Fewer new threats were reported in the first quarter of this year, compared to last year, but attackers are moving with the times, according to McAfee’s latest threat report.
Security vendor McAfee received 3.75 million reports of new threats and exploits in the first quarter of 2010, compared with four million in the same period last year. However, within the threats reported, targeted attacks on companies grew, as did phishing attacks built on current events such as volcanos and earthquakes.
The attacks that happen are more likely to be targetted, like the Operation Aurora event from China which hit Google and others in January, he said.
More widespread phishing attacks have used news events to hit users in vulnerable spots, he said, in particular right now, a series of social-engineering phishing emails, which purport to offer income tax rebates to UK residents.
Previous phishing scams have addressed news items such as the volcanic ash cloud and the Haiti earthquake – where phishers got four million downloads in ten days – and the launch of the iPad. Although most people are wise to them, enough still succumb to make it worth the villains’ while, said Day.
Another growth area is bogus security solutions, said Day: “That is the fourth most common submission we saw in the quarter. It’s a grey area, because people are downloading it and agreeing to pay money for it.” In some cases it’s software that is not fit for purpose, and sold on through third parties.
There’s an element of nostalgia in the top security threat of the quarter though, said Day. USB worms like Conficker “spread in the old style, through portable media.” This is finally going to make businesses listen to the “smarter people” who have been telling them to lock down USB drives for a long while, and at least turn off Autorun, he said. “Businesses have left this one because of the cost of user education, but now the tide is turning. We only change our behaviour when forced to do so.”
According to the report, spam email subjects vary greatly from country to country, with diploma spam [selling fake qualification certificates] on the rise out of China and other Asian countries. Other attacks included poisoned web searches, and new malicious URLs – usually hosted in the US.
One very interesting development, Day reports, is an apparent breach of the Captcha system that prevents robots abusing websites. According to a US newspaper report, an attacker managed to buy $29 million (£20m) worth of restricted tickets for Bruce Springsteen and other concerts by using a bot to buy them quicker than humans could.
For a copy of the Q1 2010 Threats Report, please visit McAfee.
Boeing Starliner space capsule set for first crewed flight into orbit after years of delays,…
Google clashes with US Justice Department in closing arguments as government argues Google used illegal…
Prominent Stanford University AI scientist Fei-Fei Li reportedly completes funding round for start-up based on…
Apple shares surge on optimism that new AI-focused hardware launches will drive renewed sales, starting…
Biden vetoes Republican-backed measure amidst dispute over 'joint employer' status for contract workers, affecting tech…
Lawyers in US social media addiction action say strict controls on Douyin in China show…