Cybercriminals Target Social Engineering

MBA (7/15/2008 ) Palaparty, Vijay
Cybercriminals not only leverage new technology to instigate cybercrime, but also reinvent popular forms of social engineering to compromise consumers and businesses, according to a report from Trend Micro Inc., Cupertino, Calif.
The report, Trend Micro Threat Roundup and Forecast 1H 2008, revealed that web threats increased significantly during the first half of this year, peaking at 50 millionin March from 15 million reported in December of last year.

However, adware, trackware and keylogging decreased, perhaps because they were unable to compete with higher-level security, the report said. It said 45 percent of all computers were affected by adware in March 2007, but by April of this year, only 35 percent were reported as infected.

In May 2007, 20 percent of computers were infected by trackware, which has dropped to less than 5 percent as of this April, the report said. Keyloggers also showed a small, steady decline with less than 5 percent of computers infected today.

"Cybercriminals are evolving with the times,” said Raimund Genes, CTO of Trend Micro. “They're moving away from threats that use old or waning technologies; instead, focusing on the lucrative threats that bring a bigger payload.”

The report said cybercriminals focus on exploiting tools and technologies of social networking sites. For example, Trend Micro found 400 phishing kits designed to target Web 2.0 sites including social networking, video sharing and VoIP sites, email service providers, bank and eCommerce web sites.

Phishing emails are also on the rise—emails that warn potential victims about phishing emails as a way to legitimize them. Users are then tricked into clicking on a link that leads them to a fraudulent web site.

Trend Micro also investigated voice phishing attempts where phishers send messages to unsuspecting users to call a phony number to reactivate their accounts. Upon calling the number, users are asked to provide their bank card number and PIN, unknowingly opening their bank accounts to phishers.

The report also said malware is often treated as an individual threat, but profit-motivated web threats actually blend malicious software components into a single web threat business model. For example, a cyber criminal could send a spam message with an embedded link—a malicious URL—in an email or in an instant message. The user would then click on the link and be redirected to a web site where a Trojan file would automatically download onto the user's computer. The Trojan would then download an additional spyware file that would capture sensitive information, such as bank account numbers. This technique is known as spy-phishing.

“Although seemingly one incident, blended threats are much more difficult to combat and much more dangerous for the user,” Genes said.

The report also said cybercriminals use fast-flux techniques where they rapidly switch the domain-name-server to hide phishing delivery sites. The fast-flux technique helps phishing sites stay up for longer periods to lure in more victims while making it impossible for technology departments to detect any sources.

Looking ahead, the report forecasts that social engineering will remain a key attack method, increasing in sophistication. Furthermore, it said cybercriminals will continue to target newly discovered vulnerabilities in third-party software applications such as QuickTime, RealPlayer and AdobeFlash.

“Crimeware that relies on technical methods that are becoming obsolete, such as dialers and keyloggers, will continue to slowly decline in number,” Genes said. “Grayware such as trackware and browser hijackers will also slowly fall off in number as they cannot scale well in an era of million-member botnets.”

The report also predicts that spam volume will continue to rise exponentially with average daily spam volumes projected to increase by 30 billion to 50 billion messages per day.

“As is occurring now, both spam and phishing will continue to play a part in blended threats, Genes said. “One out of every 500 web requests are sent to web sites hosted on infected computers, and this trend is expected to continue.”