Cybercriminals exploit technology's cutting edge
From social media to distributed computing, the cybercriminal underground took full advantage of emerging technologies in 2009
“It’s the great irony of our information age,” US president Barack Obama said in May 2009, during a speech detailing his administration’s cybersecurity strategy. “The very technologies that empower us to create and to build also empower those who would disrupt and destroy. And this paradox – seen and unseen – is something we experience every day.”
This irony was especially cruel in 2009, because, while recessionary budget cuts curtailed the ability of many legitimate businesses to capitalise on technological advances, hackers and cybercriminals were taking full advantage of the bleeding edge of technology.
Social media is a case in point. For businesses, social networking sites such as Facebook provide an opportunity to build trust and garner customer insight, but for hackers they represent a goldmine of personal information with which to deceive and defraud unsuspecting Internet users.
One technique, known as ‘spear-phishing’, exploits information gathered from an individual’s social networking profile to lure them into clicking a link that in turn downloads a piece of malware. According to a report from Microsoft, the months of May and June 2009 saw a sevenfold increase in the number of phishing links that were clicked on. The reason? A series of phishing campaigns on social networks
Meanwhile, the meteoric rise of ‘micro-messaging’ service Twitter during 2009 presented its own security problems. The site’s limit of 140 characters per message has meant that URL-shortening services have become very popular, but by obscuring the final destination of a link, these have allowed hackers to direct naïve users to malicious websites. Shortened URLs also circumnavigate Twitter’s security system that scans messages for known malicious URLs. The exploitation of social media, then, helped hackers to misdirect victims to dangerous websites. Meanwhile, techniques used to transfer malicious code from a web page to a user’s machine also grew in sophistication and volume.
According to research by security software vendor Symantec, 2009 saw an explosion in so-called ‘drive-by downloads’, whereby software is automatically downloaded through a web browser without the user’s knowledge. In the whole of 2008, the company recorded a total of 18 million drive-by download infection attempts; roughly the same number (17.4 million) took place from August to October 2009 alone. And to complete the picture, 2009 also saw an uptick in the incidence of legitimate sites being injected with malicious code. Research conducted by security vendor Websense found that 61 of the Internet’s 100 most popular sites were either hosting malicious content or contained a masked redirect to a malicious website during the year. The number of compromised websites, meanwhile, grew by 700% in 2009, the research also found.
Although the concept is well established, distributed computing is arguably still a technology at the cutting edge, and is most commonly deployed by organisations with unusually high computing demands – such as financial institutions or scientific laboratories – as a cheap alternative to supercomputers.
One of the most sophisticated applications of distributed computing, however, has emerged from the cybercriminal underground. Botnets, as they are known, are networks of ordinary PCs that have been infected with malware (usually a Trojan). Once compromised, these devices are remotely controlled to undertake a certain task, such as scanning websites for security vulnerabilities or sending out phishing emails. According to online security vendor MessageLabs, botnets were the number one security threat in 2009. One single botnet, named Cutwail, was responsible for 29% of all spam sent between April and November 2009, according to the company’s 2009 security report.
Some Internet service providers known to have negligently hosted botnet systems were closed down in 2009, but according to the MessageLabs report, botnets are evolving to overcome this adversity. “It is predicted that in 2010 botnets will become more autonomous and intelligent,” it says, “with each node containing an in-built self-sufficient coding in order to coordinate and extend its own survival.”
However, there is another development that has progressed in parallel with these technological threats that arguably represents a far graver threat, and that is the growing sophistication of the individuals and organisations developing, deploying and selling that technology. So commercially mature is the cybercriminal underground that botnets can be rented by the hour, denial-of-service attacks can be conducted at the click of a button and some malware is even sold with end-user licence agreements.
What this means is that it is easier than ever before to become a cybercriminal. In December 2009, the news broke that insurgents in Iraq had intercepted video transmissions from an unmanned US spy plane using software that can be bought online – legitimately – for less than $30. Of course, for the majority of cybercriminals, the motivation is not political but commercial. Indeed, the growing sophistication of the cybercriminal underground is a direct consequence of its commercialisation.
Happily, there have also been developments in the technology used to counter the ever-maturing security threat. Most significantly, the Internet is now being used by the security industry in as sophisticated a fashion as it has been by hackers for many years.
The hot topic in the security industry was ‘cloud-based’ security. The theory is that traditionally deployed software, even if it is periodically updated over the Internet, can no longer keep pace with the rate of evolution in malware threats. Information security technology based in the cloud, meanwhile, can be kept up to date for all users every minute of the day.
Following Symantec’s acquisition of online security services provider MessageLabs at the tail end of 2008, security vendors including McAfee, Barracuda and M86 Security all conducted similar deals, and even networking infrastructure provider Cisco got in on the act with its acquisition of ScanSafe in October 2009.
Not everyone was convinced of the cloud security revolution, however. In July 2009, Eugene Kaspersky, CEO of antivirus software vendor Kaspersky Labs, told Information Age that “cloud services are not about to replace endpoint solutions. There will still be endpoint services; most people will have a combination.”
This may well prove to be the case, but it is fair to assume that the cloud will provide a growing role in security software – as in all areas of IT – in 2010.