Trend Micro Predicts Top 2009 Threats

• Text size
•  
•  

Underground Cyber Crime Economy flourishes in global economic downturn

Dubai, United Arab Emirates, 4 February, 2009 - Trend Micro, Incorporated (TSE: 4704), a global leader in Internet content security, today publishes its forecasts on the threat landscape in 2009 based on the emerging trends of last year.

According to analysis by TrendLabs, Trend Micro's global threat research and support organisation, 2008 saw a year of survival, exploration and innovation for cybercriminals with a number of notable threats.

A spike in botnet activities

A staggering 34.4 million PCs were infected with botnet-related malware from January to November 2008. Storm demonstrated its longevity and lived up to its reputation as one of the largest and most notorious botnets to date alongside emerging botnets (Mega-Dik) and older botnets making a comeback (Kraken). The combined efforts of these bots contributed to a continued rise in spam with what is believed to be around 115 billion spammed messages sent every day, up from an average of 75 billion in 2005.

Black Hat Search Engine Optimisation and Fake Anti-Virus

Poisoning search results was one notable technique used by malware writers in 2008. Manipulation of search results hinged on the trust users place on search tools to lead them to their chosen websites. Malware writers were quick to use popular searches to redirect unsuspecting users to malicious websites. The year also saw a rise in rogue security applications disguised as legitimate anti-virus tools, often offering false scans or warning users that their systems are 'infected'. The promotion of rogue security software served as yet another vehicle to record victims' credit card details.

Mass compromises

Malware hosted in remote URLs increased by 256% in 2008 year on year with attacks on legitimate web sites intensifying. Compromised web sites present a difficult challenge for web users as cybercriminals target popular websites by exploiting coding weaknesses. These threats are typically 'silent', and the last twelve months saw a comeback of the Italian job as well as mass compromises in May infecting over half a million of websites globally.

Blended threats

An analysis of the recent months showed an exponential growth in web threats using multiple components to ensure maximum impact. These blended threats continued to become more sophisticated in their attempt to steal corporate and personal data or money. Social engineering techniques and non-traditional phishing methods exploiting events such as the Olympics, elections, financial crisis and disasters became increasingly sophisticated. In addition, with its dynamic Web 2.0 functionalities and millions of active users, social networking sites were seen to be targeted by cybercriminals looking to obtain personal information for identity theft purposes.

2009 Forecast - a look ahead

The cybercrime environment in 2009 will - in some part - be shaped by the global economic downturn which began in 2008.

As the financial crisis begins to gain momentum in a more tangible way throughout 2009, Trend Micro expects organised cybercrime to take advantage of a growing, highly skilled and available workforce of motivated IT programmers out of work. To date, willing volunteers have already been recruited by cybercriminals to help crack CAPTCHAs.

In addition, the continued disruption in the commercial world will see more organisations experiencing difficulties, going out of business or being the subject of acquisitions and mergers. Social engineering techniques thrive on these uncertainties and were already used to attack businesses and consumers at the start of the banking crisis in 2008. For the year ahead, Trend Micro predicts an increase in malware specifically targeted at Web 2.0 features, technologies and culture, as well as an increase in overall malware complexity.

Implicit trust in "friends" on social networking sites has seen the evolution of socially engineered scams towards the tail end of 2008 and Trend Micro expects this to continue through 2009 with incidences of compromised accounts being used to message associated friends in a direct and credible way to infect, compromise or socially engineer money and/or information out of the victim.

The sheer complexity and variety of attacks will be tailored towards generating maximum monetary gain through theft of information, identities and resources. Cybercriminals will start using Internet browsers and other web-applications and streaming media players to distribute malware. The rise of browser-as-a-platform applications will serve as new avenues ripe for exploitation and cybercriminals are likely to join the 'in the cloud' bandwagon setting their eyes on software and services offering such features.

Threats exploiting bugs in 'alternative' operating systems will persist, especially given their growing popularity while popular operating systems will remain a favourite target of malware authors.

Overall, Trend Micro predicts a shift in delivery factors with mobile devices presenting the lowest hanging fruit to be exploited by cybercriminals due to the popularity of the smartphones and similar devices. 2009 may see malware specifically designed to target mobile devices and the emergence of '3G botnets'.

-Ends-

About Trend Micro:
Trend Micro Incorporated, a global leader in Internet content security, focuses on securing the exchange of digital information for businesses and consumers. A pioneer and industry vanguard, Trend Micro is advancing integrated threat management technology to protect operational continuity, personal information, and property from malware, spam, data leaks and the newest Web threats. Visit TrendWatch at www.trendmicro.com/go/trendwatch to learn more about the latest threats. Trend Micro's flexible solutions, available in multiple form factors, are supported 24/7 by threat intelligence experts around the globe. Many of these products and solutions are powered by the Trend Micro™ Smart Protection Network, a next generation cloud-client content security infrastructure designed to protect customers from Web threats. A transnational company, with headquarters in Tokyo, Trend Micro's trusted security solutions are sold through its business partners worldwide. Please visit www.trendmicro.com.

© Press Release 2009