State of Security Report, 2011
Mobile and cloud attacks are on the rise; spam is abating (but not completely).
Security is a never ending problem. No matter what actions are taken, new problems arise and old problems may diminish but do not appear to be eliminated. Cisco's latest report, "Cisco 2011 Annual Security Report, Highlighting Global Security Threats and Trends" makes it abundantly clear that security will be a problem in some form for the foreseeable future.
There are rising and falling issues. An interesting scheme is money laundering. This is where criminals use data theft malware to get online bank accounts. But the success rate is low, so "money mules" do the job. The enforcement problem is that criminals have many bank accounts and money mules at their disposal.
Mobile devices have been a target for years, but the attack rate has significantly increased. Creating fake mobile apps is opening a far greater number of potential victims. The growth of the number of mobile devices, becoming more common than PCs, adds to the potential victim population. Mobile attackers are developing apps to exploit two-factor authorization thereby gaining access to otherwise protected enterprise networks.
Cloud infrastructure hacking is growing fast. Criminals can access cloud-located enterprise information. This is the type of security issue most often discussed. But a newer problem that occurred last year was the use of Amazon;s EC2 service to hack Sony's PlayStation encryption keys. Sony's keys were cracked by using EC2 cloud service as the attack platform. No capital cost was involved to the hackers. The cost to access EC2 can range from pennies per hour to about $2.50 per hour, cheap at any price. The problem for Amazon and other cloud providers is that you can't tell the good guys from the bad guys. The PlayStation attack was well planned, generated by professionals and was very highly sophisticated in its implementation.
Fast Growing Problems
A fast-growing problem is the Data Theft Trojan, for example banker Trojans that mimic legitimate banking sites. The message asks for account information because there is purportedly some problem. The respondent then provides their data for the criminal operators to exploit. The Trojans account for more than 2/3 of new malware compared to traditional viruses.
Another fast growing problem is the Web Exploit kit. These off-the-shelf kits are used to automatically exploit vulnerabilities when a user visits a web page infected with malicious code. The user that is browsing legitimate websites will probably have no idea that they have been compromised.
Spam Update (Good News)
Cisco has been tracking global spam campaigns for years. In the latest report, spam volume has dropped by more than 379 billion messages daily. It is now about 127 billion messages per day measured between August 2010 and November 2011. A big drop in volume but still a big problem.
Cyber criminals started moving from spam to a more targeted approach by focusing on specific people in organizations to obtain network login data and account information. A targeted message needs to get only ONE reply to be successful. Mass attacks need a much higher reply rate to be successful.
Law enforcement authorities have made life more difficult for the spammers by shutting down or at least severely limiting the abilities of the spammers. The Cisco report estimates that traditional e-mail attacks have declined by more than 50%.
Global Spam Sources
There have been some shifts in spam sources. India ranks first with originating 13.9% of the global spam, moving up from second place in 2010. The U.S. was the second biggest source of spam in 2010 with 10.1% of the traffic generated. The U.S. has now dropped to ninth place with 3.2% of the spam traffic generated.
Second place is now held by the Russian Federation with 7.8% of the generated spam traffic. Vietnam is third with rapid growth from 6% to 8%. The Republic of Korea and Indonesia were not in the top 10 in 2010. In 2011, both are now a tied for fourth place with 6% of the traffic generated by each country.
The rapid growth of wireless device usage for both personal and business applications makes security a bigger problem for the enterprise. The BYOD phenomenon significantly expands the number of vulnerable devices and the number of operating systems and applications that need to be secured.