal, and these attacks are highly scalable."
Social Engineering Attacks
Some things never change, and one of them is that the person sitting at the keyboard is invariably the weakest link in the security chain. Another thing that will never change is that attackers will continue to recognize and exploit this fact to the best of their ability.
Rogue antivirus software has been joined by other rogue software--hard drive defrag utilities and general system performance tools--to lure naïve users into installing malicious software on their own PCs.
Symantec's Egan clarifies, "2010 saw a continuation of the trend over the last few years for malware to use one of the oldest tricks in the book: to ‘con' its way onto a user's system. In other words, it convinces the victim to invite the attacker right in through the front door. Whether by pretending to be a legitimate application - such as rogue antivirus or a fake video codec - or by pretending to be something from an acquaintance of the victim - such as a socially engineered email - socially engineered attacks continued to be one of the easiest ways onto a user's system in 2010."
Webroot's Brandt commented, "It's no surprise that rogue AV is a big moneymaker for malware distributors, so it also should come as no surprise that said distributors have been investing in not only generating new names for their rogues, but also in making them much harder for a casual observer to identify, let alone get rid of."
These are just a handful of the big security stories from 2010. Social networking sites such as Facebook and Twitter present a target-rich environment filled with unsuspecting victims whose guard is already down since the purpose of such sites is to share information socially. As we enter 2011, these social networking threats will continue, as will new attacks aimed at mobile gadgets like smartphones and tablets.
Security vendors will most certainly develop new tools and defenses to protect against these threats. But, no amount of security software can replace a healthy dose of cautious skepticism and an ounce of common sense.