1. New Malware Variants or Families of Threats: Attackers have shifted away from mass distribution of a small number of threats to micro distribution of large families of threats. These new strains of malware consist of millions of distinct threats that mutate as they spread rapidly. The Trojan.Farfli, which was first discovered in July 2007 is one such family of threats that has exhibited these characteristics.
2. Fake and Misleading Applications: Fake security and utility programs, also known as "scareware" promise to secure or clean up a user's computer. These programs are installed along with a Trojan horse program, produce false or misleading results, and hold the affected PC hostage until the user pays to remedy the pretend threats.
3. Web-based Attacks: Trusted Web sites are the focus of a large portion of malicious activity. In 2008, Symantec has observed that the Web is now the primary conduit for attack activity.
4. Underground Economy: The Underground Economy has matured into an efficient, global marketplace in which stolen goods and fraud-related services worth billions of dollars are regularly bought and sold. From July 2007 to June 2008, Symantec researchers found the value of total advertised goods on underground economy servers observed was more than $276 million.
5. Data Breaches: The continued high volume of data breaches underscored the importance of data loss prevention technologies and strategies. With mergers, acquisitions and layoffs more common in today's economic climate, data loss prevention becomes increasingly important in protecting the sensitive information, including intellectual property, of a company.
6. Spam: "Two years from now, spam will be solved," said Bill Gates in 2004. In 2008, we were seeing spam levels at 76 percent until the McColo incident in November 2008, at which time spam levels dropped 65 percent. While antispam filters have become more sophisticated in the last year, and spam threats have emerged and dissipated, it is clear that spammers are not giving up the spam fight.
7. Phishing: Phishing continued to be active in 2008. Attackers are using current events such as the 2008 US presidential election to make their "bait" more convincing and employing more efficient attacking techniques and automations. Phishing tookits also continue to contribute to the problem.
8. Browser or Plug-in Vulnerabilities: Site-specific vulnerabilities are often used in association with browser plug-in vulnerabilities, which are useful for conducting sophisticated Web-based attacks.
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment