With the widespread adoption of the Mac platform and its Mac-based devices such as the iPhone and iPad, the continued development in the mobile market and the convergence of video and voice, a new set of threats could emerge over the next 12 months, warns SonicWALL, Inc. in its mid-year summary of the top cybercrime trends for 2010.
The report also says that reputation management via social networking, the growth of borderless business as well as the use of virtualization and cloud-based computing has caused a surge in targeted security threats in 2010.
SonicWALL’s GRID data indicates that attacks on virtualized and cloud-based solutions have have dramatically increased. Web-based attacks which accounted for 4% of all attacks in 2009 now account for 45% in 2010.
Based on data gathered from July 1, 2009 to June 30, 2010, Web-based SQL Injection, attacks through domain name system (DNS) protocol and attacks through hypertext transfer protocol (HTTP) were the top intrusion threats. False antivirus software and viruses (e.g. “Bredolab” and “Conficker”) continue to top the malware threat list. This malware wreaks havoc on users’ machines and causes for example, massive spam runs and identity-theft related attacks. Phishing, the manipulative practice of sending victims emails fraudulently posing as being from trusted institutions is frequently the spear point for intrusions and malware. From January 1, 2010 through June 30, 2010, the amount of malware instances detected has tripled from 60 million to approximately 180 million.
In its 2010 predictions, SonicWALL noted that companies should implement stricter policies controlling reputation management and the usage of and access to social media.This year, hackers have steadily exploited social networking sites, such as Twitter, Facebook, Orkut, Google groups and others to initiate malware downloads and botnets that have led to identity, account and password theft. SonicWALL also found fake Twitter handles and e-mail message formats being used to generate massive spam attacks. Trust is inherent in social network participation, making it especially easy for hackers to exploit.
The report also finds that email messages promising employment opportunities comprised nearly 10% of non-phishing fraud e-mail during the first half of 2010.
Another finding is that foreign government tax scams are expanding. These scams can include false tax institution audits, requests for payments or verification of the victim’s tax status, and direct the unsuspecting to an authentic-seeming site. Expanding their exploits beyond the U.S. government into the United Kingdom and beyond, phishers are now targeting India, Australia, China and Canada.