10 December 2019

RSS Feed

2010, the Year of Vulnerability: Kaspersky Labs

E-mail Print PDF

When we talk about computing at every level of our day to day life and business activity, information security should be kept at a priority. When it comes to digital era, safeguarding the business sensitive data becomes an important concern. A smart IT department is usually responsible for this preparedness.

Being insightful will help those IT managers who are responsible for such task to safeguard their organisation. Certain studies state, that the year 2010 has been almost identical to the previous one in terms of malware evolution.  In totality, trends have not changed that much and nor have the targets for attack; though certain malicious activities have progressed dramatically.

Whilst monthly malware detection rates have remained reasonably stable since 2009, with browser attacks and botnets continuing to be the main threats to cyber security, there has been a downturn in activity by certain types of malware.

Exploiting vulnerabilities has become the prime method for penetrating users’ computers.

The P2P malware epidemic started in March, when the number of incidents detected by the Kaspersky Security Network exceeded the 2.5 million per month mark for the first time. A conservative estimate of the number of attacks occurring monthly by the end of the year puts the figure at somewhere close to 3.2 million.

Recent study revealed by Kaspersky Labs have indicated that the year 2010 has seen a whole host of ‘grey’ money-making schemes in operation alongside openly criminal activities, such as infecting legal websites or infecting users computers by means of drive-by downloads. Grey schemes include coercing users into voluntarily downloading files by various means, using hijacked resources for Black SEO, distributing attention-grabbing links, spreading adware and redirecting traffic to adult content sites.

However, the study also authenticates that, it is true to say that P2P networks
are now a major channel by which malware penetrates users’ computers. In terms of security incident rate, Kaspersky’s study estimates this infection vector to be second only to browser attacks.
Practically all types of threats including file viruses, Rogue AVs, backdoors and various worms spread via P2P-networks.  Additionally, such networks have fast become an environment conducive to the propagation of new threats, such as ArchSMS.

Moreover, no epidemics have occurred in 2010 that are comparable to the Kido (Conficker) worm epidemic of 2009 in terms of propagation speed, the number of affected users and the scope of attention it attracted. However, if these factors are considered separately, outbreaks of certain infections may be classified as global epidemics.

Taking a global perspective, the Mariposa, Zeus, Bredolab, TDSS, Koobface, Sinowal and Black Energy 2.0 botnets have attracted a lot of attention from both journalists and analysts in 2010.  Each attack involved millions of infected computers located all over the world. These threats are among the most advanced and sophisticated malware ever created.

However, malware writers’ creativity peaked with Stuxnet however. This was a truly revolutionary worm which grabbed the cybersecurity headlines in the second half of 2010. The publications included speculation about Stuxnet’s potential targets and about how it operated; in fact, Stuxnet drew more media attention than any other threat in history.

Another apparent trend is visible in which the most widespread malicious programs tend to be the most sophisticated. This raises the bar for the manufacturers of cybersecurity products who are waging technological warfare on the cybercriminals. These days, it is not enough to be able to identify ninety-nine percent of the millions of malware samples out there, but then fail to detect or treat the one threat which is extremely sophisticated and therefore widespread.

This prediction was fairly controversial – opinions on this issue are divided, even among Kaspersky Lab experts.  It depended on a number of additional factors: the owners and participants of partnership programs shifting to other methods of making money, counteraction from antivirus companies and law-enforcement agencies, and the presence of serious competition between different cybercriminal groups creating and distributing Rogue AVs.

In 2009, the first iPhone malware and a piece of spyware for Android were detected. Kaspersky Labs unleashed it’s expectation that the cybercriminals to focus much more of their attention on these two platforms.

No real malware events occurred that targeted iPhone and which could be compared to the Ike worm incident of 2009. However, several concept programs were created for this platform in 2010 that demonstrated techniques that could be used by the cybercriminals. A truly remarkable example of one such technique was ‘SpyPhone’, the brainchild of a Swiss researcher. This program allows unauthorized access to information about the user’s iPhone device, his or her location, interests, friends, preferred activities, passwords and web search history. This data can then be sent to a remote server without the user’s knowledge or consent. This functionality can be hidden within an innocuous-looking application.

While in the past, experts have said that users who have jail broken their iPhones to install third-party applications are increasing the risk to themselves, it is now the case that even those installing native applications downloaded from Apple Store are also exposing themselves to a degree of threat.

Everything mentioned above is also relevant to the Android platform. Malware of an overtly cybercriminal nature has been detected for the Android platform that uses the popular mobile Trojan technique of sending SMSs to premium-rate numbers.

TrojanSMS.AndroidOS.FakePlayer was detected by Kaspersky Lab in September 2010, and became the first real example of Android malware – it was apparently created by Russian virus writers. This piece of malware was distributed via malicious websites rather than through Android Market; however, Kaspersky Lab experts believe there is also a strong probability that malware may soon be found in products available through Android Market. We are concerned about the fact that many legitimate applications can ask for, and typically be granted, access to a user’s personal data and authorization to send SMSs and make calls. In our view, this places the reliability of the entire Android security concept in doubt.

While highlighting such vulnerabilities it is important to know that MSMEs are the most vulnerable lot. Right for of awareness and can really help them is safeguarding themselves. In the next article we will share threat predictions for 2011. Please watch that out as well.


Add comment

Security code


Get the Flash Player to see this player.

Follow SEI

Facebook Twitter Linkedin Youtube RSS Feed
Small Enterprise India Newsletters


Take Our Online PollVoice your opinion
What do you expect from the StartUp India Action Plan?