Fewer new threats were reported in the first quarter of this year, compared to last year, but attackers are moving with the times, according to McAfee’s latest threat report.
Security vendor McAfee received 3.75 million reports of new threats and exploits in the first quarter of 2010, compared with four million in the same period last year. However, within the threats reported, targeted attacks on companies grew, as did phishing attacks built on current events such as volcanos and earthquakes.
The attacks that happen are more likely to be targetted, like the Operation Aurora event from China which hit Google and others in January, he said.
More widespread phishing attacks have used news events to hit users in vulnerable spots, he said, in particular right now, a series of social-engineering phishing emails, which purport to offer income tax rebates to UK residents.
Previous phishing scams have addressed news items such as the volcanic ash cloud and the Haiti earthquake – where phishers got four million downloads in ten days – and the launch of the iPad. Although most people are wise to them, enough still succumb to make it worth the villains’ while, said Day.
Another growth area is bogus security solutions, said Day: “That is the fourth most common submission we saw in the quarter. It’s a grey area, because people are downloading it and agreeing to pay money for it.” In some cases it’s software that is not fit for purpose, and sold on through third parties.
There’s an element of nostalgia in the top security threat of the quarter though, said Day. USB worms like Conficker “spread in the old style, through portable media.” This is finally going to make businesses listen to the “smarter people” who have been telling them to lock down USB drives for a long while, and at least turn off Autorun, he said. “Businesses have left this one because of the cost of user education, but now the tide is turning. We only change our behaviour when forced to do so.”
According to the report, spam email subjects vary greatly from country to country, with diploma spam [selling fake qualification certificates] on the rise out of China and other Asian countries. Other attacks included poisoned web searches, and new malicious URLs – usually hosted in the US.
One very interesting development, Day reports, is an apparent breach of the Captcha system that prevents robots abusing websites. According to a US newspaper report, an attacker managed to buy $29 million (£20m) worth of restricted tickets for Bruce Springsteen and other concerts by using a bot to buy them quicker than humans could.
For a copy of the Q1 2010 Threats Report, please visit McAfee.
Suspended prison sentence for Craig Wright for “flagrant breach” of court order, after his false…
Cash-strapped south American country agrees to sell or discontinue its national Bitcoin wallet after signing…
Google's change will allow advertisers to track customers' digital “fingerprints”, but UK data protection watchdog…
Welcome to Silicon In Focus Podcast: Tech in 2025! Join Steven Webb, UK Chief Technology…
European Commission publishes preliminary instructions to Apple on how to open up iOS to rivals,…
San Francisco jury finds Nima Momeni guilty of second-degree murder of Cash App founder Bob…