Web attacks are financial boon for crooks, Cisco finds

Cybercriminals are still making large sums of money by pushing spyware and pharmaceutical spam, but internet fraudsters will leverage banking Trojans and other web exploits, particularly on social networking sites, for far greater returns in the future, according to a new report from Cisco.

Cisco's 2009 Annual Security Report, released on Tuesday, details the top cyber security trends of 2009 and examines what is expected for 2010.

Spyware, scareware and pharmaceutical spam have been the biggest moneymakers of the year for cybercriminals, the report finds. These tried-and-true methods will continue to remain prevalent because they are inexpensive for criminals to produce and yield a positive return on investment, Scott Olechowski, threat research manager at Cisco, told SCMagazineUS.com on Tuesday.

Cisco's report also identified banking Trojans, such as the notorious Zeus Trojan, along with web exploits, as the top “rising stars” in the cybercriminal arsenal.

“Banking Trojans, we know for a fact, are already producing incredible returns for criminals today,” Olechowski said.

As a result, the best black-hat engineers are focusing their efforts on banking Trojans, he said. This is evident in the sophistication of such threats, and the fact that the Trojan's code is written to evade anti-virus protections.

Banking sites, meanwhile, are being forced to respond with defences of their own, Olechowski said. Some have implemented multi-factor authentication, only accept transactions from known IP addresses and use machine fingerprinting technologies, which confirm the right machine and user are performing the intended action.

“We have seen Zeus blow by all three of those things and a whole bunch of others,” Olechowski said. “The Trojan can bypass all this stuff through some pretty clever engineering.”

In addition, sophisticated scripting tools have allowed the cybercriminals behind Zeus to readily adapt it to new banking sites, Olechowski said.

Also on the rise are web exploits.

“We are seeing a lot of pre-packaged kits that you can buy for a couple hundred to a thousand dollars that include a whole bunch of different techniques designed to compromise machines that are not patched,” Olechowski said.

The pricier kits include exploits for zero-day vulnerabilities, he added. Some cybercriminals make money by selling the kits themselves, while others use the kits to infect PCs with malware and to establish a botnet, which they can rent out to other cybercriminals.

“The answer to this threat is fairly straightforward. Users need to be vigilant about installing the latest versions of application software, such as Adobe Reader, since new versions will contain the latest security patches,” the report states. “In addition, updated anti-virus and firewall programs will provide protection against malware attached to these applications.”

Threats on social networking sites, such as the Koobface worm, provide another huge potential for cybercriminals in the coming year, according to the report.

“We are starting to see this real transformation from old IM [instant messaging] and phishing scams to leveraging trust and social networks to get people to perform actions that individuals would not perform otherwise and endanger themselves and their machines,” Olechowski said.

A version of this article first appeared on www.scmagazineus.com.

Sign up to our newsletters