CA Predicts More Attacks on Experienced Users
Published on Jan. 25, the CA 2007 Internet Threat Outlook highlights the most pressing online security trends projected to have an impact over the next 12 months by researchers at the IT systems management and authentication applications provider.
According to the CA Security Advisor Team, malware writers will continue to blend multiple threat formats and utilize new, covert distribution methods in 2007, making it harder for even the most informed users to discern the difference between legitimate content and attacks.
CA, based in Islandia, N.Y., said malware brokers will continue to piece together threats such as Trojan horse viruses, worms and the many forms of spyware to hide their attacks and evade technological defenses employed by both enterprises and consumers. With the level of professionalism rising quickly among the most sophisticated virus distributors, CA predicts that zero-day exploits, drive-by malware downloads and extremely intricate phishing schemes will continue to become more dangerous and harder to detect.
Of particular danger to PC users will be blended threats that combine different elements of the various attack models, such as spam-borne Trojans and cross-site scripting code loaded onto legitimate Web sites, which go to greater lengths to cloak their activity on PCs and circumvent anti-virus systems.
According to the CA report, Trojan viruseswhich load small, hard-to-find programs onto PCs and then call out to external sources to pull additional malware threats onto the infected deviceaccounted for 62 percent of all malware in 2006, while wormswhich specialize in propagating themselves from one machine to anotherrepresented 24 percent of attacks.
In a prelude to the types of threats CA expects to encounter over the next year, 2006 also marked the first time that researchers tracked a spyware program that used a so-called zero-day exploit to take advantage of vulnerabilities previously unidentified by software vendors or security researchers. The term "zero day" comes from the idea that users are unable to prepare for attacks on such vulnerabilities before they arrive, unlike in the case of malware that takes aim at known product flaws.
The research report contends that phishersproprietors of fraudulent Web sites designed to look like legitimate URLswill also become more sophisticated in 2007.
Phishers will replace the spam e-mails advertising Viagra or mimicking online banking communications that they have traditionally used to trick people into visiting their sites with new social engineering ploys, fooling new legions of consumers into swallowing the bait, CA said. For example, phishers may use messages that mirror common administrative e-mails such as e-mail delivery failure notices.
After slowing slightly during 2005, spam volume increased more rapidly again in 2006, powered largely by botnets, the networks of compromised PCs used to send spam through an ever-shifting list of IP addresses. CA predicts that along with continued adoption of botnets to distribute spam, attackers will also continue to use image spamwhich hides the content of the e-mails in graphics files to evade filtering applicationsand to load more of their messages with Trojan programs.
Attacks targeted at specific companies or individuals are also expected to increase next year, according to the report, as criminals look for new ways to aim their threats at potentially lucrative subjects. From keystroke-logging programs, which spy on users Web travels and attempt to steal passwords and other protected data, to one-off insider threats crafted by privileged users who know best how to exploit corporate security loopholes at their own companies, such targeted threats are expected to continue to proliferate.
Another type of targeted threat expected to grow in popularity is ransomware, through which attackers seek to take over or encrypt important files and then demand payment from the contents owners to release the information. In addition to using more complex methods of obscuring the data involved in such attacks, criminals have found new ways to collect their payments while staying out of view of law enforcement officials, CA researchers said.
Kernel rootkits, which cloak their activity by replacing a portion of a programs software kernel with modified code, are also expected to continue to be big in 2007. While rootkit-fighting technologies such as the PatchGuard kernel protection system built into 64-bit versions of Microsofts new Windows Vista operating system are arriving, most PC users will still be left open to the attacks over the next twelve months, CA said.
Researchers are predicting that malware threats that take advantage of vulnerabilities in popular applications will continue to dominate the enterprise security landscape. As users are increasingly adopting tools for stopping traditional viruses such as those delivered via e-mail, hackers will continue to aim their efforts at finding and exploiting application-level flaws, the report said.
Finally, CA said hackers will continue to ramp up efforts to poison search engine rankings and to perpetrate click-fraud on advertising networks. By creating malware-laden sites that appear near the top of search results, including pages that mimic legitimate sites and URLs that are typos of popular Web destinations, CA said, attackers will continue to successfully target both experienced and new Web surfers.