Cybercrime Trends Will Worsen in 2009, According to Forecasts

By Matthew Harwood

The global recession will lead to a rise of cybercrime worldwide, as governments' attention to cybercrime is deflected toward more pressing economic problems, according to 2009 cybercrime forecasts from leading IT security firms.

The United States has bypassed China as the biggest purveyor of malware as well as sends the most spam worldwide, says Sophos Security Threat Report: 2009.

"Not only is the USA relaying the most spam because too many of its computers have been compromised and are under the control of hackers, but it's also carrying the most malicious webpages," said Graham Cluley, senior technology consultant for Sophos. "We would like to see the States making less of an impact on the charts in the coming year. American computers, whether knowingly or not, are making a disturbingly large contribution to the problems of viruses and spam affecting all of us today."

Security firm McAfee's annual Virtual Criminology report says approximately 1.5 million pieces of unique malware will have been identified by the end of the year, more than in the previous five years combined.

McAfee believes the trends will continue into the new year.

"Cybercriminals are exploiting the global recession by luring in susceptible victims through the promise of easy money," blogged David DeWalt, CEO and president of McAfee. "While governments and law enforcement have their attention diverted by the economy, the door is left open for cybercriminals to continue targeting bank balances and potentially damage consumer confidence, which is essential to the economic recovery."

In its fourth quarter report, Finjan's Malicious Code Research Center (MCRC) says cybercriminals are increasingly relying on Adobe PDF and Flash files, normally considered safe, to infect victims with malware.

"Using rich content applications such as Flash files to distribute malicious code has become the latest trend in cybercrime,” said Yuval Ben-Itzhak, CTO of Finjan. “Having the widespread distribution and the popularity of Flash-based ads on the Web, their binary file format enables cybercriminals to hide their malicious code and later exploit end-user browsers to install malware."

Three big developments will influence the increase in cybercrime predicted by MCRC in 2009. First, as more IT professionals get laid off, some will shift into illegal activity to make money. Second, cybercriminals will be a main beneficiary of President-elect Barack Obama's pledge to bring broadband Internet access to every American family. Lastly, cybercriminals will continue to exploit the best Web 2.0 technologies, such as Trojan technologies, to maximize their illicit gains.

The solution: increased coordination between national governments.

"Governments need to commit to funding the resources needed to combat cybercrime, streamline law enforcement efforts and coordinate police actions across national borders," blogged DeWalt. "Everyone must play their part in a global battle that has only just begun and will continue long into 2009."

In the meantime, Ben-Itzhak recommends businesses and individuals protect themselves.

"The optimal way to prevent malicious files from infecting PCs and corporate networks," he said, "is active real-time content inspection technologies that can inspect each and every piece of Web content in real-time to detect malicious code without the need for signatures.”

But companies also need to fear where their employees travel online.

According to Sophos' Cluley, hackers have been breaking into Facebook and MySpace and implanting malware to distribute to a victim's social network.

A recent survey sponsored by Intel found that half of U.S. and Canadian IT professionals are already aware of this risk, especially among its Generation-Y workforce, typically those under 28. IT professionals said that Generation-Y's "fearless" approach to technology makes them more prone to downloading questionable applications from social networking sites, such as Facebook and Myspace, which may be malicious.

"As we enter 2009 we are not expecting to see these assaults diminish," said Cluley. "As economies begin to enter recession it will be more important than ever for individuals and businesses to ensure that they are on guard against internet attack."


View Recent News (by day)


Beyond Print

SM Online

See all the latest links and resources that supplement the current issue of Security Management magazine.