NEWS
M86 Security Report Sparks Conversations as Cybercriminals Evolve
Editor’s Note: the topic of internet security is always of interest for a publication such as ours, and it’s always nice to get a second (or third) opinion on things. From mobile access to malware threats, the space must evolve on a daily basis to maintain the web as we know it.
A recently released Security Labs Report from M86 Security made some interesting points in regards to the state of internet security. Focusing on the second half of 2010, several observations were made through the report. M86 Security is present at RSA 2011 this week and this report will definitely spark some conversations.
Some Highlights:
- Overall, Spam volumes are down, affected by botnet disruptions and closure of the Spamit.com botnet affiliate program in September 2010. However cybercriminals are coming back with creative new phishing methods. Other botnets have since started to fill the void, however as spammers maneuver around the efforts of security groups.
- Third-Party Phishing is on the Rise by means of more effective tactics such as malware and other attack types. This despite a decline in email methods due to more well aware users to traditional phishing methods, such as the presence of fake emails from banking institutions.
- The ZeuS Trojan is expected to feed a more sophisticated evolution of the SpyEye Trojan, as they share source code. Also, the popularity, robustness, and capabilities of exploit kits are on the rise. One noted vector for malicious activity was the LinkedIn scam spam that leads users to the Phoenix exploit kit infection page.
- The Stuxnet worm was a significant evolution in malware and its methods and potential for continued malice can be anticipated to cause serious compromises throughout the national security and financial worlds.
- Cross-component attacks, such as those that exploit Flash and Acrobat are continuing to evolve. Increasing statistics in Java-based attacks are shown to become more significant as well.
- On the topic of Social Networks, the report describes this as “Cybercrime Utopia” and goes on to describe some of the trends in Facebook, Twitter, et.al. scams.
- Additionally, most of the system vulnerabilities found out on the web have existed and were discovered years ago and all of the top six were patched at least two years ago. Their presence indicates continued successes and makes a powerful statement that despite current available patching, that many systems are simply not being updated. The threat grows and will continue to exist as knowledge and behavior dictate the application of safe computing habits.
While this report is a powerful reinforcement of the serious nature of safety and security on the internet, it is an even more powerful statement to the required vigilance of systems in the enterprise. Anticipated and unanticipated security challenges mandate tough policy, auditing and enforcement at all levels of the nation’s infrastructure. While debates rage on whether the government should have a “kill switch” to shut down the internet, it is incumbent on IT to get in line with these enormous and growing threats to financial security and otherwise.
A message from John Furrier, co-founder of SiliconANGLE:
Your vote of support is important to us and it helps us keep the content FREE.
One click below supports our mission to provide free, deep, and relevant content.
Join our community on YouTube
Join the community that includes more than 15,000 #CubeAlumni experts, including Amazon.com CEO Andy Jassy, Dell Technologies founder and CEO Michael Dell, Intel CEO Pat Gelsinger, and many more luminaries and experts.
THANK YOU