Spam Declined, Trust-Based Malware Increased in 2010: Cisco Survey

Spam volumes decreased dramatically even as users fell for increasingly sophisticated social-engineering scams in 2010, according to Cisco’s Annual Security Report, released Jan. 20.

Last year will be known as the “year the tide turned” for spam, Henry Stern, Cisco senior security researcher, told eWEEK. Despite increases in several developed countries, such as the United Kingdom, Spain, Germany and France, global spam volume actually dropped in 2010.

Spam volume in the United States was almost unchanged, but the United Kingdom saw almost a 115 percent increase, according to the report. In contrast, Brazil, China and Turkey, countries with some of the highest spam volumes in 2009, saw significant declines. Turkey dramatically slashed spam volume by almost 95 percent, and Brazilian ISPs reduced their spam by nearly half by restricting access to Port 25, according to the report.

“It was the first year ever in the history of spam that global volumes declined,” and there were a number of factors that contributed to the drop, said Stern. The increasing success of law enforcement in shutting down cyber-crime gangs, such as the joint effort between the U.S. and U.K. authorities to arrest a criminal operation using the Zeus Trojan, meant there were fewer botnets operating, Stern said.

The closure of spam network Spamit in October also reduced the amount of fake pharmaceutical spam, said Stern. Security vendors are also becoming more proactive and aggressive about auto-updating their products with the latest spam filters so spam was being blocked more effectively, Stern said. Users may not notice the global decline because the security products have been so effective in keeping spam out of the inbox, he said.

However, there were still plenty of areas of concern in 2010, Stern said. Cyber-criminals increasingly turned to new types of malware that exploited people’s trust, tricking users into handing over login and password information. Users also clicked on infected links in e-mail messages with hacked e-mail addresses that make them look like they are safe because it’s from a friend. Criminals are also hacking trusted sites to trick users into downloading malware, according to the report.

“Miscreants are continuing to find new and creative ways to exploit network, system and even human vulnerabilities to steal information or do damage,” said John N. Stewart, vice president and chief security officer at Cisco.

Criminals also spent more time figuring out how to steal identities in 2010, according to the report. Some tactics included hacking into e-mail accounts to send out “trusted” messages, hijacking Facebook and Twitter accounts to send out malicious links and convincing users to download applications on social networks like Facebook to see something exciting or interesting. This tactic is likely to increase in 2011, the report concluded.

“Road-tested” techniques, such as scareware, click fraud and spyware remained “cash cows” for cyber-criminals in 2010 and would continue to be so in 2011, according to the report. Cyber-criminals will continue to invest in phishing scams as well as malware kits, like the Zeus Trojan, the researchers found.

In addition it appears that in 2011, cyber-criminals will expand their money-laundering operations using so-called “mules” to transport money from one country to another, said Stern. While many money mules are part of the criminal enterprise, a growing number of them are scammed by clicking on spam or responding to work-from-home job advertisements, the report found. While money mules often are asked to just move funds from various bank accounts, there are a growing number of re-shipping scams, where criminals used stolen credit card numbers to legally purchase merchandise, which they resold to others, said the researchers.

In what may be good news for Microsoft, if not for anyone else, cyber-criminals may be turning to other platforms to exploit and make money because the improved security in Windows 7 makes it “tougher” to “infiltrate” networks and applications and files, according to the report. “Having reached the Windows vulnerability ‘tipping point,’ they have moved on,” to other operating systems, services and mobile devices, the security team wrote in the report. Scams in 2010 targeted select groups of mobile users, such as customers of a specific bank or specific smartphone applications, the report found.

With the increasing trend of enterprises using mobile devices, there are “even more opportunities for intrusions and theft,” Cisco wrote.