Is Economic Turmoil Really Driving Threats?
Security researchers are starting to hammer home the idea that the current economic climate is resulting in higher volumes of malware and phishing attacks.
As threats have continued to increase in overall numbers at a fairly consistent rate for many years now, I'm still not quite sold on the whole concept, but it is an interesting theory to consider.
Last month, Panda issued a pair of reports tying recent increases in malware frequency to specific trends in the banking segment, stock markets and the passage of the U.S. federal bailout bill.
Now threat monitoring specialist Cyveillance is hopping on the bandwagon and submitting that phishing campaigns are also increasing in direct relation to the economic fallout.
The company is reporting that over the last 60 days it has observed a "significant increase" in the sheer quantities of phishing attacks that it is observing, and the researchers are relating the gains directly to economic events.
For instance, in the first quarter of 2008, Cyveillance reported that it typically saw an average of roughly 400 attacks per day. However, in the past month, the firm has seen an average of more than 1,750 campaigns, with some record-level days that rose as high as 13,209 attacks in a 24-hour period.
Over the course of the entire first half of 2008, the company found that attacks increased steadily, with an average of 400 to 500 per day in Q1, and spikes in activity sometimes reaching nearly 1,000 per day.
Things cooled off during the summer, which is interesting in terms of the larger theory being presented, since financial markets were already beginning to tank, driven largely by the discount mortgage crisis.
However, since early September, when the economic crisis really began to blossom, Cyveillance analysts said there have been noticeable gains in phishing threats and maintain that the market uncertainty has indeed been a significant driver.
But the research ends there unfortunately, so, for now, it would seem to merely be an emerging theory.
- Are the attacks coming faster because, as Panda postulated, there are fewer massive banks to target?
- Are attackers launching more phishing schemes that are themed around the financial downturn?
- Have attacks peaked on the days when the more dire market activity occurred or when some terrible economic news was reported?
- Are areas of the world the most adversely affected by the financial problems generating more threats? (Say, Wall Street perhaps?)
My working theory is something like this:
Since the economy is in a downturn, more people are turning to crime in general since they cannot find other means of income, and, maybe, this is indeed trickling into the world of cyber-crime.
I've seen local police reports recently stating that gains in activities such as petty theft and auto theft are in fact tied to joblessness and economic insecurity.
And that makes sense for obvious reasons.
But are the same types of people who want to steal your car radio the same types of people who know how to craft malware and phishing threats?
It's a novel idea, and I guess that only time will tell if it's correct.
But as I've said before, it's also hard to argue that attacks will continue to proliferate rapidly either way.
Matt Hines has been following the IT industry for over a decade as a reporter and blogger, and has been specifically focused on the security space since 2003, including a previous stint writing for eWEEK and contributing to the Security Watch blog. Hines is currently employed as marketing communications manager at Core Security Technologies, a Boston-based maker of security testing software. The views expressed herein do not necessarily represent the views of Core Security, and neither the company, nor its products and services will be actively discussed in the blog. Please send news, research or tips to SecurityWatchBlog@gmail.com.