04 PHISHING AND PHARMING
Sophos' Nicholson said phishing wasn't going away anytime soon - if anything, attacks are going to get more serious as phish smarten up. Website spoofing is expected to get more convincing, while phish emails are already ditching some of the amateur spellings and poor-quality emulations that made early versions easy to pick for the reasonably savvy punter.
Cyber criminals may soon plant phishing hooks on real banking websites, for example, that mimic a link on that page but take users to a spoofed version where they can be relieved of their credit card numbers and personal details.
According to Trend Micro's Biviano and May, Java applets can sit behind the website and do harm without users noticing a difference. Web-based threats are now the tool of choice for malware writers.
"You'll see emails that comes with a URL you click on, that will use the same sort of social engineering we've seen in the past," Biviano said.
"The industry is evolving to target attacks more precisely - at executives in the organisation, for example," May added. Biviano said 88 per cent of recent malware incidents were Web-based and many of these bot-related.
Email protection such as Trend Micro's WebMarshal Gateway can help screen phish. Meanwhile, vendors and resellers are offering services that help tackle the problem.
"We're now seeing a lot of banks doing two- and three-factor identification to get onto their websites and so forth. And we have phish alerts letting them know when they've been compromised," Nicholson said.
Other than that, the best defence against phish remains customer education - coupled with constant vigilance for small changes in website details or a company's practises online. And that will get increasingly difficult as the phishers' tactics get more sophisticated.
The annual McAfee Virtual Criminology Report is based on input from NATO, the FBI, the Serious Organised Crime Agency, and various groups and universities. The report for 2008 found:
• Governments and allied groups are using the Internet for cyber spying and cyber attacks.
• Targets include critical national infrastructure network systems such as electricity, air traffic control, financial markets and government computer networks.
• 120 countries are now using the Internet for Web espionage operations.
• Many cyber attacks originate from China, and the Chinese government has publicly stated that it is pursuing activities in cyber espionage.
• Cyber assaults have become more sophisticated in their nature and are designed to specifically slip under the radar of government cyber defences.
• Attacks have progressed from initial curiosity probes to well-funded and well-organised operations for political, military, economic and technical espionage.
Threats to personal data and online services include:
• Genetically modified 'super' threats: A new level of complexity in malware. These super-strength threats may be more resilient, modified repeatedly like recombinant DNA, and contain sophisticated functionality such as encryption draw. The Nuwar or Storm Worm was the first example, and McAfee predicts more in 2008.
• New technology, new threats - vishing and phreaking: There have been several high-profile 'vishing' (phishing via VoIP) and 'phreaking' (hacking into telephone networks to make long distance phone calls) attacks. In Japan, 50 per cent of all data breaches have been via peer-to-peer software. Cybercriminals will look for ways to exploit the popularity of applications on social networking sites such as MySpace and Facebook.
• A run on banks: Cyber attacks could destroy public trust in online banking and slow e-commerce. Critics believe online banking security will not be effective or fast enough.
• The underground economy already includes specialised auction sites, product advertising and support services, and competition is so fierce that 'customer service' has become a specific selling point.
• The cost of renting a spamming platform has fallen. Criminals can now buy custom-written trojans aimed at stealing credit card data.
• The 'white market' to buy and sell software flaws - back-door vulnerabilities with no available patch - is fuelling a virtual arms trade. Software flaws can fetch up to $US75,000. www.mcafee.com/www.avertlabs.com/research/blog/