McAfee predicts rapid malware evolution
You're doomed, says cheery security vendor.
By Matt Hines, InfoWorld (US) | InfoWorld | Published: 10:46, 11 April 2007
The latest research report from McAfee has painted a frightening picture for enterprise IT administrators, predicting a rapid maturation of cybercrime and the technological means being used to carry out attacks.
According to McAfee's ‘semi-annual’ Sage journal, a roundup of the company's ongoing security research, everything from spam to spyware will become more dangerous over the course of 2007 as hackers look for new ways to exploit end users' machines in their quest for fast cash.
As was the case in 2006, the drive for profits among hackers and malware code writers will dominate development of the threat landscape over the next 12 months, McAfee experts said.
Gangs of thieves around the globe are connecting online in greater volumes than ever before, helping their attacks to arrive on enterprise doorsteps faster and in greater volumes - and with increasing sophistication.
"The overall trend remains more attacks geared toward making money that make use of malware or support people making malware," said Dave Marcus, security research manager with Avert Labs.
"What is surprising is the service and support that's going on around the malware industry; there are more sites selling custom Trojans with support contracts and attacks coded to target banks of the buyer's choice and more malware suppliers offering patches and variants to their users."
Marcus said it is impossible to tell if there are a number of tightly-organised hacker groups worldwide as only a few intentionally identify their own work by leaving clues or outright signatures bearing their names. What is more likely, said the researcher, is that loosely-knit groups of malware writers and fraudsters are forming on underground messaging systems and then disbanding after carrying out waves of attacks.
Among the specific trends outlined in the report are expectations for the continued growth of botnets with the co-operation among hackers adding to the problem via group efforts to develop and refine threat code in the same manner that open-source contributors work in a community. The vast majority of botnets will continue to target flaws in Microsoft products and propagate themselves through buffer overflows, according to the report.
McAfee expects that 2007 will also be the year when attackers truly begin aiming their work at smart phones, the more PC-like handheld devices finding their way into the hands of an increasing number of enterprise users.
Among the mobile device threats that the security company expects to arrive first are phishing attacks, spyware, and other programs aimed at stealing data for the purpose of committing identity fraud. Mobile spam also has the potential to "explode" as authors of Trojan attacks begin to target smart phones, McAfee said.
VoIP systems will also see an increasing volume of threats, the report said, with SPIT (spam over Internet Telephony) helping to create new opportunities for hackers to market the end-user data they gather to telemarketers. Another emerging attack format will be threats delivered via spoofed VoIP accounts, much as malware writers and spammers have distributed their work over email and the Web, according to the report.
The increased adoption of RFID technologies will also pose new security risks, the researcher said, with many current RFID devices vulnerable to eavesdropping, recording, cloning, and forgery. McAfee said that RFID readers could also contain vulnerabilities that might allow chips loaded with exploits to steal information from the back-end systems to which the readers are linked.
The Sage report continues on to outline continued growth of spam and spyware, two of the most publicised issues in the IT world today, and raises questions over the efficacy of security features added to Microsoft's newest Windows Vista operating system.
In a nod to another high-profile problem plaguing enterprise businesses, the research also delves into the issue of data leakage. Incidents like retailer TJX Companies' systems intrusion that allowed hackers to make off with over 45 million consumer records, many of which contained sensitive credit card data, will occur more frequently, Marcus said.
As the incidents pile up and lawmakers respond with new legislation aimed at punishing companies that cannot protect sensitive data, businesses will be actively seeking technologies that help address the problem, according to McAfee.
One of the issues caused by this trend will be IT executives who move to add new technologies without considering all the alternatives and before creating the policies necessary to be successful at defending their information, according to the researcher.
"This influx of new technologies might be overwhelming with lots of point products being marketed as the solution to this problem, but people need to step back and take a long look at how they manage data from a macro point of view if they want to improve protection," said Marcus.