23 Jan 2006:
Today IBM announced the contents of its 2005 Global Business Security Index Report and provided an early look at potential security threats in 2006. Based on early indicators, IBM anticipates a fundamental shift, or evolution, in cybercrime from pervasive global outbreaks to smaller, stealthier attacks targeted at specific organizations for extortion purposes.
According to the report, written by IBM's Global Security Intelligence team, the global IT threat landscape spent the majority of 2005 at the medium level. While the Zotob worm gained international attention, impacting well known media organizations, there were decidedly fewer global malware outbreaks than the previous year.
But that does not tell the whole story. The criminal element motivating many spam, malware and other IT attacks became apparent last year. High profile arrests of cybercriminals in the US and around the world pointed to individuals linked to organized crime and motivated to make money. With software and networks becoming increasingly more secure, it is anticipated that many of these criminals may target the most vulnerable access point within a company or organization - its personnel - to execute an attack.
"The decrease in pervasive attacks in 2005 is counter-intuitive to what society at large believes is a major threat to their personal data," said Cal Slemp, vice president of IBM's security and privacy services. "IBM believes that the environment has shifted - with increased security protection on most systems and stiffer penalties, we are seeing organized, committed, and tenacious profiteers enter this space. This means that attacks will be more targeted and potentially damaging. Organizations around the world - from the public and private sectors - must move quickly and work together to address this growing challenge."
IBM's Global Business Security Index report includes an early view of other potential trends in 2006, such as the following:
- Insider Attacks - As software becomes more secure, computer users will continue to be the weak link for companies and organizations. Criminals will focus their efforts on convincing end users to execute the attack instead of wasting time in lengthy software vulnerability discovery. Global resource, employee layoffs, mergers and acquisitions all present challenges for companies and organizations attempting to educate users against these threats.
- Emerging Markets - Cyber criminals take advantage of poor international cooperation against cyber-crime and launch cross border attacks with little personal risk, so the threat to and from emerging and developing countries is therefore increasing. It then becomes far more difficult to trace the attacks back to their source, especially when trends show attacks are increasingly originating from regions, such as Eastern Europe and Asia, where sanctions are more lenient and enforcement is limited.
- Blogging - The increased use of collaboration tools, such as blogging, also increases the possibility of leakage of confidential business data.
- Instant Messaging - Botnets, a collection of software robots that allow a system to be controlled without the owner's knowledge, will continue to represent one of the biggest threats to the Internet. Newer botnets, which will have smaller cells to better hide, will likely move to instant messaging and other peer-to-peer networks for command and control of infected systems.
- Mobile Devices - Malware affecting mobile phones, PDAs and other wireless devices increased substantially in the last year, but has not yet materialized into pervasive outbreaks since they cannot spread on their own - yet. Therefore, this trend continues to be on the radar for 2006.
The following assessments regarding 2005 are discussed in the report:
- Targeted Email Attacks - In 2005, approximately two to three targeted email attacks were intercepted each week. This number was almost negligible in 2004, marking a shift in the nature and purpose of the attacks. These attacks, which are often financially, competitively, politically or socially motivated, were often directed at government departments, military organizations and other large organizations, particularly in the aerospace, petroleum, legal, and human rights fields. Several high profile cases hit the headlines in 2005 but it is believed many more attacks go undetected by businesses.
- Spear Phishing - As more targeted attacks became popular in 2005 so did "spear" phishing, where criminals bombard businesses with highly targeted spam that appears as though it has originated from inside the organization, typically from the IT or HR departments. Often, the perpetrator will offer a small reward in return for information and individuals who are duped into thinking the emails are legitimate often comply. They unwittingly reveal information that will enable the criminal to access restricted areas of the corporate network which can result in the theft of intellectual property and other sensitive corporate data. Spear phishing as a social engineering technique in itself has also been used to bait people into opening malware.
- Viruses - Overall, viruses delivered via email were on the decline in 2005. One in every 36.15 emails, or 2.8 percent, contained a virus or trojan. This number declined significantly from the 2004 level of 6.1 percent, or one in every 16.39 emails.
- Phishing - Phishing continued to be a major threat in 2005. In 2005, phishing represented an average of one in every 304 emails, compared to one in every 943 in 2004. It is believed that the rise in phishing activity has been due to the increased use of botnets being used to pump out massive volumes of scam emails, as cyber-criminals look to increase their profits through more aggressive targeting.
- Malware Ingenuity - In 2005, there was a rise in blended and increasingly complex threats with the integration of bot capabilities into existing malware. Such an example was Mytob, which was based on the Mydoom worm but added bot capability and a number of other "enhancements" to make for a much more dangerous piece of malicious software. And, in short term, multiple variants of Mytob appeared.
The IBM Global Business Security Index Report is a monthly report that assesses, measures and analyzes potential network security threats based on the data and information collected by IBM's 3,000 worldwide information security professionals, thousands of monitored devices and strategic security business partners. For more information, please visit http://www-1.ibm.com/services/us/index.wss/offering/bcrs/a1008776.