Year in review for online security attacks – 2009 is going to be known as a year of change in tactics of exploitation, rather than creating more new tools in hacker’s community. They are utilizing social media as a tool to exploit and using built-in trust in social media to their advantage. That’s why stealing social media accounts are considered as a treasure trove in hacker’s community to spread malwares (rogue anti-virus) which helps them to steal personal and private information. This perhaps was another reason why social media community was busy in 2009 changing their security and privacy policy on a frequent basis. Do you think, as social media grow, so does the threat to personal and private information?.
At the same time 2009 comes to an end with a bang with an appointment of Howard Schmidt by Obama’s administration as a cybersecurity coordinator. A great choice indeed but why it took them a whole year to make this important decision. This indecision will cost them, no matter how you look at it. Now hopefully the current administration is going to keep the politics aside and take his recommendations seriously to make up for the lost time.
Alejandro MartĂnez-Cabrera, SF Chronicle
Security experts describe the typical hacker of 2009 as more sophisticated, prolific and craftier than ever. If anything, criminals will be remembered by the sheer number of attacks they unleashed upon the Web.
While the year didn’t see many technological leaps in the techniques hackers employ, they continued to expand their reach to every corner of the Internet by leveraging social media, infiltrating trusted Web sites, and crafting more convincing and tailored scams.
Although there were a handful of firsts – like the first iPhone worm – most attacks in 2009 were near-identical to tactics used in prior years, changing only in the victims they targeted and their level of sophistication.
One of the most preoccupying trends was personalized attacks designed to steal small and medium business owners’ online banking credentials. The scheme was particularly damaging because banks take less responsibility for the monetary losses of businesses than of individual consumers in identity theft cases.
In October, the FBI estimated small and medium businesses have lost at least $40 million to cyber-crime since 2004.
Attacks continued to plague larger organizations. The Wall Street Journal reported on Tuesday that the FBI was investigating the online theft of tens of millions of dollars from Citigroup, which has denied the incident.
Alan Paller, director of research at the SANS Institute, said criminals shifted the focus of their tactics from developing attack techniques to improving the social engineering of their scams.
“It’s not the tools but the skills. That’s a new idea,” he said.
One example is rogue antivirus schemes, which often trick computer users with a fake infection. Criminals then obtain their victims’ credit card information as they pay for a false product, all the while installing the very malicious software they were seeking to repel.
Even though these scams have been around for several years, they have become more a popular tactic among criminals because they pressure potential victims into making on-the-spot decisions.
“People have been told to look out for viruses and want to do the right thing. There’s security awareness now, but the criminals are taking advantage of their limited knowledge,” said Mike Dausin, a researcher with network security firm TippingPoint’s DVLabs.
Chester Wisniewski, senior adviser for software security firm Sophos, said social networks also continued to be an important target for attackers. Despite Facebook and Twitter’s efforts to beef up their security, it has become a common tactic for scammers to hijack Facebook accounts and post malicious links on the walls of the victim’s friends or distribute harmful content through tweets.
“We haven’t had this before – a place where all kinds of people go and dump their information, which makes it very valuable for criminals,” Wisniewski said. “It’s kind of a gold mine for identity thieves to get on people’s Facebook account.”
Using PDFs
Another common ploy was malicious software that piggybacked on common third-party applications like Adobe PDFs and Flash animations.
Although Adobe scrambled this year to improve its software update procedures and roll out patches more frequently, criminals have increasingly exploited the coding flaws in Adobe products in particular because of their ubiquity and the abundance of vulnerable old code, said Roel Schouwenberg, senior virus analyst at Kaspersky Lab.
By using ad networks or taking advantage of exploitable Web programming errors to insert malicious content, criminals cemented their presence in legitimate Web sites and made 2009, according to anti-malware firm Dasient, the year of the “drive-by download,” in which users only have to visit a compromised Web site to become infected.
An October report from the San Jose company estimated that 640,000 legitimate Web sites became infected in the third quarter of 2009, compared with 120,000 infected sites during the same period of 2008.
Damaging reputations
The trend was not only a security threat for consumers, but also stood to damage the reputation and traffic of the victimized Web sites. In September, a fake antivirus pop-up made its way into the New York Times’ Web site by infiltrating the company’s ad network.
Researchers also noted a high volume of attacks disguised as content related to popular news items – anything from Michael Jackson to the swine flu – to coax Web users into downloading malicious content. This closing year also saw a handful of notorious politically motivated online attacks, and the issue of national cybersecurity continued to gain prominence.
On Dec. 18, Twitter’s home page was defaced by hackers calling themselves the “Iranian Cyber Army,” although authorities said there was no evidence they were in fact connected to Iran. An August attack on a Georgian blogger also indirectly affected the popular microblogging site and brought it down for several hours.
In July, several U.S. and South Korean government Web sites went offline after being hit by a denial-of-service attack that South Korea has attributed to a North Korean ministry. U.S. defense officials revealed in April that hackers have stolen thousands of files on one of the military’s most advanced fighter aircrafts.
“Now it’s in the agenda of every government to pay attention to the cyberworld,” Schouwenberg said.
Security coordinator
On Tuesday, the White House announced the appointment of Howard A. Schmidt as the Obama administration’s new cybersecurity coordinator. Schmidt occupied a similar post under the Bush administration.
Even though crime continued to evolve into a more organized and compartmentalized operation this year, experts believe a new White House administration conscientious of threats and partnerships between law enforcement agencies and security firms offer encouraging signs for next year.
An example is the Conficker Work Group, an international industry coalition that joined to mitigate the spread of the Conficker worm. The group also collaborates with law enforcement agencies by providing them with forensic information.
“It’s the first time I’ve seen such partnership between countries. Typically it’s the Wild West and nobody is in charge of anything. Now it’s clear there’s a lot more international collaboration,” Dausin said.
Tags: antivirus, cybersecurity coordinator, Denial-of-service attack, facebook, hacker, howard schmidt, Identity Theft, iPhone, Law enforcement agency, Malware, Michael Jackson, South Korea, Twitter