A significant growth in cyber crime can be attributed to increasingly sophisticated targeted attacks, social media scams, and malicious email attachments, according to security vendor, M86.
In its latest bi-annual investigation, titled M86 Security Labs Report, the security vendor found that despite a four-year low in spam volumes last year, attacks using stolen digital certificates, fraudulent social media scams and the Blackhole exploit kit dominated the security space.
While M86 vice-president of technical strategy, Bradley Anstis, admits that people already know that cyber criminals are becoming more adept at circumventing mainstream security solutions, they are only now starting to realise that more and more fraud is being perpetrated through social networking sites and mobile devices.
“It is imperative for organisations to educate their users and complement their reactive protection with proactive, real-time technologies to enhance their security posture," he said.
Despite the positive news that spam levels have declined, the downside M86 found was that the proportion of malicious spam had actually increased from one per cent to five per cent in the last half of the year.
Key findings in the report included the observation that critical national infrastructure is being targeted, with confirmed attacks on RSA, Lockheed Martin and the Asia-Pacific Economic Cooperation (APEC) in 2011, and stolen digital certificates being increasingly employed for successful targeted attacks.
M86’s report also highlighted that social media is becoming inundated with fraudulent posts and scams that capitalise on user trust and familiarity.
They include bogus social media notifications that dupe users into clicking on infected links or share posts for “rewards” or “gift cards” with their friends.
The Blackhole exploit kit gained prominence in the exploit kits market in late 2011. Its authors continue to update it frequently, adding new ways to evade detection.
"Many of the trends we forecast in our 2011 predictions report, such as the increased use of stolen digital certificates in targeted attacks, have occurred,” Anstis said.
“Our goal is to help organisations preempt these complex attacks before malware has a chance to infiltrate networks and cause very real damage."