Fewer new threats were reported in the first quarter of this year, compared to last year, but attackers are moving with the times, according to McAfee’s latest threat report.
Security vendor McAfee received 3.75 million reports of new threats and exploits in the first quarter of 2010, compared with four million in the same period last year. However, within the threats reported, targeted attacks on companies grew, as did phishing attacks built on current events such as volcanos and earthquakes.
The attacks that happen are more likely to be targetted, like the Operation Aurora event from China which hit Google and others in January, he said.
More widespread phishing attacks have used news events to hit users in vulnerable spots, he said, in particular right now, a series of social-engineering phishing emails, which purport to offer income tax rebates to UK residents.
Previous phishing scams have addressed news items such as the volcanic ash cloud and the Haiti earthquake – where phishers got four million downloads in ten days – and the launch of the iPad. Although most people are wise to them, enough still succumb to make it worth the villains’ while, said Day.
Another growth area is bogus security solutions, said Day: “That is the fourth most common submission we saw in the quarter. It’s a grey area, because people are downloading it and agreeing to pay money for it.” In some cases it’s software that is not fit for purpose, and sold on through third parties.
There’s an element of nostalgia in the top security threat of the quarter though, said Day. USB worms like Conficker “spread in the old style, through portable media.” This is finally going to make businesses listen to the “smarter people” who have been telling them to lock down USB drives for a long while, and at least turn off Autorun, he said. “Businesses have left this one because of the cost of user education, but now the tide is turning. We only change our behaviour when forced to do so.”
According to the report, spam email subjects vary greatly from country to country, with diploma spam [selling fake qualification certificates] on the rise out of China and other Asian countries. Other attacks included poisoned web searches, and new malicious URLs – usually hosted in the US.
One very interesting development, Day reports, is an apparent breach of the Captcha system that prevents robots abusing websites. According to a US newspaper report, an attacker managed to buy $29 million (£20m) worth of restricted tickets for Bruce Springsteen and other concerts by using a bot to buy them quicker than humans could.
For a copy of the Q1 2010 Threats Report, please visit McAfee.
OpenAI reportedly begins early talks with California attorney general over complex transition from nonprofit to…
European Commission says it will review Apple's iPad compliance with DMA rules as it seeks…
James Dyson delivers most high-profile criticism so far of Labour's first Budget that raises £40bn…
Nvidia, Meta bring cases before US Supreme Court this month seeking tighter limits on investors'…
Nvidia to replace Intel this week on Dow Jones Industrial Average after years of turmoil…
Joby Aviation and Toyota Motor complete demonstration flight in Shizuoka as companies prepare to bring…