5 Leading Cybercrime Predictions For 2012

Cybercrime

Cybercriminals are successfully defeating security controls across the globe and in all industries. They have moved from the shotgun approach to a marksman’s methodology, becoming focused on the institutions they target.

More organised then ever before, tomorrow’s cybercriminal studies their prey and learns their security controls so then can bypass them and commit fraud. While the Olympic’s may be a distraction, it’s vitally important that security professionals don’t take their eye of the prize – to play these fraudsters at their own game, and win gold.

5 leading predictions for 2012:

1. 2012 will see new multipurpose multi functional malware

I predict malware, originally designed for one purpose, will evolve to pose a new threat with a malicious undertone. Non-financial viruses will morph to become financial malware and be used to commit online banking fraud. Conversely, existing financial malware, will adopt features introduced in non-financial APT attacks. Over the next twelve months perimeters will face an onslaught from various sources, viruses going financial, APT style technologies in ZeuS code derivatives manipulated by new coders and in other commercially available malware kits (e.g. Spyeye).

2. We’re on the verge of malware globalisation

Next year cybercriminals will realise their dreams of global domination as Trusteer expects to see widespread resale and repackaging of malware. This means code, originally designed specifically to target one geographical location, will be adopted and translated to target other regions or even countries. The end result will see terms such as ‘regional malware’ and even ‘malware free countries’ cease to exist as everyone, regardless of where they are, comes into the sights of the criminal fraternity.

3. Cyber criminals will up their game and improve evasion techniques

Ultimately a cyber criminal’s focus is on infecting the user’s PC and to remain undetected for as long as possible. It makes sense, therefore, that they will continue to improve their evasion techniques to ‘hide’ the rogue program or mimic that of another program. But be warned, where evasion techniques are unsuccessful, fraudsters will resort to developing malware designed to attack and destroy existing protection, with the premise that the organization, and its users, may not notice they’re vulnerable to attack.

4. Personal information, disclosed on social networks, will be used in social engineering attacks against the enterprise

Fraudsters, all too aware of the valuable intelligence freely available social networks, are starting to mine these data sources capturing the personal details needed to successfully complete social engineering attacks. I predict this will manifest itself over the coming year as an enterprise issue. As a crude example, if an enterprise uses a ‘secret question’ for password retrieval, it’s feasible that an individual’s answers could be researched via the net, the password reset and the legitimate account used to compromise the organisation.

5. The move to SaaS allowing malware attacks on enterprise applications

Many organisations, in an effort to reduce cost of enterprise application have moved to SaaS. However, as part of this process, many have outsourced services to external websites without first carefully considering the security risks it presents. While the damage that can be done has not yet been evident, Trusteer’s prediction is that it will become apparent over the next 12 months. Its belief is that many organisations will spend 2012 fighting flames, backtracking and perhaps having to withdraw these services.

Searching for security solutions that can turn the table on cyber criminals and maintain the upper hand requires a closer look at the shared attack vectors of successful cyber crime schemes. First, malware residing on the machine abuses the trust a user places in the browser and the rendered site, through which fraudsters can initiate an endless number of social engineering attack variations. Second, malware that has free access to application and system resources will eventually leverage technology and social engineering to penetrate any security control.

Cybercrime will eventually prevail if malware is allowed to infect machines and remain undetected and uninterrupted. Over time cybercrime prevention can simply not coexist with malware infected machines. Consequently, effective sustainable security requires cyber crime intelligence that identifies new malware attack and infection behaviours, complemented by the ability of the security control (technology and process) to quickly adapt to and defeat new threats. Forewarned is forearmed, and you’ve been warned.

SHARETweet about this on TwitterShare on LinkedInShare on FacebookShare on Google+Pin on PinterestDigg thisShare on RedditShare on TumblrShare on StumbleUponEmail this to someone

Prior to founding Trusteer, Amit Klein was Chief Scientist at Cyota (acquired by RSA Security) a leading provider of layered authentication solutions. In this role, Amit researched technologies that prevent online fraud, phishing, pharming, He filed several patents in those areas during his time at Cyota. Prior to Cyota, Amit worked as Director of Security and Research at Sanctum (acquired by Watchfire) where he was responsible for the security architecture of all Sanctum products. Prior to Sanctum, Amit spent almost 7 years serving in the Israeli Army as a research officer and project manager. He is a graduate of the prestigious Talpiot programme of the Israeli Army. He holds a B.Sc. (cum laude) in Mathematics and Physics from the Hebrew University (Jerusalem). Amit is also a world renowned security researcher, having published over two dozen articles, papers and technical notes on the topic of Internet security.