Security Experts Say Botnets, Web Extortion Threats on the Rise
January 22, 2007 Timothy Prickett Morgan
Some days, the Internet doesn’t feel like a very safe place. Two reports issued recently are predicting some pretty ugly weather conditions out there in cyberspace looking ahead into third year.
A report by Trend Micro, which provides security software for servers and PCs, indicated that 2006 saw a “resurgence in malware” and that the “botnet became the hacker’s best friend.” For 2007, Trend Micro is predicting that hackers will continue to ramp up their efforts on these fronts while targeting popular social networking sites.
What did not happen in 2006, by the way, was widespread virus outbreaks, which we have seen in prior years. Now, hackers are doing more targeted or regional attacks. This is both comforting and alarming at the same time–comforting because you don’t have to cope with a virus outbreak, but alarming if you happen to be the target of the attack. In many cases, these targeted attacks use various pieces of malware and distributed denial of service (DDOS) approaches to try to bring down the systems at a specific company or user group, according to Trend Micro.
Organized crime is using identity theft and the threat of attacks to conduct corporate espionage, and extortion, and hackers have adopted botnets–remote robots created by viruses and other malware that sit unsuspected on Internet-connected PCs that can do a DDOS–to do havoc.
The company said that digital threats have increased by an average of 163 percent per year over the past several years. Web-based threats grew 15 percent from 2005, with nearly a half million reports into TrendLabs, the analysis and tracking side of Trend Micro. More than 2 million unique pieces of spam per month and 140,000 unique bots per month flood the Internet.
“Computer crime has evolved into organized crime, it is no longer the game of individual attackers,” said Jamz Yaneza, the senior threat research analyst at Trend Micro who put together the 2007 threat report. “With money as their main driver, our research has tracked how attacks have moved from being fast and large scale to being cleverly crafted to attack very specific groups under the radar. The unseen Web threat is maturing, and users should be ever-more careful about what they download and install, as blended threats are ever-more cunning in their attempt to steal corporate and personal data or money.”
Risk Bloggers, a federation of blogs put together by computer and network security experts, released a similar warning report last week, called Ready or Not, Here Comes 2007. “What do you call billions of spam messages, millions of lost customer records, thousands of new viruses, and hundreds of governments asleep at the wheel?” asked the report’s author, Jim Reavis rhetorically. “In our business, we call it 2006, just a normal year in the information security industry.”
Reavis offers a pretty sobering outlook for security in 2007. “Increasingly, sophisticated criminal organizations are able to exploit technology to stay ahead of corporate and consumer defenses and steal billions of dollars and disrupt whole economies. Botnets, Web application holes and uncontrolled mobility loom large as villains in this tale. Skepticism about the government’s ability to be relevant in face of these challenges abounds.” Reavis is president of Reavis Consulting, which as the name suggests does consulting on security issues and which hosts the RiskBlogger site.