Acrobat PDF

Avert predictions Top 10 Threat Predictions for 2008

You must be logged in to download this document
Reviews
Shared by: Nathan Jameson
Categories
Tags
Stats
views:
120
rating:
not rated
reviews:
0
posted:
5/23/2008
language:
English
pages:
0
Protect what you value. McAfee Avert Labs Top 10 Threat Predictions for 2008 6-na-cor-avert-001-1107.indd 1 11/16/07 1:42:19 PM McAfee Avert Labs Top 10 Threat Predictions for 2008 www.mcafee.com Table of Contents 1. Adware on the Decline . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3 2. Botnets Piggyback on Storm’s Success . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4 3. Crimeware and Phishing Move on to Secondary Targets . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5 4. Instant Malware: A Different Kind of IM . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5 5. Parasitic Crimeware Takes Root . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6 6. Virtual Threat Growth to Outpace Real-World Growth . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6 7. Virtualization Radically Changes Security . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7 8. Windows Vista Joins the Party . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8 9. VoIP Attacks Speak Up . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9 10. Web 2.0: Interactivity Yields More Productive Malware . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9 6-na-cor-avert-001-1107.indd 2 11/16/07 1:42:20 PM McAfee Avert Labs Top 10 Threat Predictions for 2008 www.mcafee.com McAfee Avert Labs Top 10 Threat Predictions for 2008 As 2007 comes to a close, it’s a good time to reflect on the current threat landscape. The past 12 months comprised a record-breaking year. McAfee® recorded well over 100,000 new viruses and Trojans, a 50 percent jump in the total number of threats ever cataloged. The Nuwar virus (a.k.a. Storm Worm) grew into the largest peer-to-peer (P2P) botnet to date, while TJ Max revealed the largest data breach in history. Other areas saw significant growth as well, from phishing attacks to crimeware, from vulnerabilities disclosed to zero-day exploits; 2007 was a big year for threats. At the same time, there was an explosion in the adoption and usage of new technologies such as voice over IP (VoIP), virtualization, and, of course, Web 2.0. As we look ahead to 2008, we expect the threat landscape to continue to expand. Attackers will exploit the new technologies while revisiting tactics that were successful in the past. McAfee Avert® Labs has identified the following ten noteworthy trends expected to unfold in 2008: 1. Adware on the Decline Adware will diminish in 2008. The combination of lawsuits, better defenses, and the negative connotation associated with advertising through adware helped start the decline of adware in 2006. In 2007, the Federal Trade Commission settled cases against several adware makers, the most important of which was Direct Revenue. With major players such as Direct Revenue and Claria out of the game, adware growth is expected to decline by 30 percent in 2008. Adware Classified Per Quarter 2,500 2,000 Total Number of Adware 1,500 1,000 500 0 Q104 Q204 Q304 Q404 Q105 Q205 Q305 Q405 Q106 Q206 Q306 Q406 Q107 Q207 Q307 Q407 Q108 Q208 Q308 Q408 Year and Quarter Actual data Forecasted data  6-na-cor-avert-001-1107.indd 3 11/16/07 1:42:22 PM McAfee Avert Labs Top 10 Threat Predictions for 2008 www.mcafee.com 2. Botnets Piggyback on Storm’s Success Without a doubt, Nuwar (a.k.a. the Storm Worm) is the most versatile virus on record. The authors have released thousands of variants, and have changed coding techniques, infection methods, and social-engineering schemes far more often than for any other threat in history. While other bots have toyed with using P2P networks for command and control, Nuwar managed to successfully amass the largest-ever P2P botnet. With legal officials having prosecuted four high-profile bot masters in 2007, criminals will be seeking better ways to cover their tracks. McAfee Avert Labs expects other authors to take note and ride the coattails of Nuwar’s success. Unique Nuwar Samples Trapped Per Day By One Sensor 2,500 2,000 Total Number of Samples 1,500 1,000 500 0 9/12/07 900,000 800,000 700,000 600,000 500,000 400,000 300,000 200,000 100,000 0 9/14/07 9/16/07 9/18/07 9/20/07 9/22/07 9/24/07 9/26/07 9/28/07 9/30/07 10/2/07 10/4/07 10/6/07 10/8/07 10/10/07 10/12/07 10/14/07 10/16/07 10/18/07 10/20/07 10/22/07 10/24/07 10/26/07 10/28/07 10/30/07 11/1/07 11/3/07 11/5/07 11/7/07 Date McAfee Consumer Bot Detections Total Bot Detections Apr-05 Oct-05 Apr-06 Oct-06 Apr-07 May-05 Aug-05 Sep-05 Nov-05 Dec-05 May-06 Aug-06 Sep-06 Nov-06 Dec-06 May-07 Aug-07 Sep-07 Jul-05 Jul-06 Jul-07 Jan-05 Feb-05 Mar-05 Jun-05 Jan-06 Feb-06 Mar-06 Months Jun-06 Jan-07 Feb-07 Mar-07 Bots Excluding Nuwar All Bot Detections Jun-07  6-na-cor-avert-001-1107.indd 4 11/16/07 1:42:25 PM McAfee Avert Labs Top 10 Threat Predictions for 2008 www.mcafee.com . Crimeware and Phishing Move on to Secondary Targets Cybercriminals have learned that it’s risky to target top-tier sites, which are attacked regularly and are prepared to respond more quickly. Knowing that a large percentage of people reuse their user names and passwords, malware writers are likely to target less-popular sites more frequently than before. Criminals can then gain access to primary targets using information gained from secondary-target victims. . Instant Malware: A Different Kind of IM For several years, researchers have warned of the risk of a self-executing instant-messaging (IM) worm. This threat could spawn millions of users and circle the globe in a matter of seconds. Although IM malware has existed for years, we have yet to see such a self-executing threat. While it’s anyone’s guess exactly when this threat will emerge, the stars may be starting to align. The National Vulnerability Database reports more than twice the number of AIM, YIM, and MSN Messenger vulnerabilities for 2007 over the prior year. More important, there were 10 high-severity risks in 2007, compared with zero in 2006. Additionally, the top IM virus families of 2005 and 2006 were replaced with new active threats, signifying an “out with the old and in with the new” milestone. With nearly a quarter-billion users, Skype suffered its first batch of worms in 2007. Many more are expected to follow. Instant Messenger Vulnerabilities 20 18 16 Number of Vulnerabilities 14 12 10 8 6 4 2 0 2005 2006 2007 Degree of Vulnerability Source: National Vulnerability Database High Medium Low  6-na-cor-avert-001-1107.indd 5 11/16/07 1:42:27 PM McAfee Avert Labs Top 10 Threat Predictions for 2008 www.mcafee.com . Parasitic Crimeware Takes Root While crimeware was storming ahead in recent years, parasitic malware faded to the background. In 2007, several crimeware authors turned old-school to deliver threats such as Grum, Virut, and Almanahe—parasitic viruses with a monetary mission. The number of variants of an old parasitic threat, Philis, grew by more than 400 percent; meanwhile, we cataloged more than 400 variants of a newcomer, Fujacks. The author of Fujacks was apprehended, yet we foresee a continued interest in parasitics from the crimeware community. Overall, we expect parasitic malware to grow by 20 percent in 2008. Parasitic Viruses 7,000 6,000 Number of Virus Variants 5,000 4,000 3,000 2,000 1,000 0 2002 2003 2004 2005 2006 2007 2008 Year . Virtual Threat Growth to Outpace Real-World Growth As virtual objects continue to appreciate in value, more attackers will look to capitalize on the situation. We see this already in the number and type of password-stealing Trojans that were classified in 2007. These crimeware have two favorite targets: online gaming and banking. Top Crimeware Targets Gaming and Banks 12,000 10,000 Total Number of Attacks 8,000 6,000 4,000 2,000 0 Q1-05 Q2-05 Q3-05 Q4-05 Q1-06 Q2-06 Q3-06 Q4-06 Q1-07 Q2-07 Q3-07 Q4-07 Q1-08 Q2-08 Q3-08 Year and Quarter Online Games Online Banks Outlines are predictions.  6-na-cor-avert-001-1107.indd 6 11/16/07 1:42:29 PM McAfee Avert Labs Top 10 Threat Predictions for 2008 www.mcafee.com . Virtualization Radically Changes Security Security vendors will embrace virtualization to create more resilient defenses. Today’s complex threats, such as rootkits, will be easily defeated, but researchers, professional hackers, and malware authors will begin looking at ways to circumvent this defensive technology. The number of VMware vulnerability records in the National Vulnerability Database increased fivefold between 2006 and 2007. Historically, such an increase in the application vulnerabilities we track has led to increased exploitation of those applications. VMware Vulnerabilities 35 30 Total Vulnerabilities 25 20 15 10 5 0 1999 2000 2001 2002 2003 2004 2005 2006 2007 Source: National Vulnerability Database Year  6-na-cor-avert-001-1107.indd 7 11/16/07 1:42:30 PM McAfee Avert Labs Top 10 Threat Predictions for 2008 www.mcafee.com . Windows Vista Joins the Party In 2007, the market share of Windows Vista sat below 10 percent.1 This threshold will be crossed in 2008. The release of Service Pack 1 for Windows Vista is also likely to accelerate its adoption rate. Professional attackers and malware authors may begin to see an impact on their businesses and expend some effort in exploring ways to circumvent the new operating system. (This does not mean older threats will disappear, however. It was several years after the Java vulnerability named in Microsoft® Security Bulletin MS03-011 was patched before exploits targeting that vulnerability fell off the list of McAfee Avert Labs’ top 10 threats to consumers.) The old threats will persist, but a new crop is on its way. The National Vulnerability Database reports 19 Windows Vista vulnerabilities in the first nine months after the OS was released. This compares with 16 Windows® XP vulnerabilities during a comparable period. The number of reported Windows XP vulnerabilities more than doubled in the following 12 months. If history repeats itself, we can expect far more than 20 Windows Vista vulnerabilities to be reported in 2008. 1 http://marketshare.hitslink.com/report.aspx?qprid=5 Windows Vulnerabilities 45 40 35 Total Vulnerabilities 30 25 20 15 10 5 0 In first 9 months after release In subsequent 12 months Windows XP Windows Vista Source: National Vulnerability Database  6-na-cor-avert-001-1107.indd 8 11/16/07 1:42:31 PM McAfee Avert Labs Top 10 Threat Predictions for 2008 www.mcafee.com . VoIP Attacks Speak Up VoIP attacks should increase by 50 percent in 2008. More than twice the number of VoIP-related vulnerabilities were reported in 2007 versus the previous year—several high-profile “vishing” attacks, and a criminal phreaking (or fraud) conviction—so it’s clear that VoIP threats have arrived and there’s no sign of a slowdown. Although ABI Research estimates 1.2 billion VoIP users by 2012 (with $150 billion annual service revenues), the technology is still new to many and implementing defense strategies is lagging. VoIP Vulnerabilities 120 100 Total Vulnerabilities 80 60 40 20 0 2002 2003 2004 2005 2006 2007 2008 Source: National Vulnerability Database 10. Web 2.0: Interactivity Yields More Productive Malware Web 2.0 and social networking sites will be targeted in a big way. A number of social business sites were compromised in 2007, including Salesforce.com and Monster.com. Cybercriminals explored precision-targeted attacks using personal information gleaned from sites such as LinkedIn. Attackers pursue the tidbits of information users share about themselves to help make their threats feel more authentic. McAfee Avert Labs believes these examples are not isolated events, but rather the beginning of a trend in which proficient attackers are data mining this wealth of personal information. Another cause for concern is an increase in spam that targets social networking sites. This blog spam is growing at an alarming rate. In March 2007, WebmasterWorld reported that 75 percent of Google’s Blogspot blogs are spam. Automated posting tools are maturing; spammers are moving on to audio and video spam. Blog spam will continue to grow in 2008, and video spam is likely to become significant. In many cases video spam will be obvious to most viewers, but well-crafted videos will blur the lines between spam and advertising. McAfee, Inc. 3965 Freedom Circle Santa Clara, CA 95054 888.847.8766 www.mcafee.com McAfee, Avert, and/or other noted McAfee related products contained herein are registered trademarks or trademarks of McAfee, Inc., and/or its affiliates in the US and/or other countries. McAfee Red in connection with security is distinctive of McAfee brand products. Any other non-McAfee related products, registered and/or unregistered trademarks contained herein is only by reference and are the sole property of their respective owners. © 2007 McAfee, Inc. All rights reserved. 6-na-cor-avert-001-1107  6-na-cor-avert-001-1107.indd 9 11/16/07 1:42:33 PM

Related docs
2009_threat_predictions_report
Views: 68  |  Downloads: 17
avert 2008
Views: 11  |  Downloads: 0
Technology Predictions 2007 Non-OS-Dependant Malware One Hacker
Views: 0  |  Downloads: 0
China Painting The Threat Landscape
Views: 1  |  Downloads: 0
Avert Virucidal Tissues
Views: 215  |  Downloads: 1
Averting a New Kosovo in Indonesia Opportunities and
Views: 0  |  Downloads: 0
TOP SECRET DEMON
Views: 11  |  Downloads: 0
+How to Avert Depression by Making All Banking Much
Views: 0  |  Downloads: 0
avert it
Views: 0  |  Downloads: 0
PRESS RELEASE ACTION URGED TO AVERT SIX MILLION MOTHER
Views: 5  |  Downloads: 0
How to Avert Recession
Views: 8  |  Downloads: 0
The.Economist.2008.10.11
Views: 205  |  Downloads: 10
Piracy – The threat takes on a new dimension
Views: 0  |  Downloads: 0
How-to-Avert-Depression-by-Making-All-Banking-Much-Cheaper
Views: 1  |  Downloads: 0
Nursing Agenda for Michigan Actions to Avert a Crisis
Views: 2  |  Downloads: 0
premium docs
Website Development Agreement$19.95
Website Design Non Disclosure$14.95
Web Hosting Agreement$14.95
Website Vendor Evaluation Matrix$19.95
Website Design RFP Template$49.95
Web Audit Report Tool$19.95
Web Metrics Reporting Tool$19.95
Other docs by Nathan Jameson
DOS response
Views: 341  |  Downloads: 0
DOS Appeal 06302009
Views: 187  |  Downloads: 0
DOS Appeal 06152009
Views: 104  |  Downloads: 0
DOJ 05152009
Views: 119  |  Downloads: 0
DOD Appeal 06122009
Views: 102  |  Downloads: 0
DOD 07282009
Views: 106  |  Downloads: 0
DOD 07142009
Views: 86  |  Downloads: 0
DOD 05062009
Views: 87  |  Downloads: 0
CIA Appeal 06232009
Views: 84  |  Downloads: 0
CIA 05132009
Views: 109  |  Downloads: 0
Bagram FOIA DOD FIAA Appeal Letter
Views: 119  |  Downloads: 0
Bierfeldt v Napolitano Complaint
Views: 102  |  Downloads: 0
The Truth About Torture
Views: 85  |  Downloads: 1
Guantánamo Fact Sheet
Views: 74  |  Downloads: 0
Memo Urging Revisions to the Military Commissions Act Sent to the Congressional Conferees on National Defense Authorization Act
Views: 122  |  Downloads: 0